Unbound unbound_manager (Manager/Installer utility for unbound - Recursive DNS Server)

[SomeWhereOverTheRainBow]

Why not follow the instruction in post #1500

We need a dedicated page for the @Martineau FAQ.

 

[Martineau]

We need a dedicated page for the @Martineau FAQ.

Sadly no one reads FAQs anyway as evidenced by the frequently ignored sticky posts at the top of this forum, but are my (verbose) instructions not concisely clear? or are they too esoteric?

 

[glehel]

You shouldn't believe everything you read on the Internet

Once upon a time.... ha!

Of course you can use unbound with a permanently running VPN.

unbound will always use the WAN but be unencrypted (i.e. ISP snooping), and your LAN nominated Selective Routing devices can either use the VPN ISP's DNS (EXCLUSIVE) or unbound.

The only thing that is new is (optionally) unbound is also capable of sending it's requests though the VPN tunnel to prevent ISP snooping, but I doubt many have used the option within unbound_manager as it is experimental.

if i use vpn exclusive dns option ad blocking doesn't work. so this vpn solution is a good idea and i am using it. exactly what script do I need when disconnecting from vpn?

 

[Martineau]

if i use vpn exclusive dns option ad blocking doesn't work. so this vpn solution is a good idea and i am using it. exactly what script do I need when disconnecting from vpn?

See post #1504 and reiterated here with additional precautions to be considered/added to handle an unsolicited reboot due to an unexpected power outage/crash etc.

 

[glehel]

unfortunately for me the vpn switch doesn't work if anyone can describe what to put where in which file.

 

[Chris0815]

So hopefully if you have the time, could you test my 'bloated mess!' of a script further?

One question that currently occurred to my usage:
I used the command "vpn 1" to use DNS over VPN. Installation worked fine.

[✔] unbound requests via VPN Client  (10.8.0.8) tunnel ENABLED

10.8.0.8 was also integrated into the config and everything went fine.
Today the IP of my VPN was changed. Current IP is 10.8.3.5. So no DNS resolution possible anymore. So everything working correct.

So I deactivated DNS over VPN by the command "vpn disable". Also working, I could resolve DNS again.
Then I typed the command "vpn 1" again in order to use DNS over VPN with the new IP (10.8.3.5).
But outbound seems to use the old IP for the outgoing interface:

[✔] unbound requests via VPN Client  (10.8.0.8) tunnel ENABLED

Would it be possible that the new IP is integrated in the config? Or am I doing something wrong?

 

[Martineau]

One question that currently occurred to my usage:
I used the command "vpn 1" to use DNS over VPN. Installation worked fine.

[✔] unbound requests via VPN Client  (10.8.0.8) tunnel ENABLED

10.8.0.8 was also integrated into the config and everything went fine.
Today the IP of my VPN was changed. Current IP is 10.8.3.5. So no DNS resolution possible anymore. So everything working correct.

So I deactivated DNS over VPN by the command "vpn disable". Also working, I could resolve DNS again.
Then I typed the command "vpn 1" again in order to use DNS over VPN with the new IP (10.8.3.5).
But outbound seems to use the old IP for the outgoing interface:

[✔] unbound requests via VPN Client  (10.8.0.8) tunnel ENABLED

Would it be possible that the new IP is integrated in the config? Or am I doing something wrong?

As per post 1500# what do the first two diagnostic commands show?

 

[Chris0815]

As per post 1500# what do the first two diagnostic commands show?

grep VPN /opt/var/lib/unbound/unbound.conf

outgoing-interface: 10.8.0.8        # v1.08 Martineau Use VPN tunnel to hide Root server queries from ISP

ip route show | grep tun1

10.8.3.0/24 dev tun11  proto kernel  scope link  src 10.8.3.5

So its still the IP from the first activation of "vpn 1".

"vpn disable" shows in the config, that ongoing interface is marked by "#".
"vpn 1" seems to eliminate the "#", but not actualizing the IP (10.8.0.8 -> 10.8.3.5)

 

[Martineau]

grep VPN /opt/var/lib/unbound/unbound.conf

outgoing-interface: 10.8.0.8        # v1.08 Martineau Use VPN tunnel to hide Root server queries from ISP

ip route show | grep tun1

10.8.3.0/24 dev tun11  proto kernel  scope link  src 10.8.3.5

So its still the IP from the first activation of "vpn 1".

"vpn disable" shows in the config, that ongoing interface is marked by "#".
"vpn 1" seems to eliminate the "#", but not actualizing the IP (10.8.0.8 -> 10.8.3.5)

Would you mind assisting further by debugging?.....

First issue a non-destructive command to manually test the 'sed' expression used within the script

sed '/^outgoing-interface:/ s/[^ ]*[^ ]/100.999.999.0/2' /opt/var/lib/unbound/unbound.conf | grep VPN

you can try the above command a couple of times changing '100.999.999.0' to a different string each time.
Hopefully the second word always changes to whatever string you have provided.

Now debug the script from a known VPN DISABLED state

unbound_manager   vpn=disable

Check the current VPN configuration; it should be DISABLED i.e. commented out

grep VPN /opt/var/lib/unbound/unbound.conf

then run 'unbound_manager' in debug trace mode (NOTE: Rather than use the 'vpn 1' menu command, there will be significantly less debug output when using the commandline)

sh -x /jffs/addons/unbound/unbound_manager.sh   vpn=1

grep VPN /opt/var/lib/unbound/unbound.conf

and post the output (preferably in a SPOILER+CODE tag box!)

 

[Kingp1n]

Why not follow the instruction in post #1500

Unfortunately, I'm not brightest when it comes to this and I do apologize.

I'm following your instructions and now I'm getting the following message when typing "vpn 1" using advanced mode:


Option Auto Reply 'y'
[1587308388] unbound-checkconf[31058:0] error: cannot parse ip address: 'xxx.xxx.xxx.xxx'
[1587308388] unbound-checkconf[31058:0] fatal error: cannot parse outgoing-interface specified as 'xxx.xxx.xxx.xxx'
***ERROR requested re(Start) of unbound ABORTed! - use option 'vx' to correct 'unbound.conf' or 'rl' to load a valid configuration file

[1587308388] unbound-checkconf[31097:0] error: cannot parse ip address: 'xxx.xxx.xxx.xxx'
[1587308388] unbound-checkconf[31097:0] fatal error: cannot parse outgoing-interface specified as 'xxx.xxx.xxx.xxx'
***ERROR INVALID unbound configuration - use option 'vx' to correct 'unbound.conf' or 'rl' to load a valid configuration file
or 'e' exit; then issue debug command
unbound -dv

When I run pre-reqs status I see this:

Router Configuration recommended pre-reqs page status:
[✔] Swapfile=2097148 kB
[✔] DNS Filter=ON
[✔] DNS Filter=ROUTER
[✔] WAN: Use local caching DNS server as system resolver=NO
[✔] Enable local NTP server=YES
[✔] Enable DNS Rebind protection=NO
[✔] Enable DNSSEC support=NO
Options: Auto Reply='y' for User Selectable Options ('4') Performance Tweaks
[✔] unbound CPU/Memory Performance tweaks
[✔] unbound-control FAST response ENABLED
[✔] unbound requests via VPN Client (xxx.xxx.xxx.xxx) tunnel ENABLED

running unbound -dv gives me this:
admin@RT-AX88U-xxxx:/tmp/home/root# unbound -dv
[1587308847] unbound[7519:0] notice: Start of unbound 1.10.0.
Apr 19 11:07:27 unbound[7519:0] error: can't bind socket: Address already in use for 127.0.0.1 port 953
Apr 19 11:07:27 unbound[7519:0] error: cannot open control interface 127.0.0.1 953
Apr 19 11:07:27 unbound[7519:0] fatal error: could not open ports

 

[Martineau]

Unfortunately, I'm not brightest when it comes to this and I do apologize.

I'm following your instructions and now I'm getting the following message when typing "vpn 1" using advanced mode:

[1587308024] unbound-checkconf[27607:0] error: cannot parse ip address: 'xxx.xxx.xxx.xxx'
[1587308024] unbound-checkconf[27607:0] fatal error: cannot parse outgoing-interface specified as 'xxx.xxx.xxx.xxx'
***ERROR INVALID unbound configuration - use option 'vx' to correct 'unbound.conf' or 'rl' to load a valid configuration file

When I run pre-reqs status I see this:

Router Configuration recommended pre-reqs page status:
[✔] Swapfile=2097148 kB
[✔] DNS Filter=ON
[✔] DNS Filter=ROUTER
[✔] WAN: Use local caching DNS server as system resolver=NO
[✔] Enable local NTP server=YES
[✔] Enable DNS Rebind protection=NO
[✔] Enable DNSSEC support=NO
Options: Auto Reply='y' for User Selectable Options ('4') Performance Tweaks
[✔] unbound CPU/Memory Performance tweaks
[✔] unbound-control FAST response ENABLED
[✔] unbound requests via VPN Client (xxx.xxx.xxx.xxx) tunnel ENABLED

See post above yours as I can't seem to recreate the issue, but you can try debugging - well at least the first command if you wish

 

[Kingp1n]

See post above yours as I can't seem to recreate the issue, but you can try debugging - well at least the first command if you wish

Thanks for the assistance. Runnin the command gives the following

admin@RT-AX88U-xxxx:/tmp/home/root# unbound_manager vpn=disable
unbound requests via VPN Client tunnel DISABLED
unbound-checkconf: no errors in /opt/var/lib/unbound/unbound.conf
Shutting down unbound... done.
Starting unbound... done.
Checking status, please wait..... unbound OK

admin@RT-AX88U-xxxxx:/tmp/home/root# grep VPN /opt/var/lib/unbound/unbound.conf
#outgoing-interface: xxx.xxx.xxx.xxx # v1.08 Martineau Use VPN tunnel to hide Root server queries from ISP
admin@RT-AX88U-F2E8:/tmp/home/root# sh -x /jffs/addons/unbound/unbound_manager.s
h vpn=1
+ export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/opt/bin:/opt/sbin:/bin:/usr/bin:/sb in:/usr/sbin:/home/admin:/mmc/sbin:/mmc/bin:/mmc/usr/sbin:/mmc/usr/bin:/opt/sbin :/opt/bin:/opt/usr/sbin:/opt/usr/bin
+ basename /jffs/addons/unbound/unbound_manager.sh
+ [ -n vpn=1 ]
+ echo vpn=1
+ logger -t (unbound_manager.sh) 9712 Starting Script Execution (vpn=1)
+ VERSION=3.04
+ GIT_REPO=unbound-Asuswrt-Merlin
+ GITHUB_JACKYAZ=https://raw.githubusercontent.com/jackyaz/unbound-Asuswrt-Merli n/master
+ GITHUB_JUCHED=https://raw.githubusercontent.com/juched78/unbound-Asuswrt-Merli n/master
+ GITHUB_JUCHED_DEV=https://raw.githubusercontent.com/juched78/unbound-Asuswrt-M erlin/develop
+ GITHUB_MARTINEAU=https://raw.githubusercontent.com/MartineauUK/unbound-Asuswrt -Merlin/master
+ GITHUB_MARTINEAU_DEV=https://raw.githubusercontent.com/MartineauUK/unbound-Asu swrt-Merlin/dev
+ GITHUB_DIR=https://raw.githubusercontent.com/MartineauUK/unbound-Asuswrt-Merli n/master
+ CONFIG_DIR=/opt/var/lib/unbound/
+ UNBOUNCTRLCMD=unbound-control
+ ENTWARE_UNBOUND=unbound-checkconf unbound-control-setup unbound-control unboun d-anchor unbound-daemon
+ SILENT=s
+ ALLOWUPGRADE=Y
+ CHECK_GITHUB=1
+ MAX_OPTIONS=5
+ USER_OPTION_PROMPTS=?
+ CURRENT_AUTO_OPTIONS=
+ DIV_DIR=/opt/share/diversion/list/
+ KEEPACTIVECONFIG=N
+ USE_GITHUB_DEV=N
+ + awknvram BEGIN { FS = "." } {printf("%03d%02d",$1,$2)}
get buildno
+ echo 384.16
+ FIRMWARE=38416
+ Get_Router_Model
+ local HARDWARE_MODEL
+ nvram get odmpid
+ [ -z ]
+ nvram get productid
+ HARDWARE_MODEL=RT-AX88U
+ echo RT-AX88U
+ return 0
+ HARDWARE_MODEL=RT-AX88U
+ HTTP_TYPE=http
+ nvram get http_lanport
+ HTTP_PORT=80
+ nvram get http_enable
+ [ 2 == 1 ]
+ ANSIColours
+ cRESET=\e[0m
+ cBLA=\e[30m
+ cRED=\e[31m
+ cGRE=\e[32m
+ cYEL=\e[33m
+ cBLU=\e[34m
+ cMAG=\e[35m
+ cCYA=\e[36m
+ cGRA=\e[37m
+ cBGRA=\e[90m
+ cBRED=\e[91m
+ cBGRE=\e[92m
+ cBYEL=\e[93m
+ cBBLU=\e[94m
+ cBMAG=\e[95m
+ cBCYA=\e[96m
+ cBWHT=\e[97m
+ aBOLD=\e[1m
+ aDIM=\e[2m
+ aUNDER=\e[4m
+ aBLINK=\e[5m
+ aREVERSE=\e[7m
+ cWRED=\e[41m
+ cWGRE=\e[42m
+ cWYEL=\e[43m
+ cWBLU=\e[44m
+ cWMAG=\e[45m
+ cWCYA=\e[46m
+ cWGRA=\e[47m
+ source /usr/sbin/helper.sh
+ _am_settings_path=/jffs/addons/custom_settings.txt
+ [ vpn=1 == -h ]
+ [ vpn=1 == help ]
+ [ ! -L /opt/bin/unbound_manager ]
+ grep -oiw advanced
+ echo vpn=1
+ [ -n ]
+ EASYMENU=Y
+ [ -f /opt/var/lib/unbound/Read.me ]
+ echo vpn=1
+ grep -F config=
+ [ -n ]
+ [ -n ]
+ echo vpn=1
+ awk {print $1}
+ sed -n s/^.*vpn=//p
+ VPN_ID=1
+ nvram get vpn_client1_state
+ [ 2 == 2 ]
+ Use_VPN_Tunnel 1
+ local STATUS=0
+ grep -E ^[#|o].*utgoing-interface: /opt/var/lib/unbound/unbound.conf
+ [ -n # - Add 'outgoing-interface:' template
#outgoing-interface: xxx.xxx.xxx.xxx # v1.08 Martineau Use VPN tunnel to hide Root server queries from ISP ]
+ [ 1 != disable ]
+ local VPN_ID=1
+ Edit_config_options outgoing-interface: uncomment
+ local FN=/opt/var/lib/unbound/unbound.conf
+ local TO=
+ _quote outgoing-interface:
+ echo outgoing-interface:
+ sed s/[]\/()$*.^|[]/\\&/g
+ local MATCH=outgoing-interface:
+ shift
+ local SEDACTION=-i
+ [ 1 -gt 0 ]
+ local ACTION=uncomment
+ shift
+ [ 0 -gt 0 ]
+ [ -z outgoing-interface: ]
+ grep -Enw [[:space:]]*server: /opt/var/lib/unbound/unbound.conf
+ head -n 1
+ cut -d: -f1
+ local POS=21
+ [ -z ]
+ sed -i 21,$ {/#[[:space:]]*outgoing-interface:/ s/#//1} /opt/var/lib/unbound/u nbound.conf
+ ip route
+ awk {print $NF}
+ grep dev tun11
+ local VPN_CLIENT_GW=10.16.10.10
+ [ -n 10.16.10.10 ]
+ sed -i /^outgoing-interface:/ s/[^ ]*[^ ]/10.16.10.10/2 /opt/var/lib/unbound/u nbound.conf
+ echo -e \e[96m\n\tunbound requests via VPN Client 1 tunnel \e[0mENABLED\e[90m
unbound requests via VPN Client 1 tunnel ENABLED
+ SayT unbound requests via VPN Client 1 (10.16.10.10) tunnel ENABLED
+ echo -e 9712 unbound requests via VPN Client 1 (10.16.10.10) tunnel ENABLED
+ basename /jffs/addons/unbound/unbound_manager.sh
+ logger -t (unbound_manager.sh)
+ [ 0 -eq 0 ]
+ Restart_unbound
+ local NOCACHE=
+ [ == nochk ]
+ Valid_unbound_config_Syntax /opt/var/lib/unbound/unbound.conf
+ local VALID=Y
+ local RC=0
+ local CHECKTHIS=/opt/var/lib/unbound/unbound.conf
+ [ -z /opt/var/lib/unbound/unbound.conf ]
+ [ ! -f /opt/var/lib/unbound/unbound.conf ]
+ local STATEMENTS=server:|access-control:|private-address:|domain-insecure:|for ward-addr:|include:|interface:|outgoing-interface|name:|zonefile:|rpz.*:|url:|ta gs:|access-control-tag:
+ sed+ /^[[:space:]]*#/d /opt/var/lib/unbound/unbound.confgrep
.
+ awk {print $1}
+ sort
+ uniq -cd
+ grep -vE server:|access-control:|private-address:|domain-insecure:|forward-add r:|include:|interface:|outgoing-interface|name:|zonefile:|rpz.*:|url:|tags:|acce ss-control-tag:
+ local DUPLICATES=
+ [ -z ]
+ unbound-checkconf /opt/var/lib/unbound/unbound.conf
+ local CHK_Config_Syntax=unbound-checkconf: no errors in /opt/var/lib/unbound/u nbound.conf
+ echo unbound-checkconf: no errors in /opt/var/lib/unbound/unbound.conf
+ grep -o no errors in
+ [ -z no errors in ]
+ [ == returndup ]
+ echo Y
+ return 0
+ [ Y == Y ]
+ [ != nochk ]
+ echo -e \e[92m
+ unbound-checkconf /opt/var/lib/unbound/unbound.conf
unbound-checkconf: no errors in /opt/var/lib/unbound/unbound.conf
+ echo -e
+ pidof unbound
+ [ -n 9358 ]
+ [ != nocache ]
+ Manage_cache_stats save
+ unbound_Control dump
+ pidof unbound
+ [ -z 9358 ]
+ local RESET=_noreset
+ local RETVAL=
+ local ADDFILTER=
+ echo dump
+ wc -w
+ [ 1 -eq 2 ]
+ local FN=/opt/share/unbound/configs/cache.txt
+ unbound-control dump_cache
+ [ dump == save ]
+ Check_config_add_and_postconf
+ local CONFIG_ADD=/opt/share/unbound/configs/unbound.conf.add
+ [ -f /opt/share/unbound/configs/unbound.conf.add ]
+ local POSTCONF_SCRIPT=/opt/share/unbound/configs/unbound.postconf
+ [ -f /opt/share/unbound/configs/unbound.postconf ]
+ /opt/etc/init.d/S61unbound restart
Shutting down unbound... done.
Starting unbound... done.
+ [ -z ]
+ CHECK_GITHUB=1
+ echo -en \e[0m\e[96m\nChecking status, please wait..... \e[0m
Checking status, please wait..... + WAIT=3
+ INTERVAL=1
+ I=0
+ [ 0 -lt 2 ]
+ sleep 1
+ I=1
+ pidof unbound
+ [ -z 9866 ]
+ [ 1 -eq 2 ]
+ [ 1 -lt 2 ]
+ sleep 1
+ I=2
+ pidof unbound
+ [ -z 9866 ]
+ [ 2 -eq 2 ]
+ Manage_cache_stats restore
+ unbound_Control load
+ pidof unbound
+ [ -z 9866 ]
+ local RESET=_noreset
+ local RETVAL=
+ local ADDFILTER=
+ echo load
+ wc -w
+ [ 1 -eq 2 ]
+ local FN=/opt/share/unbound/configs/cache.txt
+ [ -s /opt/share/unbound/configs/cache.txt ]
+ unbound-control load_cache
+ [ load == rest ]
+ rm /opt/share/unbound/configs/cache.txt
+ [ 2 -lt 2 ]
+ pidof unbound
+ [ -n 9866 ]
+ echo -e \e[0m\e[92munbound OK
unbound OK
+ [ == rsnouser ]
+ echo -e \e[0m
+ exit_message
+ local CODE=0
+ [ -n ]
+ rm -rf /tmp/unbound.lock
+ [ -n ]
+ echo -e \e[0m
+ exit 0
admin@RT-AX88U-xxxx:/tmp/home/root# grep VPN /opt/var/lib/unbound/unbound.conf
outgoing-interface: 10.16.10.10 # v1.08 Martineau Use VPN tunnel to hide ...

It seems the previous post troubleshooting steps helped!!! All seems to be running correctly! Thanks @Martineau

 

[ugandy]

vpn starts correctly using my vpn client 2, with command "unbound_manager vpn=2"

but then when i do "?"

i see

[✔] unbound requests via VPN Client 1 (10.119.174.30) tunnel ENABLED


the IP is correctly set to the IP of my client2, but the message says client is "1"

is it because client array starts at position zero? so client 2 is ID=1?

 

[ugandy]

Thanks for the assistance. Runnin the command gives the following



It seems the previous post troubleshooting steps helped!!! All seems to be running correctly! Thanks @Martineau

i see the same behavior jus tnow:

1) have vpnclient up with IP1, and unbound vpn tunnel up too.
2) turn off vpn tunnel in unbound
3) turn off vpn client
4) turn on vn client (get new IP2)
5) enable unbound vpn again
6) line in unbound.conf gets uncommented but IP is not updated

 

[Martineau]

Thanks for the assistance. Runnin the command gives the following



It seems the previous post troubleshooting steps helped!!! All seems to be running correctly! Thanks @Martineau

Well actually.... since nothing has changed, the only thing you have done is seemingly possibly slowed down the execution of the statements?

So the 'sed' statement is used by both the menu and the command line, so it probably isn't because it fails, but why it appears to fail to replace the previos VPN Gateway IP I have no idea.

 

[Martineau]

i see the same behavior jus tnow:

1) have vpnclient up with IP1, and unbound vpn tunnel up too.
2) turn off vpn tunnel in unbound
3) turn off vpn client
4) turn on vn client (get new IP2)
5) enable unbound vpn again
6) line in unbound.conf gets uncommented but IP is not updated

Please try the debugging in post #1529

 

[Martineau]

is /opt/var/lib/unbound/unbound.log the place to see the client queries? i have logging enabled and don't see any new entries there. thanks

Yes, if you have ENABLED logging and you haven't enabled 'scribe', in which case view '/opt/var/log/unbound.log'

 

[ugandy]

the results:

[edit]
so i repeated this disable/re enable, and this time recycled my vpn client, in order to get a new IP,
and the unbound script worked flawlessly:


not sure what happened the previous time where IP was not updated. sorry :-(


cromo@RT-AX88U-8158:/tmp/home/root# grep VPN /opt/var/lib/unbound/unbound.conf
outgoing-interface: 10.120.10.71 # v1.08 Martineau Use VPN tunnel to hide Root server queries from ISP
cromo@RT-AX88U-8158:/tmp/home/root# unbound_manager vpn=disable

unbound requests via VPN Client tunnel DISABLED

unbound-checkconf: no errors in /opt/var/lib/unbound/unbound.conf

Shutting down unbound... done.
Starting unbound... done.

Checking status, please wait..... unbound OK


cromo@RT-AX88U-8158:/tmp/home/root# sh -x /jffs/addons/unbound/unbound_manager.sh vpn=2
+ export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/opt/bin:/opt/sbin:/bin:/usr/bin:/sbin:/usr/sbin:/home/cromo:/mmc/sbin:/mmc/bin:/mmc/usr/sbin:/mmc/usr/bn
+ basename /jffs/addons/unbound/unbound_manager.sh
+ [ -n vpn=2 ]
+ echo vpn=2
+ logger -t (unbound_manager.sh) 19519 Starting Script Execution (vpn=2)
+ VERSION=3.04
+ GIT_REPO=unbound-Asuswrt-Merlin
+ GITHUB_JACKYAZ=https://raw.githubusercontent.com/jackyaz/unbound-Asuswrt-Merlin/master
+ GITHUB_JUCHED=https://raw.githubusercontent.com/juched78/unbound-Asuswrt-Merlin/master
+ GITHUB_JUCHED_DEV=https://raw.githubusercontent.com/juched78/unbound-Asuswrt-Merlin/develop
+ GITHUB_MARTINEAU=https://raw.githubusercontent.com/MartineauUK/unbound-Asuswrt-Merlin/master
+ GITHUB_MARTINEAU_DEV=https://raw.githubusercontent.com/MartineauUK/unbound-Asuswrt-Merlin/dev
+ GITHUB_DIR=https://raw.githubusercontent.com/MartineauUK/unbound-Asuswrt-Merlin/master
+ CONFIG_DIR=/opt/var/lib/unbound/
+ UNBOUNCTRLCMD=unbound-control
+ ENTWARE_UNBOUND=unbound-checkconf unbound-control-setup unbound-control unbound-anchor unbound-daemon
+ SILENT=s
+ ALLOWUPGRADE=Y
+ CHECK_GITHUB=1
+ MAX_OPTIONS=5
+ USER_OPTION_PROMPTS=?
+ CURRENT_AUTO_OPTIONS=
+ DIV_DIR=/opt/share/diversion/list/
+ KEEPACTIVECONFIG=N
+ USE_GITHUB_DEV=N
+ awk BEGIN { FS = "." } {printf("%03d%02d",$1,$2)}
+ nvram get buildno
+ echo 384.16
+ FIRMWARE=38416
+ Get_Router_Model
+ local HARDWARE_MODEL
+ nvram get odmpid
+ [ -z ]
+ nvram get productid
+ HARDWARE_MODEL=RT-AX88U
+ echo RT-AX88U
+ return 0
+ HARDWARE_MODEL=RT-AX88U
+ HTTP_TYPE=http
+ nvram get http_lanport
+ HTTP_PORT=80
+ nvram get http_enable
+ [ 0 == 1 ]
+ ANSIColours
+ cRESET=\e[0m
+ cBLA=\e[30m
+ cRED=\e[31m
+ cGRE=\e[32m
+ cYEL=\e[33m
+ cBLU=\e[34m
+ cMAG=\e[35m
+ cCYA=\e[36m
+ cGRA=\e[37m
+ cBGRA=\e[90m
+ cBRED=\e[91m
+ cBGRE=\e[92m
+ cBYEL=\e[93m
+ cBBLU=\e[94m
+ cBMAG=\e[95m
+ cBCYA=\e[96m
+ cBWHT=\e[97m
+ aBOLD=\e[1m
+ aDIM=\e[2m
+ aUNDER=\e[4m
+ aBLINK=\e[5m
+ aREVERSE=\e[7m
+ cWRED=\e[41m
+ cWGRE=\e[42m
+ cWYEL=\e[43m
+ cWBLU=\e[44m
+ cWMAG=\e[45m
+ cWCYA=\e[46m
+ cWGRA=\e[47m
+ source /usr/sbin/helper.sh
+ _am_settings_path=/jffs/addons/custom_settings.txt
+ [ vpn=2 == -h ]
+ [ vpn=2 == help ]
+ [ ! -L /opt/bin/unbound_manager ]
+ echo vpn=2
+ grep -oiw advanced
+ [ -n ]
+ EASYMENU=Y
+ [ -f /opt/var/lib/unbound/Read.me ]
+ echo vpn=2
+ grep -F config=
+ [ -n ]
+ [ -n ]
+ echo vpn=2
+ sed -n s/^.*vpn=//p
+ awk {print $1}
+ VPN_ID=2
+ nvram get vpn_client2_state
+ [ 2 == 2 ]
+ Use_VPN_Tunnel 2
+ local STATUS=0
+ grep -E ^[#|o].*utgoing-interface: /opt/var/lib/unbound/unbound.conf
+ [ -n # - Add 'outgoing-interface:' template
#outgoing-interface: 10.120.10.71 # v1.08 Martineau Use VPN tunnel to hide Root server queries from ISP ]
+ [ 2 != disable ]
+ local VPN_ID=2
+ Edit_config_options outgoing-interface: uncomment
+ local FN=/opt/var/lib/unbound/unbound.conf
+ local TO=
+ _quote outgoing-interface:
+ echo+ sed s/[]\/()$*.^|[]/\\&/g
outgoing-interface:
+ local MATCH=outgoing-interface:
+ shift
+ local SEDACTION=-i
+ [ 1 -gt 0 ]
+ local ACTION=uncomment
+ shift
+ [ 0 -gt 0 ]
+ [ -z outgoing-interface: ]
+ grep -Enw [[:space:]]*server: /opt/var/lib/unbound/unbound.conf
+ head -n 1
+ cut -d: -f1
+ local POS=21
+ [ -z ]
+ sed -i 21,$ {/#[[:space:]]*outgoing-interface:/ s/#//1} /opt/var/lib/unbound/unbound.conf
+ ip route
+ grep dev tun12
+ awk {print $NF}
+ local VPN_CLIENT_GW=10.119.174.63
+ [ -n 10.119.174.63 ]
+ sed -i /^outgoing-interface:/ s/[^ ]*[^ ]/10.119.174.63/2 /opt/var/lib/unbound/unbound.conf
+ echo -e \e[96m\n\tunbound requests via VPN Client 2 tunnel \e[0mENABLED\e[90m

unbound requests via VPN Client 2 tunnel ENABLED
+ SayT unbound requests via VPN Client 2 (10.119.174.63) tunnel ENABLED
+ echo -e 19519 unbound requests via VPN Client 2 (10.119.174.63) tunnel ENABLED
+ basename /jffs/addons/unbound/unbound_manager.sh
+ logger -t (unbound_manager.sh)
+ [ 0 -eq 0 ]
+ Restart_unbound
+ local NOCACHE=
+ [ == nochk ]
+ Valid_unbound_config_Syntax /opt/var/lib/unbound/unbound.conf
+ local VALID=Y
+ local RC=0
+ local CHECKTHIS=/opt/var/lib/unbound/unbound.conf
+ [ -z /opt/var/lib/unbound/unbound.conf ]
+ [ ! -f /opt/var/lib/unbound/unbound.conf ]
+ local STATEMENTS=server:|access-control:|private-address:|domain-insecure:|forward-addr:|include:|interface:|outgoing-interface|name:|zonefile:|rp:
+ sed /^[[:space:]]*#/d /opt/var/lib/unbound/unbound.conf
+ grep .
+ awk {print $1}
+ uniq -cd
+ sort
+ grep -vE server:|access-control:|private-address:|domain-insecure:|forward-addr:|include:|interface:|outgoing-interface|name:|zonefile:|rpz.*:|url:
+ local DUPLICATES=
+ [ -z ]
+ unbound-checkconf /opt/var/lib/unbound/unbound.conf
+ local CHK_Config_Syntax=unbound-checkconf: no errors in /opt/var/lib/unbound/unbound.conf
+ echo unbound-checkconf: no errors in /opt/var/lib/unbound/unbound.conf
+ grep -o no errors in
+ [ -z no errors in ]
+ [ == returndup ]
+ echo Y
+ return 0
+ [ Y == Y ]
+ [ != nochk ]
+ echo -e \e[92m

+ unbound-checkconf /opt/var/lib/unbound/unbound.conf
unbound-checkconf: no errors in /opt/var/lib/unbound/unbound.conf
+ echo -e

+ pidof unbound
+ [ -n 18655 ]
+ [ != nocache ]
+ Manage_cache_stats save
+ unbound_Control dump
+ pidof unbound
+ [ -z 18655 ]
+ local RESET=_noreset
+ local RETVAL=
+ local ADDFILTER=
+ echo+ wc -w
dump
+ [ 1 -eq 2 ]
+ local FN=/opt/share/unbound/configs/cache.txt
+ unbound-control dump_cache
+ [ dump == save ]
+ Check_config_add_and_postconf
+ local CONFIG_ADD=/opt/share/unbound/configs/unbound.conf.add
+ [ -f /opt/share/unbound/configs/unbound.conf.add ]
+ local POSTCONF_SCRIPT=/opt/share/unbound/configs/unbound.postconf
+ [ -f /opt/share/unbound/configs/unbound.postconf ]
+ /opt/etc/init.d/S61unbound restart
Shutting down unbound... ^[[A done.
Starting unbound... done.
+ [ -z ]
+ CHECK_GITHUB=1
+ echo -en \e[0m\e[96m\nChecking status, please wait..... \e[0m

Checking status, please wait..... + WAIT=3
+ INTERVAL=1
+ I=0
+ [ 0 -lt 2 ]
+ sleep 1
^[[A+ I=1
+ pidof unbound
+ [ -z 19677 ]
+ [ 1 -eq 2 ]
+ [ 1 -lt 2 ]
+ sleep 1
+ I=2
+ pidof unbound
+ [ -z 19677 ]
+ [ 2 -eq 2 ]
+ Manage_cache_stats restore
+ unbound_Control load
+ pidof unbound
+ [ -z 19677 ]
+ local RESET=_noreset
+ local RETVAL=
+ local ADDFILTER=
+ echo load
+ wc -w
+ [ 1 -eq 2 ]
+ local FN=/opt/share/unbound/configs/cache.txt
+ [ -s /opt/share/unbound/configs/cache.txt ]
+ unbound-control load_cache
+ [ load == rest ]
+ rm /opt/share/unbound/configs/cache.txt
+ [ 2 -lt 2 ]
+ pidof unbound
+ [ -n 19677 ]
+ echo -e \e[0m\e[92munbound OK
unbound OK
+ [ == rsnouser ]
+ echo -e \e[0m

+ exit_message
+ local CODE=0
+ [ -n ]
+ rm -rf /tmp/unbound.lock
+ [ -n ]
+ echo -e \e[0m

+ exit 0
cromo@RT-AX88U-8158:/tmp/home/root# grep VPN /opt/var/lib/unbound/unbound.conf
outgoing-interface: 10.119.174.63 # v1.08 Martineau Use VPN tunnel to hide Root server queries from ISP
cromo@RT-AX88U-8158:/tmp/home/root#

 

[Chris0815]

Would you mind assisting further by debugging?.....

First issue a non-destructive command to manually test the 'sed' expression used within the script

sed '/^outgoing-interface:/ s/[^ ]*[^ ]/100.999.999.0/2' /opt/var/lib/unbound/unbound.conf | grep VPN

you can try the above command a couple of times changing '100.999.999.0' to a different string each time.
Hopefully the second word always changes to whatever string you have provided.

Now debug the script from a known VPN DISABLED state

unbound_manager   vpn=disable

Check the current VPN configuration; it should be DISABLED i.e. commented out

grep VPN /opt/var/lib/unbound/unbound.conf

then run 'unbound_manager' in debug trace mode (NOTE: Rather than use the 'vpn 1' menu command, there will be significantly less debug output when using the commandline)

sh -x /jffs/addons/unbound/unbound_manager.sh   vpn=1

grep VPN /opt/var/lib/unbound/unbound.conf

and post the output (preferably in a SPOILER+CODE tag box!)

VPN disabled:

Administrator@RT-AC86U-6A50:/tmp/home/root# sed '/^outgoing-interface:/ s/[^ ]*[^ ]/100.999.999.0/2' /opt/var/lib/unbound/unbound.conf | grep VPN
#outgoing-interface: 10.8.0.8        # v1.08 Martineau Use VPN tunnel to hide Root server queries from ISP

there is even no change when I change '100.999.999.0'

VPN enabled:

Administrator@RT-AC86U-6A50:/tmp/home/root# sed '/^outgoing-interface:/ s/[^ ]*[^ ]/100.999.999.0/2' /opt/var/lib/unbound/unbound.conf | grep VPN
outgoing-interface: 100.999.999.0        # v1.08 Martineau Use VPN tunnel to hide Root server queries from ISP
Administrator@RT-AC86U-6A50:/tmp/home/root# sed '/^outgoing-interface:/ s/[^ ]*[^ ]/100.999.998.0/2' /opt/var/lib/unbound/unbound.conf | grep VPN
outgoing-interface: 100.999.998.0        # v1.08 Martineau Use VPN tunnel to hide Root server queries from ISP

'100.999.999.0' can be adjusted as wanted

for testing:

Administrator@RT-AC86U-6A50:/tmp/home/root# grep VPN /opt/var/lib/unbound/unbound.conf
outgoing-interface: 10.8.3.5        # v1.08 Martineau Use VPN tunnel to hide Root server queries from ISP

seems that it worked now - new IP was integrated in the config
The only difference I did was that I executed the command in home/root - not directly in unbound via "vpn 1". Don't know if this may have an influence...

VPN disabled again:

Administrator@RT-AC86U-6A50:/tmp/home/root# grep VPN /opt/var/lib/unbound/unbound.conf
#outgoing-interface: 10.8.3.5        # v1.08 Martineau Use VPN tunnel to hide Root server queries from ISP

Debugging the start of VPN1 - but at his point it already works again...
I am not able to post more than 10.000 characters... but you don't need it anymore, right?

final check:

Administrator@RT-AC86U-6A50:/tmp/home/root# grep VPN /opt/var/lib/unbound/unbound.conf
outgoing-interface: 10.8.3.5        # v1.08 Martineau Use VPN tunnel to hide Root server queries from ISP

So finally it works now, but I don't know what I did different this time... sorry...

 

[ugandy]

Yes, if you have ENABLED logging and you haven't enabled 'scribe', in which case view '/opt/var/log/unbound.log'

thanks!
is there a size limit to /opt/var/lib/unbound/unbound.log ?