Stubby-Installer-Asuswrt-Merlin

[DonnyJohnny]

Yml min version is tls 1.3 but how do we know it is tls 1.3 using the ciphersuites?
Where can we see?

 

[JemTheWire]

Whenever in doubt just use the official command;

/usr/sbin/curl --retry 3 "https://raw.githubusercontent.com/Xentrk/Stubby-Installer-Asuswrt-Merlin/master/install_stubby.sh" -o "/jffs/scripts/install_stubby.sh" && chmod 755 /jffs/scripts/install_stubby.sh && sh /jffs/scripts/install_stubby.sh

Thank you Sir. That did the trick. I’m now rocking v1.1.1

 

[hervon]

Updated without issue from amtm. Thanks!

 

[dave14305]

I'm sorry but I don't understand can you run this by me again please, a little slower.

To choose to force all clients to use Stubby (from the installer) implies that clients should not be allowed to bypass your router as the DNS server via 53/udp or 853/tcp.

If you want a permanent or temporary exception for your Linux client, setup a client rule in the DNSFilter Client List, setting its mode to No Filtering. Then your traffic to 1.1.1.1:853 should go through.

 

[elorimer]

run opkg update/opkg upgrade

Careful dude!

 

[bbunge]

Whenever in doubt just use the official command;

/usr/sbin/curl --retry 3 "https://raw.githubusercontent.com/Xentrk/Stubby-Installer-Asuswrt-Merlin/master/install_stubby.sh" -o "/jffs/scripts/install_stubby.sh" && chmod 755 /jffs/scripts/install_stubby.sh && sh /jffs/scripts/install_stubby.sh

Ran the 1.1.1 installer script this morining. Noted one error:

1 = Update Stubby Configuration
2 = Remove Existing Stubby Installation

e = Exit Script

Option ==> 1

Entware package list successfully updated

Error trying to remove /opt/etc/stubby
Package getdns (1.5.1-1) installed in root is up to date.
GetDNS successfully updated
Package stubby (0.2.5-1) installed in root is up to date.
Stubby successfully installed
Package haveged (1.9.4-1) installed in root is up to date.
Haveged successfully updated

Noted "tls_min_version: GETDNS_TLS1_3" added to stubby.yml.

Was wondering if the Entware version of Openssl is needed if the version in Merlin 384.10 would work?

 

[elorimer]

Updated stubby through amtm on my 56U using 384.6 and lost internet. The stubby script also would hang after the splash bit until it timed out. Deleting the routers address from the WAN DNS field and setting it to automatically pull DNS got the internet back.

 

[bluzfanmr1]

Running 384.8_2 on RT-AC66U_B1 and updated stubby through amtm. I lost internet as well. To get it back I had to remove the 2 new entries in stubby.yml as I was getting this when running stubby -l:

[13:33:39.591567] STUBBY: --- SETUP(TLS): : This version of OpenSSL does not support setting of mimum or maximum TLS versions

Could not schedule query: The library did not have the requested API feature implemented.

 

[Adamm]

Updated stubby through amtm on my 56U using 384.6 and lost internet. The stubby script also would hang after the splash bit until it timed out. Deleting the routers address from the WAN DNS field and setting it to automatically pull DNS got the internet back.

Running 384.8_2 on RT-AC66U_B1 and updated stubby through amtm. I lost internet as well. To get it back I had to remove the 2 new entries in stubby.yml as I was getting this when running stubby -l:

Note; if you get the following error and internet connectivity issues, run opkg update/opkg upgrade

 

[bluzfanmr1]

I had run the update and upgrades and stubby would not work no matter what I tried so I ran the installer script (not via amtm because that wouldn't work) and removed stubby, rebooted, ran the installer again, and all is well now with the new options.

 

[bluzfanmr1]

Nice coincidence: version 1.1.1 to support/use OpenSSL 1.1.1

I'm getting the following:

# openssl version
OpenSSL 1.0.2q  20 Nov 2018

Should I see OpenSSL 1.1.1? Did I forget a step to get there?

 

[Adamm]

Should I see OpenSSL 1.1.1? Did I forget a step to get there?

skynet@RT-AX88U-DC28:/tmp/home/root# opkg list-installed | grep libopenssl
libopenssl - 1.1.1a-2

 

[bluzfanmr1]

skynet@RT-AX88U-DC28:/tmp/home/root# opkg list-installed | grep libopenssl
libopenssl - 1.1.1a-2

D'oh, my bad. Thanks for the clarification.

 

[pattiri]

if you get the following error and internet connectivity issues, run opkg update/opkg upgrade

how can I "opkg update/opkg upgrade" when router doesn't have internet conenction?

I've tried to put DNS addresses manually under WAN but router still sends packets to 127.0.0.1. I can ping any IP address but can't resolve and address so I'm stucked.

I've killed stubby but it still tries to send DNS packets to 127.0.0.1 .

 

[Adamm]

how can I "opkg update/opkg upgrade" when router doesn't have internet conenction?

I've tried to put DNS addresses manually under WAN but router still sends packets to 127.0.0.1. I can ping any IP address but can't resolve and address so I'm stucked.

I've killed stubby but it still tries to send DNS packets to 127.0.0.1 .

Run the uninstall command to remove the broken stubby installation, run the commands, then reinstall.

sh /jffs/scripts/install_stubby.sh uninstall

I apologize for the inconvenience but this was due to an entware upgrade so it was unavoidable on our end due to the nature of stubby.

 

[pattiri]

Run the uninstall command to remove the broken stubby installation, run the commands, then reinstall.

sh /jffs/scripts/install_stubby.sh uninstall

I apologize for the inconvenience but this was due to an entware upgrade so it was unavoidable on our end due to the nature of stubby.

I've just seen this and just uninstalled waited router to be rebooted. You don't need to apologize, it's my fault. I shoudl have checked your notes before upgrade

 

[skeal]

After figuring out DNS Filter I have to say it's a better way of handling the DNS traffic routing. Thanks @Adamm great idea.

 

[L&LD]

After figuring out DNS Filter I have to say it's a better way of handling the DNS traffic routing. Thanks @Adamm great idea.

Can you expand on 'figuring out DNS Filter'?

 

[skeal]

Figuring out a way to temporarily allow my Ubuntu desktop to do a kdig query on cloudflare.

 

[Butterfly Bones]

Figuring out a way to temporarily allow my Ubuntu desktop to do a kdig query on cloudflare.

I'm curious what went wrong and what you had to do? I left Stubby as configured by the last update to v.1.1.1. I run Linux Mint based on Ubuntu and have no issues with dig in a terminal:

tim@LinuxDT ~ $ dig cloudflare.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> cloudflare.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29113
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;cloudflare.com.            IN    A
;; ANSWER SECTION:
cloudflare.com.        217    IN    A    198.41.215.162
cloudflare.com.        217    IN    A    198.41.214.162
;; Query time: 118 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Mon Mar 25 12:26:08 PDT 2019
;; MSG SIZE  rcvd: 103