What's new

DNSCrypt-Proxy version 2 and STUBBY add-ons for R7800/R9000

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I was using version 1.0.3 due to issues with WiFi 2.4 going up and down at the time, figured out running at 800 mode on the 2.4 band was the issue and changed setting to 347 after I confirmed that was resolved I updated to 1.0.4 all good now. I will bookmark the firmware thread so I can keep updated. As always thank you

Mark
 
Hi. I have installed version 63 of the firmware and enabled dnscrypt on my R7800 router. I would like to edit the toml file , but I have no idea how to do that. I assume that I would need to download it to my computer and edit it in a text editor and then copy it back to my router to overwrite the old file. I have tried to figure out how to do that using telnet, but from what I have read, the purpose of telnet is not to transfer files. Can someone explain how to do this? Thank you.

Kris
DNSCrypt-Proxy 2

About:

This is DNSCrypt-proxy version 2 add-on for Netgear R7800 X4S running Voxel firmware.
More detailed info re: DNSCrypt:
https://dnscrypt.info/

Installation:
1. Enable telnet:
http://routerlogin.net/debug.htm

2. Login to the router using telnet:
Code:
telnet routerlogin.net

3. Download the two installation packages:
Code:
wget --no-check-certificate https://www.voxel-firmware.com/Downloads/Voxel/R7800-Voxel-firmware/DNSCrypt-Proxy-2/ca-certificates_20180409_all.ipk
wget --no-check-certificate https://www.voxel-firmware.com/Downloads/Voxel/R7800-Voxel-firmware/DNSCrypt-Proxy-2/dnscrypt-proxy-2_2.0.16-1_ipq806x.ipk

4. Install both of them:
Code:
/bin/opkg install ca-certificates_20180409_all.ipk
/bin/opkg install dnscrypt-proxy-2_2.0.16-1_ipq806x.ipk

5. Enable dnscrypt-proxy-2 init script (to start it automatically after reboot):
Code:
/etc/init.d/dnscrypt-proxy-2 enable

6. Reboot your router:
Code:
reboot

or start the daemon manually:
Code:
/etc/init.d/dnscrypt-proxy-2 start

Log file is /var/log/dnscrypt-proxy-2.log. Check it if something is wrong.

Configuration (optional):
You may customize your config file of DNSCrypt-proxy-2 (/etc/dnscrypt-proxy-2.toml). It contains very detailed comments inside re: what to do. Probably most interesting is to choose concrete public servers from this list:

https://dnscrypt.info/public-servers

i.e. line in the file:
Code:
# server_names = ['scaleway-fr', 'google', 'yandex', 'cloudflare']

Uninstall:
Code:
/etc/init.d/dnscrypt-proxy-2 stop
/etc/init.d/dnscrypt-proxy-2 disable
/bin/opkg remove dnscrypt-proxy-2

NOTE: it is recommended to disable dnscrypt-proxy version 1 if it is already used. I.e. to remove /etc/ dnscrypt.conf file if it exists.

STUBBY

About

Stubby is an application that acts as a local DNS Privacy stub resolver (using DNS-over-TLS). Stubby encrypts DNS queries sent from a client machine (desktop or laptop) to a DNS Privacy resolver increasing end user privacy.

Installation:

R7800
https://www.voxel-firmware.com/Downloads/Voxel/R7800-Voxel-firmware/Stubby/readme.txt

R9000
https://www.voxel-firmware.com/Downloads/Voxel/R9000-Voxel-firmware/Stubby/readme.txt

Voxel.
 
You can use ftp to transfer the file from/t the router, or simply by
editing the file with the built-in editor "vi":

Login with telnet and do this (Everything on a line including "#" is a comment and shall not be typed!)
vi /etc/dnscrypt-proxy-2.toml
#Use the down arrow key go to line 30: server_names = ['cloudflare', 'ipredator', 'scaleway-fr', 'dnscrypt.eu-nl', 'dnscrypt.eu-dk']
a # set editor in insert mode
#Use the right/left arrow keys to move on the line
#Use the Delete/Backspace keys to delete a character under the cursor/the left of the cursor
#Add servers by typing their names within single quote as originally
<esc>:x<return> # to save changes and exit editor. <esc> is the Esc-key. <return> is the Return-key

# Done!
# If you want to restore original file, issue this command:
\cp -p /rom/etc/dnscrypt-proxy-2.toml /etc/dnscrypt-proxy-2.toml


I would like to edit the toml file , but I have no idea how to do that.
Can someone explain how to do this? Thank you.
Kris
 
You can use ftp to transfer the file from/t the router, or simply by
editing the file with the built-in editor "vi":

Login with telnet and do this (Everything on a line including "#" is a comment and shall not be typed!)
vi /etc/dnscrypt-proxy-2.toml
#Use the down arrow key go to line 30: server_names = ['cloudflare', 'ipredator', 'scaleway-fr', 'dnscrypt.eu-nl', 'dnscrypt.eu-dk']
a # set editor in insert mode
#Use the right/left arrow keys to move on the line
#Use the Delete/Backspace keys to delete a character under the cursor/the left of the cursor
#Add servers by typing their names within single quote as originally
<esc>:x<return> # to save changes and exit editor. <esc> is the Esc-key. <return> is the Return-key

# Done!
# If you want to restore original file, issue this command:
\cp -p /rom/etc/dnscrypt-proxy-2.toml /etc/dnscrypt-proxy-2.toml

Thank you for this information! I will work on this later today. Take care.
 
I have configured dnscrypt on the Voxel firmware but I can't get black lists working.. removed the # from the blacklists.txt file in the config file but it doesn't block anything inside the file. Any ideas?
 
Can you show relevant part of the file?
What editor and operating system do you use to edit the file?

I have configured dnscrypt on the Voxel firmware but I can't get black lists working.. removed the # from the blacklists.txt file in the config file but it doesn't block anything inside the file. Any ideas?
 
Can you show relevant part of the file?
What editor and operating system do you use to edit the file?

It's Voxels firmware running on a Netgear R7800
-> Enable Telnet
-> Telnet in using putty.
-> You then get a Busybox 1.4.2 environement.
-> I have edited the files using VI
-> I have also populated the blacklist.txt file using the code from -> https://www.snbforums.com/threads/h...mvps-hosts-file-with-dnscrypt-proxy-v2.49803/
-> I have created a dnscrypt.conf under /etc/ per Voxels instructions which simply has the word 'cisco' in it for OpenDNS. (Tested using dns leak test page)

This is the section of dnscrypt-proxy-2.toml
Both files located in /etc/


Code:
#        Pattern-based blocking (blacklists)        #
######################################################

## Blacklists are made of one pattern per line. Example of valid patterns:
##
##   example.com
##   =example.com
##   *sex*
##   ads.*
##   ads*.example.*
##   ads*.example[0-9]*.com
##
## Example blacklist files can be found at https://download.dnscrypt.info/blackl
## A script to build blacklists from public feeds can be found in the
## `utils/generate-domains-blacklists` directory of the dnscrypt-proxy source co

[blacklist]

  ## Path to the file of blocking rules (absolute, or relative to the same direc

blacklist_file = 'blacklist.txt'

  ## Optional path to a file logging blocked queries
- dnscrypt-proxy-2.toml 371/529 70%


This is a sample of the blacklist.txt


Code:
m.fr.a2dfp.net
mfr.a2dfp.net
ad.a8.net
asy.a8ww.net
static.a-ads.com
abcstats.com
a.abv.bg
adserver.abv.bg
adv.abv.bg
bimg.abv.bg
ca.abv.bg
track.acclaimnetwork.com
achmedia.com
csh.actiondesk.com
ads.activepower.net
ad.activesolutions.cz
app.activetrail.com
traffic.acwebconnecting.com
office.ad1.ru
cms.ad2click.nl
ad2games.com
content.ad20.net
- blacklist.txt 2/12071 0%
 
What is the best way to run the "generate-domains-blacklist.py" on a daily basis to pick up updates? I'm assuming as a cronjob? How do I ensure the cronjob persists between reboots/updates/upgrades/etc?
 
Cron job instruction:
#5. Create your cron job, to update mvps list every morning at 4 am
https://www.snbforums.com/threads/h...ile-with-dnscrypt-proxy-v2.49803/#post-446156

You have to install the cron job again after you upgrade the router firmware.

What is the best way to run the "generate-domains-blacklist.py" on a daily basis to pick up updates? I'm assuming as a cronjob? How do I ensure the cronjob persists between reboots/updates/upgrades/etc?
 
You have to install the cron job again after you upgrade the router firmware.

Those are the instructions I based my cron job after. I just didn't know if it was the best way to ensure it persisted through reboots.

Thx
 
I am using dnscrypt-proxy since stubby is not supporting blacklisting and noticed that after some time name resolution stops working. If anybody will face similar issue here is the remedy to be placed in /etc/rc.local file:
Code:
t=$(while true; do T=$(logger "DNSCrypt service validation";ping -c2 -q 1.1.1.1 && nslookup google.com || (/etc/init.d/dnscrypt-proxy-2 restart; logger "dnscrypt service restarted")); sleep 60; done) &
Thank you so much for sharing this. For some reason dnscrypt-proxy-2 wasn't running on my R9000 when I checked this morning. I tried to look at the log to see why, but no log was found. I take it this means dnscrypt-proxy-2 didn't even attempt to start at rebooting my R9000 last?
Code:
root@R9000:~$ cat /var/log/dnscrypt-proxy-2.log
cat: /var/log/dnscrypt-proxy-2.log: No such file or directory
 
What is the result of the following commands?
nvram show | grep dnsc
/etc/init.d/dnscrypt-proxy-2 restart

Thank you so much for sharing this. For some reason dnscrypt-proxy-2 wasn't running on my R9000 when I checked this morning. I tried to look at the log to see why, but no log was found. I take it this means dnscrypt-proxy-2 didn't even attempt to start at rebooting my R9000 last?
Code:
root@R9000:~$ cat /var/log/dnscrypt-proxy-2.log
cat: /var/log/dnscrypt-proxy-2.log: No such file or directory
 
If you are using both Mybase and MVPS, the blacklist is really huge.
Maybe you can supervise the memory usage. It might e.g. be a memory leak in the dnscrypt-proxy-2 program.
Thank you so much for sharing this. For some reason dnscrypt-proxy-2 wasn't running on my R9000 when I checked this morning. I tried to look at the log to see why, but no log was found. I take it this means dnscrypt-proxy-2 didn't even attempt to start at rebooting my R9000 last?
Code:
root@R9000:~$ cat /var/log/dnscrypt-proxy-2.log
cat: /var/log/dnscrypt-proxy-2.log: No such file or directory
 
I am not using both mybase and mvps... only mybase

There would have been a dnscrypt-proxy-2.log file in /var/log/ if dnscrypt had started and crashed, correct? There wasn't a log file. /var/log is actually /tmp/log, correct? And, /tmp is cleared out after every reboot, correct? That's why I stated dnscrypt-proxy-2 must not have even attempted to start after my last reboot. This is why I am perplexed.

BTW, all the following work:

/etc/init.d/dnscrypt-proxy-2 restart
/etc/init.d/dnscrypt-proxy-2 start
/etc/init.d/dnscrypt-proxy-2 stop

...I've being using dnscrypt for about a month... basically ever since I started using Voxel's firmware.

percy3's addition to rc.local should prevent this from happening again, for whatever reason, correct?

Also, I have 192.168.75.1 (IP of my router) entered as my Primary DNS in BASIC->Internet. I have no Secondary or Third DNS populated. I do this because Voxel's dnscrypt-proxy-2 implementation reverts to these values for DNS when dnscrypt-proxy-2 isn't running (has been stopped, etc). I don't like this as stopping dnscrypt-proxy is the #1 way to test if dnscrypt-proxy is running, etc.

Anyway, since 192.168.75.1 couldn't resolve anything when I got online this morning I knew something was wrong. I do wish I knew why dnscrypt-proxy wasn't running after I rebooted my router last night right before I went to bed, but at least I have a fix/workaround.
 
After manually starting dnscrypt still no log file? Anyway /tmp/log shouldn't be purged with every restart.
You can try:
/etc/init.d/dnscrypt-proxy-2 disable
/etc/init.d/dnscrypt-proxy-2 enable
Also doublecheck if dnscrypt is properly set in nvram.

I am not using both mybase and mvps... only mybase

There would have been a dnscrypt-proxy-2.log file in /var/log/ if dnscrypt had started and crashed, correct? There wasn't a log file. /var/log is actually /tmp/log, correct? And, /tmp is cleared out after every reboot, correct? That's why I stated dnscrypt-proxy-2 must not have even attempted to start after my last reboot. This is why I am perplexed.

BTW, all the following work:

/etc/init.d/dnscrypt-proxy-2 restart
/etc/init.d/dnscrypt-proxy-2 start
/etc/init.d/dnscrypt-proxy-2 stop

...I've being using dnscrypt for about a month... basically ever since I started using Voxel's firmware.

percy3's addition to rc.local should prevent this from happening again, for whatever reason, correct?

Also, I have 192.168.75.1 (IP of my router) entered as my Primary DNS in BASIC->Internet. I have no Secondary or Third DNS populated. I do this because Voxel's dnscrypt-proxy-2 implementation reverts to these values for DNS when dnscrypt-proxy-2 isn't running (has been stopped, etc). I don't like this as stopping dnscrypt-proxy is the #1 way to test if dnscrypt-proxy is running, etc.

Anyway, since 192.168.75.1 couldn't resolve anything when I got online this morning I knew something was wrong. I do wish I knew why dnscrypt-proxy wasn't running after I rebooted my router last night right before I went to bed, but at least I have a fix/workaround.
 
Sorry, we are on different wave lengths...

I am only talking about this one time.

dnscrypt-proxy works great, including producing its log file, on my router.

I am talking about a one time occurrence... this morning. An anomaly. Understand now?
 
In that case that small line for rc.local should help limiting potential DNS outage to not more than a minute. Got confused by complete lack of log file in the first place.

Sorry, we are on different wave lengths...

I am only talking about this one time.

dnscrypt-proxy works great, including producing its log file, on my router.

I am talking about a one time occurrence... this morning. An anomaly. Understand now?
 
There is a Netgear bug in the startup of the router.
The log directory is actually wiped out AFTER e.g. rc.local is called.
After manually starting dnscrypt still no log file? Anyway /tmp/log shouldn't be purged with every restart.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Top