DNSCrypt support

General discussion about Gargoyle, OpenWrt or anything else even remotely related to the project

Moderator: Moderators

Post Reply
Sen
Posts: 3
Joined: Sat Feb 22, 2014 1:10 am

DNSCrypt support

Post by Sen »

Hi! I am a user from China. Maybe you don't know, there is a "wall" in Chinese internet. Sometimes, we get the wrong dns record from our dns server. But when we try google/opendns dns server, may blocked.

I tried DNSCrypt on my own computer, and it works great. So, is there a way to add dnscrypt in? maybe as a plugin?

dnscrypt:
http://dnscrypt.org/
https://github.com/jedisct1/dnscrypt-proxy

Thanks for your great job.

tapper
Moderator
Posts: 1076
Joined: Sun Oct 13, 2013 5:49 pm
Location: Stoke-on-trent UK

Re: DNSCrypt support

Post by tapper »

for R71xx https://www.dropbox.com/s/tj3we2j9u8j30 ... ar71xx.ipk

set up here http://wiki.openwrt.org/inbox/dnscrypt
I don't no if it works i found the links by googleing a bit. pleas let me no if you get it working it wood be something i mite like to play with but CBA at the mo.
Linksys WRT3200ACM
NETGEAR Nighthawk R7800
NETGEAR R6260

Sen
Posts: 3
Joined: Sat Feb 22, 2014 1:10 am

Re: DNSCrypt support

Post by Sen »

tapper wrote:for R71xx https://www.dropbox.com/s/tj3we2j9u8j30 ... ar71xx.ipk

set up here http://wiki.openwrt.org/inbox/dnscrypt
I don't no if it works i found the links by googleing a bit. pleas let me no if you get it working it wood be something i mite like to play with but CBA at the mo.
Thanks!

but i get this error:

Feb 22 16:39:19 Gargoyle daemon.info dnscrypt-proxy[9775]: Refetching server certificates
Feb 22 16:39:34 Gargoyle daemon.err dnscrypt-proxy[9775]: Unable to retrieve server certificates

don't know why it's not working for me.

SirDrexl
Posts: 24
Joined: Wed Sep 28, 2011 8:16 pm

Re: DNSCrypt support

Post by SirDrexl »

Do you have it enabled on both the computer AND the router? That probably wouldn't work.

I have installed it on Gargoyle myself, using the same links Tapper posted. I wasn't sure how to transfer the updated file over (and wget wouldn't work), so it just put it on a USB flash drive. Otherwise everything works fine. I would also like to see this implemented as a Gargoyle package for the GUI.

I'm actually not 100% sure that it works, because the Wiki claims that you're supposed to get the "Oops" page instead of the OpenDNS confirmation page, but every other test I've tried indicates it's working (including everything else from the Wiki). Maybe they have changed it to detect DNSCrypt queries?

Sen
Posts: 3
Joined: Sat Feb 22, 2014 1:10 am

Re: DNSCrypt support

Post by Sen »

SirDrexl wrote:Do you have it enabled on both the computer AND the router? That probably wouldn't work.

I have installed it on Gargoyle myself, using the same links Tapper posted. I wasn't sure how to transfer the updated file over (and wget wouldn't work), so it just put it on a USB flash drive. Otherwise everything works fine. I would also like to see this implemented as a Gargoyle package for the GUI.

I'm actually not 100% sure that it works, because the Wiki claims that you're supposed to get the "Oops" page instead of the OpenDNS confirmation page, but every other test I've tried indicates it's working (including everything else from the Wiki). Maybe they have changed it to detect DNSCrypt queries?
Thanks for reporting.
And yes, maybe, that's really annoying.

tapper
Moderator
Posts: 1076
Joined: Sun Oct 13, 2013 5:49 pm
Location: Stoke-on-trent UK

Re: DNSCrypt support

Post by tapper »

Hi people glad to see some interest in this, however i did not make the file. Just to let you no it's not my work. Erik if you read this we wood like to see this as a plugin it wood be real cool and a grate selling point for the routers in the shop for you to make some money to help with more dev work. It's a grate feature to help Gargoyle stane out from all the crap router and buggy firmware out there.
Linksys WRT3200ACM
NETGEAR Nighthawk R7800
NETGEAR R6260

SirDrexl
Posts: 24
Joined: Wed Sep 28, 2011 8:16 pm

Re: DNSCrypt support

Post by SirDrexl »

BTW, there's something else to be careful about. It seems that changing certain settings in the web interface can interfere with the changes you need to make to those files to get DNSCrypt working properly.

For example, when I enabled my wireless network, the /etc/config/dhcp file was modified and the two lines you have to add (the pool.ntp.org and the 127.0.0.1#2053) got removed. At the same time, it added all those OpenNIC domains (which leads me to believe it's applying all the settings on the page, even if they haven't been changed). I don't think I actually checked that box for OpenNIC myself, but I'm not sure.

In any case, you might want to perform those logread checks every time you make a change in the web GUI to confirm that DNSCrypt is still working. Maybe if "official" support could be added via a plugin, this wouldn't be an issue.

BTW: simply changing the wi-fi password can mess up DNSCrypt, as it passes all those settings on the page to the router. I think from now on I'll edit /etc/config/wireless via SSH to change the password instead of using the web interface, or just change it whenever I re-flash the router, before configuring DNSCrypt.

Post Reply