What's new

Stubby-Installer-Asuswrt-Merlin

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Regarding the DNS Leak test results. Yes, because you are not using the VPN of the provider, most test sites will give a warning that "you may be" or "are" leaking your DNS request. There are several definitions floating around the net of what a DNS leak is. For me, the purist definition of a DNS leak is when DNS requests are being routed to your ISP rather than the VPN provider. But since you defined your router to use Cloudflare, DNS request are going where you told them to. With DoT using Stubby, the DNS requests are encrypted so your ISP can't snoop on you. So, no need to worry. In fact, using Cloudflare may be result in faster queries when compared to using DNS of the VPN provider.

By that definition, then I am a purist as well and very happy with Stubby :)

The settings you list are correct except for the DNS Filter setting. That was a recent change in the installer script. There is a prompt/question in the installer script asking if you want to force all LAN clients to use Stubby. If you select the option, the DNS Filter setting made by the installer will force all LAN clients to use Stubby DoT. For example, if you have DNS configured in a Windows 10 device, it will override the DNS specified on the router. The DNS Filter setting forces all LAN clients to use Stubby. @skeal has a picture of the DNS Filter screen in this post.

I knew I should have left that setting alone :D. I specifically remember seeing it on and the only reason I turned it off is because during my recent installation of Diversion, the Diversion script made of note of it being on so I assumed it would be better off. As of this post though, it's on again the way shown in Skeal's picture. Thank you very much Xentrk.
 
add swap space to the storage device to improve performance.

Nice! I hadn't done that yet. Is there a reason why it's not created by default when installing AMTM? Also, how big should it be? My USB drive is 1TB so plenty of room. My options are as follow:

1. --> 256MB
2. --> 512MB
3. --> 1GB
4. --> 2GB
 
Nice! I hadn't done that yet. Is there a reason why it's not created by default when installing AMTM? Also, how big should it be? My USB drive is 1TB so plenty of room. My options are as follow:

1. --> 256MB
2. --> 512MB
3. --> 1GB
4. --> 2GB

pick whichever option is closest to the amount of RAM your router has: Unused RAM is useless RAM, and same for swap partitions. You'll want #2, I think.
 
Is CPU usage after Stubby and Diversion is installed supposed to be high? Reference: attached screenshot.

Asus RT-AC5300 running Merlin 384.10
In the past I've seen Diversion consume CPU trying to manage the .ash_history file. When you look at the top or htop output, if you see Diversion running with ash_history as a parameter, you might need to delete this file because something about it is corrupt. It's at /tmp/home/root/.ash_history.
 
Nice! I hadn't done that yet. Is there a reason why it's not created by default when installing AMTM? Also, how big should it be? My USB drive is 1TB so plenty of room. My options are as follow:

1. --> 256MB
2. --> 512MB
3. --> 1GB
4. --> 2GB
The swap should be on a thumb drive or an SSD. Using spinning rust for a swap is not a good idea as the drive can spin down thus delaying the read/write to the swap. You did not say what the 1 TB drive was...
 
The swap should be on a thumb drive or an SSD. Using spinning rust for a swap is not a good idea as the drive can spin down thus delaying the read/write to the swap. You did not say what the 1 TB drive was...
I have it on a WD 1TB Passport drive but it's set not to spool down. I am new here and am experimenting with all these scripts for the first time. Once I get everything perfected, I will go out and purchase a SSD drive for the router. :)
 
My router has 512MB of ram so I'll go with option 2 as you suggest. Thank you.
I recommend a USB stick of small size to serve as a swap and script support disk. I would add a SSD drive for other purposes. Even though read write cycles is not an issue, the replacement of a stick if it becomes unrecoverable is usually less money than a SSD drive. ;):)
 
Good point :)

Silly question: if I wanted to go back to 384.9 from 384.10, is it as simple as re-uploading the firmware file or do I need to restart from scratch with a factory reset, etc?
 
Good point :)

Silly question: if I wanted to go back to 384.9 from 384.10, is it as simple as re-uploading the firmware file or do I need to restart from scratch with a factory reset, etc?
Depends each situation is unique. Flash back to 384.9 and test before resetting. The usual method is: "If you experience weirdness" then reset. The definition of weirdness is almost anything that isn't right.
 
So I tried installing stubby on my ac86u (latest _.10 marlinfw) using the AMTM menu, and the command line... it keeps failing!

I'm already running Diversion, skynet, pixelservtls, and I uninstalled dnscrypt then rebooted before attempting to install stubby. Using the command line shows that stubby is "dead", and starting or restarting comes up with "failed". I went through the webui and my jffs files to see if anything was amiss, but it all looks fine to me (referencing the stubby script docs, the changes all seem to be correct). I tried a few times using an assortment of other settings I thought may be related: ipv6 on and off... my ISP doesn't offer ipv6 but it had to be turned on for the router ovpn client to connect to tunnelbear, vpn client on and off (I'm also running an ovpn server but haven't tried installing stubby with that disabled, since it seems unrelated and is otherwise working well).

None of those things helped, even after uninstalling/reinstalling/rebooting stubby a couple of times just to see if that changed anything. Everytime I try to install stubby with the script it fails, dns stops working, and I have to uninstall/reboot to get back online. Again, afaik the script is doing what it is supposed to (jffs files are changed correctly, wan dns=router ip, dnssec in gui = off...). I'm at a loss if anyone can help me get this working I'd be very grateful. I know my way around my router and pastbin, so please prompt me to post any file content relevant to diagnosing this.

Thanks,
Kevin

[edit: Note that I used the "dnssec cache" enabled option on the stubby installer. I couldn't find in the docs what that does, but figured "hey, might as well enable this and it will use dnssec, or sumpn' ". Note I did not re-enable the "dnssec" button in the gui after installing stubby. I also used the "force all clients" option in the installer, since I have diversion.]
 
Last edited:
So I tried installing stubby on my ac86u (latest _.10 marlinfw) using the AMTM menu, and the command line... it keeps failing!

I'm already running Diversion, skynet, pixelservtls, and I uninstalled dnscrypt then rebooted before attempting to install stubby. Using the command line shows that stubby is "dead", and starting or restarting comes up with "failed". I went through the webui and my jffs files to see if anything was amiss, but it all looks fine to me. I tried a few times using an assortment of other settings I thought may be related: ipv6 on and off... my ISP doesn't offer ipv6 but it had to be turned on for the router ovpn client to connect to tunnelbear, vpn client on and off (I'm also running an ovpn server but haven't tried installing stubby with that disabled, since it seems unrelated and is otherwise working well).

None of those things helped, even after uninstalling/reinstalling/rebooting stubby a couple of times just to see if that changed anything. Everytime I try to install stubby with the script it fails, dns stops working, and I have to uninstall/reboot to get back online. Again, afaik the script is doing what it is supposed to (jffs files are changed correctly, wan dns=router ip, dnssec in gui = off...). I'm at a loss if anyone can help me get this working I'd be very grateful. I know my way around my router and pastbin, so please prompt me to post any file content relevant to diagnosing this.

Thanks,
Kevin

[edit: Note that I used the "dnssec cache" enabled option on the stubby installer. I couldn't find in the docs what that does, but figured "hey, might as well enable this and it will use dnssec, or sumpn' ". Note I did not re-enable the "dnssec" button in the gui after installing stubby. I also used the "force all clients" option in the installer, since I have diversion.]
After installing Stubby run this command.
Code:
stubby -C /opt/etc/stubby/stubby.yml -i
It should show:
Code:
Result: Config file syntax is valid.
as the bottom line.
 
Sigh, not sure what the heck it was, but upon my last attempt with AMTM it appears stubby has installed properly and is now working as intended. The stubby installer showed different successful results when starting stubby, and now i'm able to browse the web with my wan dns set to the router.

Anyhow, thanks for the quick response skeal... that was my bottom line btw. Also I want to give a shout out to eric, lonelycoder, adam, skeal, x3ntrk, and all the other generous and skilled coders out there who make all this gushy router greatness a reality for the rest of us schmoos. ;)

Thanks,
Kevin
 
Sigh, not sure what the heck it was, but upon my last attempt with AMTM it appears stubby has installed properly and is now working as intended. The stubby installer showed different successful results when starting stubby, and now i'm able to browse the web with my wan dns set to the router.

Anyhow, thanks for the quick response skeal... that was my bottom line btw. Also I want to give a shout out to eric, lonelycoder, adam, skeal, x3ntrk, and all the other generous and skilled coders out there who make all this gushy router greatness a reality for the rest of us schmoos. ;)

Thanks,
Kevin
Thanks for the kind words. I'm 58 years old and have been to school 5 different times in my life. I must say that I have learned more from other peoples experience's, than any text book. Welcome aboard and continue coming back to this excellent forum for help. ;):)
 
I hear you skeal... got a bs-ae at UM... learned a lot of useful math tricks, how to think critically, and got interested in coding. Good stuff, but the real bits and bolts of knowledge that I use daily came from 'alternative sources'... snbforums, rcgroups, thingiverse... and maybe a few other hotbeds of knowledge.

I try to perpetuate my experiences by helping as much as I can on various forums... gotta give back to those who helped me. Unfortunately the snbforums work tends to be out of my lane (not nearly as good at coding/networking as you all) so I get more than I give on average here. Otoh, if any of you guys want help with aircraft, robotics, construction, metal/woodworking, etc... I'm more familiar with those things. ;)

Cheers,
Kev
 
I have it on a WD 1TB Passport drive but it's set not to spool down. I am new here and am experimenting with all these scripts for the first time. Once I get everything perfected, I will go out and purchase a SSD drive for the router. :)
You would be better off investing in a NAS for file storage! I fussed with USB drives attached to a router for years. Used a WD Mybooklive for a while and recently forked out the dough for a Synology two drive unit. It is FAST! Just have a 2 GB thumb drive in the router to run Entware and Stubby. Do not need a swap file!
Now, to get into the new house with fios...

Oh, for you kids info I am past three score and ten... Originally learned numeric control programming on seven hole punch tape... older than dirt almost!

Sent from my SM-T380 using Tapatalk
 
...seven hole punch tape...
Was that like before FORTRAN? :D

My brother (just 3yrs my elder) learned FORTRAN in school (what you'd expect from an 80's for profit tech school). Glad I waited until college before I got I to coding... after an 'intro to C' course.
 
Was that like before FORTRAN? :D

My brother (just 3yrs my elder) learned FORTRAN in school (what you'd expect from an 80's for profit tech school). Glad I waited until college before I got I to coding... after an 'intro to C' course.
I learned Fortran in the late '80s in a state college. Fortran has a bad rap, our analysts still use it at work for certain dynamic simulations.
 
Anyhow, thanks for the quick response skeal... that was my bottom line btw. Also I want to give a shout out to eric, lonelycoder, adam, skeal, x3ntrk, and all the other generous and skilled coders out there who make all this gushy router greatness a reality for the rest of us schmoos. ;)

Thanks,
Kevin

We really have to start some sort of a karma bank for these people to see a trickle of money for their efforts...right?
 
I have donated to merlin and lonelycoder... still owe Adam, x3ntrek, kvic, jackyaz, and others... but I know kvic won't accept $. I certainly don't mind donating. I also feel that asus may be getting some value out bbn of their work... I bet a big chunk of asus routers running merlin may not have been purchased without merlin and the scripts existing. I know for myself, asus got my AC86U purchase for solely that reason alone. I feel asus should compensate for that. I mean to be fair yes they have a decent market regardless, but no doubt the snbforums club as added prestige to the name.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top