I'm glad that this is not just my install / config
Privoxy has always been simple enough once you know the settings address:8118
and then make sure any device browser goes to Port 8118 instead of Port 80
I'm going to sit tight until the bumps in the build are fixed.
Does Anyone "in the know" understand how to compile Privoxy package with FEATURE_COMPRESSION so options "Enable Compression" and "Compression Level" are usable? Yes, I would love to do this myself. Maybe David could include Privoxy (with compression / dependencies) in a LEDE build?
latest build git-18.163.61042-b5a43cf-30b5 is working on latest Davidc502 on the wrt32x ,display text is this:
1 Alternative Unknown/Compressed Reboot to Alternative Partiion....
2 Current Unknown/Compressed Reboot to Current Partition
I've read a lot on here and other forums and there seems to be some confusion, it seems early on the WRT32x would not load the image via the GUI, which at first was using the acm version as the hardware is similar.
Can I ask if the latest Davidc502 factory image loads fine through the linksys webGUI or do we have to still do it via the serial TTL ? i.e. can i just load it on a new WRT32x through the GUI ?
EDIT: looks like it was solved, found this thread: linksys-install
Parallel DNSMASQ /etc/config/dhcp
After Some Reflection and Observations - Fine Tuning Your DNS Resolver
After reading System Logs I realized that there is a need to amend DNSMASQ ( DHCP ) after implementing option noresolv ‘1’ in /etc/config/dhcp configuration file. This dawned on me from my years of running DNSCRYPT Proxy on OpenWrt. I referred to this guide:
Go to this section near bottom of page.
Use specific DNS server to lookup one or more host names
option noresolv ‘1’ is to prevent using any upstream DNS server other than those specified in this file # this file being: /etc/config/dhcp
Solution is as follows add these four lines to /etc/config/dhcp:
nano /etc/config/dhcp - enter these lines before / option domain ‘yourdomain’
list server '127.0.0.1#5453' # Stubby/Unbound Default Address/Port list server '/pool.ntp.org/84.200.69.80' # DNS WATCH SECURE option noresolv ‘1’ # Make sure to change this as indicated option allservers '1'
After you complete all the steps in this tutorial and restart your Router Check Status > System Log - You will find an entry like the one below: daemon.info dnsmasq[8532]: using nameserver 127.0.0.1#5453 - which indicates that your OpenWrt Router is using Unbound and Stubby for Encrypted DNS Resolution
I suggest that you read one of the tutorials at the links on the top of my reply.
Wow! Great links. Now you left me with a choice, however. The GETDNS/STUBBY route or the no-GETDNS/STUBBY route. With my luck so far with ubound, I'm almost guarenteed to make thew wrong choice! (Heh, my first time installing unbound, the process crashed)
Dear bhlc,
Thanks for the question. I changed the guide to reflect the answer to your question. You should optimize UNBOUND see here: https://www.unbound.net/documentation/howto_optimise.html
At the bottom of the page - go to this section:
Using Libevent
Libevent is a BSD licensed cross platform wrapper around platform specific event notification system calls.
Unbound can use it to efficiently use more than 1024 file descriptors.
Install libevent (and libevent-devel, if it exists) with your favorite package manager. Before compiling unbound run ./configure --with-libevent. Now you can give any number you like for outgoing-range. Also increase the num-queries-per-thread value.
# with libevent
outgoing-range: 8192
num-queries-per-thread: 4096
Libevent comes pre-installed on Davidc502 LEDE Snapshots ( which I use ). There is a package for libevent in OpenWrt / Lede repos. Actually the current package on Dave's Builds is - libevent2 2.0.22-1. I do not know if libevent2 is downloaded and installed when installing UNBOUND as per tutorial as one of its' dependencies or if Dave installs libevent2 since his builds are moderately Customized LEDE Development Builds. I would install libevent2 before installing UNBOUND and all the other UNBOUND packages listed in the tutorial.
You can install libevent2 by issuing the following commands by way of SSH: opkg update and then opkg install libevent2
Then you can increase outgoing range and number of threads as per instructions listed above.
Dear slim0287,
If you are comfortable with the use of shell commands I would strongly suggest that you go with DNS OVER TLS using GETDNS and STUBBY with Unbound DNS and Dnsmasq for DHCP. Between the two places that I put up this method there are over four thousand folks who have given it a go and had excellent results. The tutorial is well documented and laid out step by step. Lastly, it is more secure and GUARANTEED to work - just take your time and you will definitely be able to get UNBOUND working. Also, IMHO it is the more secure ( most secure ) method as I describe in the tutorial.
Let me know how it works out. I will assist you should you need any help in order to get this up and running.
I'm definitely comfortable with shell commands as many years ago I was a developer on Unix boxes. So I will give it ago over the course of the next few days and thank you for the advice.
Is there any way to test the latest wifi commits with an older build (r7093) ??
I'm having serious problems with my Wifi performance and the WRT3200acm...
Most of the time Wifi performance is very bad (2,4+5Ghz) and speed is dropping to down to 20-40Mbps even when i'm only 1m away from the AP. I'm using Iperf3 for testing...
I'm wondering if my Wifi unit is defective !?
Thanks for the well-written guide. I went ahead and switched to unbound with GETDNS and STUBBY with all 9 of your listed steps, including the bonus set of watchcat at the end. It seems to have gone very smoothly!
I would just like to drop this current fact about DNS-Over-TLS.
It leaks hostnames in plaintext.
So if that is a concern for you, you should look at alternatives.
Dear antonsamoziv
Does running a VPN which is properly configured help with eliminating SNI leakage in plain test? Thanks for this caveat though. Also, can you suggest alternatives which fix the SNI issue?
FYI: From DNSPRIVACY WEBSITE - DNS Privacy - The Problem Created by Sara Dickinson, last modified on May 10, 2018 SNI Unfortunately the Server Name Indicator header in HTTPS messages also reveals the name of the website contacted by the user. As such this provides a similar leakage channel for web traffic as do DNS queries. However there is work underway to try to encrypt that information too.
@davidc502 I've tested r7360 and wasn't able to add any new vlan under the switch config, even with the bootstrap theme it wasn't possible...
So i reverted back to r7210 and it's working fine again.