I've been trying to install DNSCrypt on an Octeon build. When trying to install libsodium for it I get the missing libssp dependency. Searching the forums I've read it's part of openssh but even after installing that I'm still missing it. What is libssp a part of?

Just recently using OpenWRT on my TP-LINK TL-WR941NDv3 and decided to build OpenWRT on my own with pre-installed packages that I need to save free space.

Why can't I include your custom dnscrypt-proxy to my builder? If I exclude dnscrypt-proxy, the bin file for my router along with other version is available but wherever I include dnscrypt-proxy, the bin file after build aren't there, even for other router version.

Already tried to remove ipkg/opkg and ipv6 support to save more free space but still no luck, even with only including dnscrypt-proxy and libsodium.

EDIT: Nevermind, I kinda tricked the compiler and now it's working.

(Last edited by Seflyx on 11 May 2016, 16:21)

What needs to be done to get this package (and any dependencies) into Image Builder?

Include the following in the repositories.conf:
src/gz exopenwrt http://exopenwrt.roland.black/snapshots … /exopenwrt

Hello all!

I'm using OpenWRT OpenWrt Chaos Calmer 15.05.1 and DNSCrypt  Roland Black version with TPLINK WDR4300.

It's running fine for all my network, using 'cisco' proxy.

My doubt is, it's possible to configurate another dnscrypt proxy for specific VLAN or WIFI network?

Ex:
'cisco' for lan
'cisco-familyshield' for wifi or vlan-xx

My dnscrypt-proxy:

config dnscrypt-proxy ns1
        option address         '127.0.0.1'
        option port            '5353'
        option resolver       'cisco'
        option resolvers_list '/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv'
        # Ephemeral keys option requires extra CPU cycles and can cause huge sy$
        # Disable it in case of performance problems.
        option ephemeral_keys '1'

config dnscrypt-proxy ns2
        option address         '127.0.0.1'
        option port            '5454'
        option resolver       'cs-ussouth'
        option resolvers_list '/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv'
        option ephemeral_keys '1'

My dhcp:

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        list server '127.0.0.1#5353'
        list server '127.0.0.1#5454'
        list server '/pool.ntp.org/208.67.222.222'
        option localservice '1'
        option dnssec '1'
        option resolvfile '/etc/resolv-crypt.conf       list server 127.0.0.1'

config dhcp 'lan'
        option interface 'lan'
        option dhcpv6 'server'
        option ra 'server'
        option ra_management '1'
        option ignore '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'

config dhcp 'wifi'
        option interface 'wifi'
        option start '50'
        option limit '60'
        option leasetime '24h'

Thanks you very much!!

Kind Regards!

You can use dhcp_option to achieve that. Example for network: https://wiki.openwrt.org/ru/doc/howto/d … nformation Example for specific client: https://wiki.openwrt.org/doc/uci/dhcp#c … al_options

But you need another DNS caching server (not dnsmasq).

So I would have to uninstall the "dnsmasq" and install another proxy? Or keep both? Could you suggest what package to install tinydns / maradns?

Before post here I try  with dhcp_option. Doing the following change to /etc/config/dhcp

and remove the line "list server '127.0.0.1#5656" from "config dnsmaq"

not work.

Thank you very much Black Roland!

Best Regards!

Provide luci download http://exopenwrt.roland.black/ ?

(Last edited by q158073378252010 on 4 Aug 2016, 17:09)

@Black Roland -- please consider making the package for LEDE. Here's an output of the Image Builder when trying to include your packages in LEDE, the opkg install yields similar results.

Package dnscrypt-proxy-resolvers version 1.7.0-1.E-2016-08-01-22ff30b has no valid architecture, ignoring.
Package dnscrypt-proxy version 1.7.0-1.E has no valid architecture, ignoring.
Package hostip version 1.7.0-1.E has no valid architecture, ignoring.
Package iodine version 0.7.0-1.E has no valid architecture, ignoring.
Package iodined version 0.7.0-1.E has no valid architecture, ignoring.
Package libsodium version 1.0.11-1.E has no valid architecture, ignoring.

I heard about LEDE first time. I think can pull request to LEDE mainstream.

I'd be very grateful if you do, as I need to run DNSCrypt with two different resolvers.

lede would probably replace the default dnscrypt lib with @Black Roland's version if a pull request was submitted

(Last edited by moxu on 9 Aug 2016, 20:46)

Package are Good...

Hey Black Roland,

Could you please again consider making a LEDE-compatible package?

Thanks!

Hi.

Sorry for having kept silent for so long. LEDE uses openwrt/packages repository. I contacted with LEDE developers using IRC and they recommended make pull request to OpenWrt repository. I just made PR on Github. As soon as the PR is accepted dnscrypt-proxy should appear in LEDE.

Thanks man, looking forward to PR being accepted!

Hey man, please check the PR again. Ted wants postinst and prerm functions removed. Ideally there should be a separate makefile for the resolvers list so that it's easier for Damiano to rebuild the resolvers list ipk when they're updated.

Spasibo!

Yes, I saw, thank you PR merged today.

Please let me know when dnscrypt-proxy will appear in LEDE. I do not have a router with Lede, to check

Thank you so much! I'm back to enjoying multiple resolvers support with your build of dnscrypt!

Your build has appeared in revision 1497 I think, the current revision is 1504 and it also has your build of dnscrypt.

(Last edited by stangri on 5 Sep 2016, 01:44)

Good to hear!

I think I can now close exOpenWrt.

It's still very useful to whoever is staying with CC/DD.

hey guys
there's one server with wrong info, how can this be corrected?
in openwrt the resolvers file has a wrong port for this server:
ns1.ru.dns.d0wn.biz
the file specifies port 80, when the correct config should use port 54

You can check this by going here:
https://dns.d0wn.biz/
Then clicking on the server named above

Can someone update the resolvers package pls?

You can edit the file /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv on your router.

https://dns.d0wn.biz/ states that the following ports are supported for ns1.ru.dns.d0wn.biz: 54 80 443 1053 5353 27015

If you can log the error, you can submit pull request with the fix for https://github.com/jedisct1/dnscrypt-pr … olvers.csv

Instead of using the resolvers list (which I dislike to edit), I used following command on my old Asus Router:

/jffs/bin/dnscrypt-proxy --local-address=127.0.0.1:65055 --resolver-address=185.90.62.45:443 --provider-name=2.dnscrypt-cert.fvz-rec-de-muc-01.dnsrec.meo.ws --provider-key=C392:2B83:8EB3:884B:B99B:70BD:B90A:C204:37A4:797A:35F4:3600:7641:94E3:F995:444A --daemonize

Is it possible to do the same thing on OpenWRT?

I tried to edit the file /etc/config/dnscrypt-proxy, but it doesn't work:

config dnscrypt-proxy ns1
    option address '127.0.0.1'
    option port '5353'
    option resolver-address '185.90.62.45:443'
    option provider-name '2.dnscrypt-cert.fvz-rec-de-muc-01.dnsrec.meo.ws'
    option provider-key 'C392:2B83:8EB3:884B:B99B:70BD:B90A:C204:37A4:797A:35F4:3600:7641:94E3:F995:444A'

Maybe edit /etc/initi.d/dnscrypt-proxy so that instead of retrieving configs from /etc/config/dnscrypt-proxy and using them it just launches daemon with the parameters you want directly?