What's new

Stubby-Installer-Asuswrt-Merlin

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

@Adamm It seems haveged log entries are out by 6 hours. I see this and I have updated to the newest release of stubby.
Code:
Feb 10 16:54:07 Entware (armv7sf-k2.6): Started pixelserv-tls (Diversion) from /jffs/scripts/post-mount
Feb 10 16:54:07 Diversion: started Entware services, from /jffs/scripts/post-mount
Feb 10 16:54:07 rc_service: service 4511:notify_rc restart_dnsmasq
Feb 10 16:54:07 dnsmasq[297]: exiting on receipt of SIGTERM
Feb 10 16:54:07 pixelserv-tls[4503]: pixelserv-tls 2.2.1 (compiled: Dec 29 2018 15:01:03 flags: tls1_3) options: 192.168.xx.4
Feb 10 16:54:08 custom_config: Appending content of /jffs/configs/dnsmasq.conf.add.
Feb 10 16:54:08 custom_script: Running /jffs/scripts/dnsmasq.postconf (args: /etc/dnsmasq.conf ) - max timeout = 120s
Feb 10 22:54:08 haveged: haveged: ver: 1.9.4; arch: generic; vend: ; build: (gcc 7.3.0 CV); collect: 128K
Feb 10 22:54:08 haveged: haveged: cpu: (); data: 32K (P); inst: 32K (P); idx: 18/40; sz: 31104/71972
Feb 10 22:54:08 haveged: haveged: fills: 0, generated: 0
Edit: Removed sensitive info.

This is an entware issue, this thread seems to explain the issue.
 
@Adamm It seems haveged log entries are out by 6 hours. I see this and I have updated to the newest release of stubby.
You have to add the export line to the init.d scripts manually. See #989.
 
With ignorance I ask, @Adamm and @Xentrk, if there is reason not to have this stubby installer automatically add "export TZ=$(cat /etc/TZ)" in the stubby and haveged init.d scripts?
That would make sense. I add it for pixelserv-tls in Diversion.
 
That would make sense. I add it for pixelserv-tls in Diversion.
I am using Pixelserv-tls which would explain why haveged syslog entries on my router have the correct time.
 
I am using Pixelserv-tls which would explain why haveged syslog entries on my router have the correct time.
I have pixelserv-tls, and mine were off. I think it needs to be in each.
 
Hey guys, not sure if this is the right thread for my problem, but eventually someone can help as I am also using Stubby in my setup and I am not sure if the problem is related to it: https://www.snbforums.com/threads/a...sion-skynet-stubby-connection-problems.54999/

Having some connection issues that occur over time and won't go away.
Seen a few posts with these symptoms. Recommendation is to turn off network monitoring.
https://www.snbforums.com/threads/stubby-installer-asuswrt-merlin.49469/page-45#post-464772
 
Sorry, I have to ask again exactly.
The second option "Would you like to force all client DNS requests through Stubby" (Question mark missing) is completely the same as in the router GUI:
LAN --> DNSFilter --> Enable DNS-based Filtering (ON) --> Global Filter Mode (Router); (all fields empty)?

:)

Sorry I need clarification: enabling Global Filter Mode: Router WILL or WONT break the Stubby option to force client requests through Stubby????

I'm also curious because I do have Global Filter Router mode enabled but while using DNSCrypt with it's similar option to force requests through DNSCrypt.
 
When I recycle stubby using the following script, I get full logging, yes even after logging out of my ssh session. The dash g is daemon mode. The dash l is debug logging. I will change it to dash v after I am done working through CleanBrowsing problems.
Code:
#!/bin/sh -x
export TZ=$(cat /etc/TZ)
/opt/etc/init.d/S61stubby stop
nohup /opt/sbin/stubby -C /opt/etc/stubby/stubby.yml -g -l >/opt/var/log/stubby.log 2>&1 &
By the way, exporting the TZ variable has no effect, the logs have UTC time with no date.
 

sorry about the basic question but, how can i know what version is running?
when i type "stubby" at my /tmp/home/root#
i get the following and i must ctrl+c to get unstuck (waited 2 minutes).

Code:
ASUSWRT-Merlin RT-AC3100 384.8-2 Sat Dec  8 18:18:31 UTC 2018
domain@device:/tmp/home/root# stubby
[21:44:12.683034] STUBBY: Read config from file /opt/etc/stubby/stubby.yml
[21:44:12.688370] STUBBY: DNSSEC Validation is OFF
[21:44:12.688421] STUBBY: Transport list is:
[21:44:12.688434] STUBBY:   - TLS
[21:44:12.688448] STUBBY: Privacy Usage Profile is Strict (Authentication required)
[21:44:12.688459] STUBBY: (NOTE a Strict Profile only applies when TLS is the ONLY transport!!)
[21:44:12.688470] STUBBY: Starting DAEMON....
^C
domain@device:/tmp/home/root#

however, when i do a dnsleaktest from a browser,
i'm still getting Cloudflare which means it seems to be working.
 
sorry about the basic question but, how can i know what version is running?
when i type "stubby" at my /tmp/home/root#
i get the following and i must ctrl+c to get unstuck.

Code:
ASUSWRT-Merlin RT-AC3100 384.8-2 Sat Dec  8 18:18:31 UTC 2018
domain@device:/tmp/home/root# stubby
[21:44:12.683034] STUBBY: Read config from file /opt/etc/stubby/stubby.yml
[21:44:12.688370] STUBBY: DNSSEC Validation is OFF
[21:44:12.688421] STUBBY: Transport list is:
[21:44:12.688434] STUBBY:   - TLS
[21:44:12.688448] STUBBY: Privacy Usage Profile is Strict (Authentication required)
[21:44:12.688459] STUBBY: (NOTE a Strict Profile only applies when TLS is the ONLY transport!!)
[21:44:12.688470] STUBBY: Starting DAEMON....
^C
domain@device:/tmp/home/root#

however, when i do a dnsleaktest from a browser,
i'm still getting Cloudflare which means it seems to be working.
amtm will show you versions of all scripts that it supports in its main menu.
 
sorry about the basic question but, how can i know what version is running?
when i type "stubby" at my /tmp/home/root#
i get the following and i must ctrl+c to get unstuck (waited 2 minutes).

Code:
ASUSWRT-Merlin RT-AC3100 384.8-2 Sat Dec  8 18:18:31 UTC 2018
domain@device:/tmp/home/root# stubby
[21:44:12.683034] STUBBY: Read config from file /opt/etc/stubby/stubby.yml
[21:44:12.688370] STUBBY: DNSSEC Validation is OFF
[21:44:12.688421] STUBBY: Transport list is:
[21:44:12.688434] STUBBY:   - TLS
[21:44:12.688448] STUBBY: Privacy Usage Profile is Strict (Authentication required)
[21:44:12.688459] STUBBY: (NOTE a Strict Profile only applies when TLS is the ONLY transport!!)
[21:44:12.688470] STUBBY: Starting DAEMON....
^C
domain@device:/tmp/home/root#

however, when i do a dnsleaktest from a browser,
i'm still getting Cloudflare which means it seems to be working.
The version number is the installer version, not the daemon version. :) If you run the "install_stubby.sh" script it will show you the version. Stubby itself is ver 0.2.5 according to Entware.

You have to ctrl-c out of that because it's running as a foreground process (despite saying it's starting the daemon). The background daemon is started on installation / upgrade. You can use htop from Entware to verify the daemon is running.
 
sorry about the basic question but, how can i know what version is running?
when i type "stubby" at my /tmp/home/root#
i get the following and i must ctrl+c to get unstuck (waited 2 minutes).

Code:
ASUSWRT-Merlin RT-AC3100 384.8-2 Sat Dec  8 18:18:31 UTC 2018
domain@device:/tmp/home/root# stubby
[21:44:12.683034] STUBBY: Read config from file /opt/etc/stubby/stubby.yml
[21:44:12.688370] STUBBY: DNSSEC Validation is OFF
[21:44:12.688421] STUBBY: Transport list is:
[21:44:12.688434] STUBBY:   - TLS
[21:44:12.688448] STUBBY: Privacy Usage Profile is Strict (Authentication required)
[21:44:12.688459] STUBBY: (NOTE a Strict Profile only applies when TLS is the ONLY transport!!)
[21:44:12.688470] STUBBY: Starting DAEMON....
^C
domain@device:/tmp/home/root#

however, when i do a dnsleaktest from a browser,
i'm still getting Cloudflare which means it seems to be working.
Try stubby -l
Will show the resolver connections.

Sent from my SM-T380 using Tapatalk
 
If you run the "install_stubby.sh" script it will show you the version.

i don't see it on the option screen, must i run the update routine if all i want to do is find out what version i have?

Code:
ASUSWRT-Merlin RT-AC3100 384.8-2 Sat Dec  8 18:18:31 UTC 2018
domain@device:/tmp/home/root# /jffs/scripts/install_stubby.sh
_______________________________________________________________________
|                                                                     |
|  Welcome to the Stubby-Installer-Asuswrt-Merlin installation script |
|  Version 1.0.3 by Xentrk                                            |
|_____________________________________________________________________|

1 = Update Stubby Configuration
2 = Remove Existing Stubby Installation
3 = Update install_stubby.sh

e = Exit Script

or is my current script version 1.0.3 (and not just the installation version)
sorry, i know these questions seem dumb - but i don't know how this works.
 
If you use amtm, as noted above it will tell you what version is running without running the stubby installer. Stubby itself is not a script, it is a program. If you type "opkg list-installed" it will tell you what versions of your entware software are installed. Stubby should be 0.2.5. You are running version 1.0.3 of the stubby installer, if you choose option 3 it will update the installer to the current version (currently 1.0.8). Even if you are running stubby 0.2.5, you should still upgrade the installer as it does much more than just install the programs.

The way we talk about scripts is a little confusing. Most of them actually are installers - Jack Yaz's YazFi for instance sets up iptables and other behind the scenes stuff to manage guest wifi, but it doesn't actually stay in memory once it does that. Install_stubby sets up stubby, getdns, and also haveged, all of which are programs from Entware. Install_stubby also sets up all the routing rules to ensure that stubby and getdns are running properly. haveged is for improving the router's entropy, which is important for security when generating encryption keys (which it does a lot more of than you might think; lots of things use them).
 
Last edited:
I done got bit by @skeal 's bug! :D
Code:
ALL UDP 53 192.168.1.1 53 PREROUTING
ALL TCP 53 192.168.1.1 53 PREROUTING
ALL UDP 53 192.168.1.1 53 PREROUTING
ALL UDP 53 192.168.1.1 53 PREROUTING
ALL TCP 53 192.168.1.1 53 PREROUTING
ALL TCP 53 192.168.1.1 53 PREROUTING
I had some issues with my VPN connection, so i used "halt" from a terminal to power cycle. Left it off about 10 minutes. On restart everything looks fine in the syslog, nothing out of ordinary. Then I check Port Forwarding in the System Log section and get the above. I checked earlier today and when I opened Stubby from amtm, it gave me the option to update, so I did. Change nothing in configuration. I have the cache DNSSEC setting to no, and the force all DNS through Stubby to yes.
 
i don't see it on the option screen, must i run the update routine if all i want to do is find out what version i have?

Code:
ASUSWRT-Merlin RT-AC3100 384.8-2 Sat Dec  8 18:18:31 UTC 2018
domain@device:/tmp/home/root# /jffs/scripts/install_stubby.sh
_______________________________________________________________________
|                                                                     |
|  Welcome to the Stubby-Installer-Asuswrt-Merlin installation script |
|  Version 1.0.3 by Xentrk                                            |
|_____________________________________________________________________|

1 = Update Stubby Configuration
2 = Remove Existing Stubby Installation
3 = Update install_stubby.sh

e = Exit Script

or is my current script version 1.0.3 (and not just the installation version)
sorry, i know these questions seem dumb - but i don't know how this works.
I have some cycles today to do some analysis. The version number is set on the third line of the code below the comments section. Currently line 26. It is currently set at VERSION="1.0.8". I'll look at AMTM and install_stubby.sh to see if I can duplicate your issue. In the meantime, you can download the most current version using the command below:

Code:
/usr/sbin/curl --retry 3 "https://raw.githubusercontent.com/Xentrk/Stubby-Installer-Asuswrt-Merlin/master/install_stubby.sh" -o "/jffs/scripts/install_stubby.sh" && chmod 755 /jffs/scripts/install_stubby.sh && sh /jffs/scripts/install_stubby.sh
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top