I never stated I have an ACS/v2, only a AC/v2. It is a late model referb.  What I get with late firmware is complete lockout when country and or gain has been set. I have had country alone work and give different gain selections. But once I mode the gain and set, perminent disconnection.

To lock it, i had to remove stock setting both in interface for lan attached to wifi, and remove attached to lan on wifi settings, as they do not link together in luci. If i change from wifi first, lan still sees wifi as linked and will not remove it when set. It is like permanently locked and won't allow wifi to reconnect  even if you link via wifi.

I thought luci had issues because of the strange setting problems.

Maybe he latest ac/v2 has been updated like the other /v2 models and will not allow any changes to gain table and country codes.

To lock the gain I must juggle around between 2.4 and 5 in wifi settings, disabling and setting changes to country, and changing gain and Re enabling. Removing links in net and Re establishing link to wifi devices. A time consuming random act to get gains to stick around 25 to 30 db. The only problem I have is none of it helps with 2.4 band, even though i can pump 750 ma or more, the congestion is limited to 54 mbps,  when I need 72 mbps.  5Ghz properly gives 150mbps and 300mbps. So that is why I am keeping Linksys firmware. Maybe there is a setting to make 2.4 Ghz link at a 72 mbps connection,  it is just i never have seen it in any of David's builds for my device.

I've been using dnscrypt-proxy v2 24/7 with a manual install. It's SOOO much faster because of go. Also dnscrypt-proxy v1 has security vulnerabilities that are never going to be fixed so...
Here's a breakdown of all the betterness https://github.com/jedisct1/dnscrypt-pr … nces-to-v1

I would really like to build it for openwrt but I'm not familiar with the build system.

i'm going to do more research since i'm very interested in this topic as well.  does it mean eventually the current dnscrypt-proxy package should be dropped in future davec502 builds in favor of dnscrypt-proxy v2?

do i simply uninstall dnscrypt-proxy from the current builds and manually configure dnscrypt-proxy v2?

If there was an opkg I'd axe v1 with a swiftness.

All the config is in a .toml file: https://raw.githubusercontent.com/jedis … proxy.toml

I think it's pretty simple.

Also no more ugly csv for resolvers.
There's the new 'stamps' system and it's in a pretty .md file https://raw.githubusercontent.com/DNSCr … solvers.md
More on the stamps here https://github.com/jedisct1/dnscrypt-proxy/wiki/stamps

If you want to try it, instructions you can sort of use are here https://github.com/pi-hole/pi-hole/wiki/DNSCrypt-2.0
Just make sure whatever you set it to listen at to have dnsmasq forward requests to it(if you're using dnsmasq)

/etc/config/dhcp:

config dnsmasq
    ...
    option noresolv '1'
    list server '127.0.0.1#[some port]'

Also dnscrypt-proxy installs the service at /etc/init.d/dnscrypt-proxy so you should uninstall v1.

I notice on my wrt3200acm the Wireless Overview page lists:

yet on my wrt1900acv1, the Wireless Overview page lists:

It looks like a small patch to iwinfo may be needed to properly detect the chipsets in the wrt3200acm.
This trivial patch (untested) against the latest iwinfo git tree should work:

I find I after flashing, I have to install dnsmasq-full to get my wrt3200acm and my wrt1900acv1 to pass through traffic.  Any reason to not install the full version in the release image?

I also find I have to install kmod-mwifiex-sdio to enable the third radio on my wrt3200acm.  Might be a good idea to bundle that one as well.

I'm new to router based VPN services so please be kind. 

Is there a FAQ to setup ExpressVPN on my DavidC powered router?  I'm running r6565 on a WRT1900ACv1.  Looking for a general setup guide AND some details to setup split tunnel (aka dual gateway) capabilities to enhance the standard setup.

//Brew

There's this for the split tunnel: https://github.com/stangri/openwrt_pack … /README.md

Not my cup of tea but it's pretty easy.

This should get you going for the openvpn setup: https://github.com/StreisandEffect/stre … VPN-Client

Skip to step 4.
Replace all occurences of streisand with 'express'(your vpn name) in the commands btw.

And download your ovpn config to /etc/openvpn/[ ].conf
Put your credentials(username password) in file at /etc/openvpn/
Find a line in that file like 'auth-user-pass' at the [ ].conf and put the path to the file after it

auth-user-pass [path to credentials]

Cheers

There are issues caused between the open source drivers for the different radios and DFS operation on non-US WRT3200ACM routers.  In general having the 3rd radio enabled seems to cause more problems than it solves when running OpenWRT.  I think it would be best to keep it as a module rather than install by default until those issues are resolved.

https://github.com/kaloz/mwlwifi/issues/280

For DNSCrypt-Proxy --

Reading this from the build source packages.

## Status of the project

This project was taken offline by its creator and maintainer Frank Denis on the 6th December 2018, after announcing in November 2017 that [the project needs a new maintainer](https://twitter.com/jedisct1/status/928942292202860544).

The old webpage [dnscrypt.org]() now points to a new domain, endorsing the usage of competing protocol "DNS-over-TLS" and competing software in particular the "getdns" library and an immature implementation that could substitute dnscrypt-proxy, called "stubby".

The new website also links a [critical analysis of DNSCrypt vs DNS-over-TLS protocols](https://tenta.com/blog/post/2017/12/dns … s-dnscrypt) by a company marketing their own open-source Android web browser and offering a new DNS resolver implemented in Go.

While this sounds all very new and exciting to us, at Dyne.org we already rely on DNSCrypt-proxy for our project [Dowse.eu]() and are intentioned to maintain this software unless a viable and mature alternative arises, supporting our application of it in Dowse.

We intend to maintain the DNSCrypt-proxy codebase without the intention of adding any new features, just patch bugs. We are also available to archive older versions and setup the website and the wiki, if we are given these archives. Frank Denis: if you are reading this please contact us on info@dyne.org. It won't take long and we are happy to keep your project alive, many thanks for all the fish so far!

Anyone running a DNSCrypt server, interested in the future of this software, willing to share more insights or wanting to help with development and documentation: be welcome to [join our dnscrypt mailinglist](https://mailinglists.dyne.org/cgi-bin/m … o/dnscrypt) where we are setting up a campfire for all of us to make a sustainable plan and take collectively informed decisions.

(Last edited by davidc502 on 2 Apr 2018, 23:21)

The programmer who put in the override said you had to do it before anything connected, nothing about it being before the network was enabled.

But even so, I can not get any custom script to run anymore other than rc.local (even though it is the same exact build as it was when I got the script to work before), always saying it has a priority of 0 in Luci and never enabling.

i immediately got lost on Step 1: Install DNSCrypt-Proxy.

• cd /opt: Move to /opt directory. This is where we will place the dnscrypt-proxy files.

where is the opt folder found in openwrt or lede builds?

Thanks for the info Starcms!

I had all of the options possible selected for wget for Busybox... or at least all the options I could see possible.  I've de-selected the busybox version and re-added the wget module to the build. I completely understand the issue there.

Hey, no problem with the amsdu.  Actually, in the code, the way I deal with it is kind of just down and dirty. There's a "if else" statement, and I just set both to false this way it doesn't matter which way it goes, it will always be false. 

As a dnscrypt user I appreciate the heads up with the package repo. I'll go check it out.

The 1900ACv2 allows changes to power levels and country code.  However, if you sent in your ACv2 under warranty for replacement, I wouldn't be at all surprised to see they sent you a refurb ACSv2.  But there is no difference in late-model refurb 1900ACv2's.  An ACv2 is an ACv2.  Full stop.

Also, there is no setting needed to get 2.4GHz to connect at 72mbps.  There is only a setting needed if you want 2.4GHz to connect at 40MHz (which is what would be needed for 150mbps or 300mbps on 2.4GHz) which isn't recommended due to all the interference on the 2.4GHz band.

(Last edited by starcms on 3 Apr 2018, 02:21)

Don't know why you would need dnsmasq-full for your internet to work.  It isn't bundled because it causes alot of problems for alot of people (@david had tried including it at one time).

Also, kmod-mwifiex-sdio is purposely not included so that DFS works properly on the WRT3200ACM.  The third radio isn't meant to be used by the user; it is meant for background DFS detection (that is why the mwifiex firmware package, mwifiex-sdio-firmware, is included but kmod-mwifiex-sdio isn't).  kmod-mwifiex-sdio also causes serious issues with the region code for those not using US routers.

(Last edited by starcms on 3 Apr 2018, 02:37)

Drop the two commands in an init.d script that runs before any networking or wifi init.d scripts

It isn't compatible with openwrt/lede yet...

It is compatible just not integrated...
There isn't an /opt dir so just mkdir /opt.
Here's a crap script that'll do it for you.

cd /tmp

curl -s https://api.github.com/repos/jedisct1/dnscrypt-proxy/releases/latest \
  | grep 'dnscrypt-proxy-linux_arm-' \
  | cut -d '"' -f 4 \
  | xargs -n 1  wget

mkdir dnscrypt-proxy

tar -zxf *.tar.gz -C dnscrypt-proxy

cd dnscrypt-proxy

cd  linux-arm
mv * ..
cd ..
rmdir linux-arm
cd /tmp

rm -r *.tar.gz

mkdir /opt
mv dnscrypt-proxy /opt

Ah, I gotya.  I'll have to try it out tomorrow when I have a chance.  Good to hear that the arm build is compatible with openwrt/lede.  Just one question, why do you use Pi-Hole instead of the included Adblock?  Or did you just link those instructions since they are a little more straight-forward than the ones provided in the dnscrypt wiki?

(Last edited by starcms on 3 Apr 2018, 03:35)

Those instructions seem to be straight forward and in the same sphere of work. The ones in the wiki are kinda flippant.
I don't use pi-hole but it looks a lot more powerful than the included adblock(someone correct me if I'm wrong).
An aside dnscrypt-proxy v2 also does blacklisting https://github.com/jedisct1/dnscrypt-pr … lacklists.

(Last edited by antonsamoziv on 3 Apr 2018, 03:55)

Fixed my init script, but I am still not sure if it needs to be done so early.

Anyway, I am not sure if my problems are even coming from the router, I just remembered my wireless mouse has acted up when near a 2.4Ghz network so it might be possible that it is returning the favour.

(Last edited by NamesAreAPain on 3 Apr 2018, 04:35)

Good news, chromecast working great on latest build!

So i'm coming from dd-wrt and was using a great script to re-direct all dns traffic to my privoxy server using this script below;

#!/bin/sh
PROXY_IP=180.168.123.15
PROXY_PORT=8118
LAN_IP=`nvram get lan_ipaddr`
LAN_NET=$LAN_IP/`nvram get lan_netmask`

iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d $LAN_NET -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_IP -p tcp --dport 80 -j DNAT --to $PROXY_IP:$PROXY_PORT
iptables -t nat -I POSTROUTING -o br0 -s $LAN_NET -d $PROXY_IP -p tcp -j SNAT --to $LAN_IP
iptables -I FORWARD -i br0 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp --dport $PROXY_PORT -j ACCEPT
#
###EXCEPTIONS###
iptables -t nat -I PREROUTING -i br0 -s 180.168.123.6 -j ACCEPT
iptables -t nat -I PREROUTING -i br0 -s 180.168.123.13 -j ACCEPT

Anyone have any idea how to re-tool for openwrt?

cool, i uninstalled v1 then installed v2 but i've encountered an error when i tried to start the service using command:

./dnscrypt-proxy -service start

[FATAL] Failed to start DNSCrypt client proxy: "service" failed: exec: "service": executable file not found in $PATH

Maybe paste it directly into the 'custom rules' section of the firewall setup - I have a similar rules but to force all DNS traffic to a specific DNS provider for region geo-unlocking..