Page 1 of 1

DNSCrypt support

Posted: Sat Feb 22, 2014 1:17 am
by Sen
Hi! I am a user from China. Maybe you don't know, there is a "wall" in Chinese internet. Sometimes, we get the wrong dns record from our dns server. But when we try google/opendns dns server, may blocked.

I tried DNSCrypt on my own computer, and it works great. So, is there a way to add dnscrypt in? maybe as a plugin?

dnscrypt:
http://dnscrypt.org/
https://github.com/jedisct1/dnscrypt-proxy

Thanks for your great job.

Re: DNSCrypt support

Posted: Sat Feb 22, 2014 2:42 am
by tapper
for R71xx https://www.dropbox.com/s/tj3we2j9u8j30 ... ar71xx.ipk

set up here http://wiki.openwrt.org/inbox/dnscrypt
I don't no if it works i found the links by googleing a bit. pleas let me no if you get it working it wood be something i mite like to play with but CBA at the mo.

Re: DNSCrypt support

Posted: Sat Feb 22, 2014 4:41 am
by Sen
tapper wrote:for R71xx https://www.dropbox.com/s/tj3we2j9u8j30 ... ar71xx.ipk

set up here http://wiki.openwrt.org/inbox/dnscrypt
I don't no if it works i found the links by googleing a bit. pleas let me no if you get it working it wood be something i mite like to play with but CBA at the mo.


Thanks!

but i get this error:

Feb 22 16:39:19 Gargoyle daemon.info dnscrypt-proxy[9775]: Refetching server certificates
Feb 22 16:39:34 Gargoyle daemon.err dnscrypt-proxy[9775]: Unable to retrieve server certificates

don't know why it's not working for me.

Re: DNSCrypt support

Posted: Sun Feb 23, 2014 6:16 pm
by SirDrexl
Do you have it enabled on both the computer AND the router? That probably wouldn't work.

I have installed it on Gargoyle myself, using the same links Tapper posted. I wasn't sure how to transfer the updated file over (and wget wouldn't work), so it just put it on a USB flash drive. Otherwise everything works fine. I would also like to see this implemented as a Gargoyle package for the GUI.

I'm actually not 100% sure that it works, because the Wiki claims that you're supposed to get the "Oops" page instead of the OpenDNS confirmation page, but every other test I've tried indicates it's working (including everything else from the Wiki). Maybe they have changed it to detect DNSCrypt queries?

Re: DNSCrypt support

Posted: Mon Feb 24, 2014 4:54 am
by Sen
SirDrexl wrote:Do you have it enabled on both the computer AND the router? That probably wouldn't work.

I have installed it on Gargoyle myself, using the same links Tapper posted. I wasn't sure how to transfer the updated file over (and wget wouldn't work), so it just put it on a USB flash drive. Otherwise everything works fine. I would also like to see this implemented as a Gargoyle package for the GUI.

I'm actually not 100% sure that it works, because the Wiki claims that you're supposed to get the "Oops" page instead of the OpenDNS confirmation page, but every other test I've tried indicates it's working (including everything else from the Wiki). Maybe they have changed it to detect DNSCrypt queries?


Thanks for reporting.
And yes, maybe, that's really annoying.

Re: DNSCrypt support

Posted: Mon Feb 24, 2014 6:16 am
by tapper
Hi people glad to see some interest in this, however i did not make the file. Just to let you no it's not my work. Erik if you read this we wood like to see this as a plugin it wood be real cool and a grate selling point for the routers in the shop for you to make some money to help with more dev work. It's a grate feature to help Gargoyle stane out from all the crap router and buggy firmware out there.

Re: DNSCrypt support

Posted: Tue Feb 25, 2014 2:27 am
by SirDrexl
BTW, there's something else to be careful about. It seems that changing certain settings in the web interface can interfere with the changes you need to make to those files to get DNSCrypt working properly.

For example, when I enabled my wireless network, the /etc/config/dhcp file was modified and the two lines you have to add (the pool.ntp.org and the 127.0.0.1#2053) got removed. At the same time, it added all those OpenNIC domains (which leads me to believe it's applying all the settings on the page, even if they haven't been changed). I don't think I actually checked that box for OpenNIC myself, but I'm not sure.

In any case, you might want to perform those logread checks every time you make a change in the web GUI to confirm that DNSCrypt is still working. Maybe if "official" support could be added via a plugin, this wouldn't be an issue.

BTW: simply changing the wi-fi password can mess up DNSCrypt, as it passes all those settings on the page to the router. I think from now on I'll edit /etc/config/wireless via SSH to change the password instead of using the web interface, or just change it whenever I re-flash the router, before configuring DNSCrypt.