root 7273 6662 0 18:51 pts/0 00:00:00 grep dnscrypt-proxy
Run these commands in this order.
/etc/init.d/dnscrypt-proxy enable
/etc/init.d/dnscrypt-proxy start
/etc/init.d/dnscrypt-proxy reload
then give the output of ps -ef |grep dnscrypt-proxy
Thank you
last build I didn't keep any setting since i was having weird issues
and dnscrypt2 wasn't working right after that
i think i'm all set
thanks again
hmmm different
root 7348 6662 0 18:54 pts/0 00:00:00 grep dnscrypt-proxy
Yeah, so it isn't starting.
What is the location of your .toml file?
It should be here -> /etc/dnscrypt-proxy2/dnscrypt-proxy.toml
looks present and correct
root@OpenWrt:/etc/dnscrypt-proxy2# ls
blacklist.txt relays.md
dnscrypt-proxy.toml relays.md.minisig
public-resolvers.md whitelist.txt
public-resolvers.md.minisi
EDIT >> just going out for our nightly lockdown exercise..be back in a couple of hours
When you get back, try to reload dnscrypt-proxy and then run the following command.
logread |grep dnscrypt | tail -n 10
interesting..i get..
root@OpenWrt:~# /etc/init.d/dnscrypt-proxy reload
root@OpenWrt:~# logread |grep dnscrypt | tail -n 10
Tue Apr 21 18:42:52 2020 daemon.err dnscrypt-proxy[7239]: [2020-04-21 18:42:52] [FATAL] Near line 36 (last key parsed 'listen_addressess'): expected key separator '=', but got '[' instead
Tue Apr 21 18:42:57 2020 daemon.err dnscrypt-proxy[7245]: [2020-04-21 18:42:57] [FATAL] Near line 36 (last key parsed 'listen_addressess'): expected key separator '=', but got '[' instead
Tue Apr 21 18:43:02 2020 daemon.err dnscrypt-proxy[7251]: [2020-04-21 18:43:02] [FATAL] Near line 36 (last key parsed 'listen_addressess'): expected key separator '=', but got '[' instead
Tue Apr 21 18:43:02 2020 daemon.info procd: Instance dnscrypt-proxy::instance1 s in a crash loop 6 crashes, 0 seconds since last crash
Tue Apr 21 18:54:00 2020 daemon.err dnscrypt-proxy[7294]: [2020-04-21 18:54:00] [FATAL] Near line 36 (last key parsed 'listen_addressess'): expected key separator '=', but got '[' instead
Tue Apr 21 18:54:00 2020 daemon.info procd: Instance dnscrypt-proxy::instance1 s in a crash loop 7 crashes, 0 seconds since last crash
Tue Apr 21 18:54:09 2020 daemon.err dnscrypt-proxy[7328]: [2020-04-21 18:54:09] [FATAL] Near line 36 (last key parsed 'listen_addressess'): expected key separator '=', but got '[' instead
Tue Apr 21 18:54:09 2020 daemon.info procd: Instance dnscrypt-proxy::instance1 s in a crash loop 8 crashes, 0 seconds since last crash
Tue Apr 21 23:01:40 2020 daemon.err dnscrypt-proxy[8212]: [2020-04-21 23:01:40] [FATAL] Near line 36 (last key parsed 'listen_addressess'): expected key separator '=', but got '[' instead
Tue Apr 21 23:01:40 2020 daemon.info procd: Instance dnscrypt-proxy::instance1 s in a crash loop 9 crashes, 0 seconds since last crash
this seems to be pointing to a syntax issue with listen_addresses in the .toml file. the relevant entry is
## listen_addresses = ['127.0.0.1:53', '[::1]:53']
listen_addressess ['127.0.0.1:5300']
Here, the word addresses is mispelt. but correcting it, reloading the proxy and rerunning the grep generates the same error at line 36.
changing listen_addresses to add the missing = character still generates the error. Line 36 of the .toml file is of course
listen_addresess = ['127.0.0.1:5300']
Hi, as per your logs you missed "=" sign in your config
should be
## listen_addresses = ['127.0.0.1:53', '[::1]:53']
listen_addressess = ['127.0.0.1:5300']
was just editing my reply when I saw yours - yes I spotted that, yet the error persists..see my post directly above
should the listen_addresses value actually be
`listen_addressess = '127.0.0.1:5300'
and f so, should server_names also be rendered
server_names = 'cloudflare'
that is without brackets?
now you are missing "s" in listen_addressess ? is it a typo? you copied that or typed?
it reads
listen_addresess = ['127.0.0.1:5300']
sorry i copied your message with error.
here what it should be:
listen_addresses = ['127.0.0.1:5300']
note the sses
instead of sess
in your config.
Regarding server_names
, you can leave it commented, it will automatically find DNS server for you with low latency.
Now that the typo is corrected, is it listening and proxying properly?
Uff....
- "cat /dev/mtdblock3 | grep cert_region" output?
- "iw reg get" output?
- /etc/config/wireless dump?
- Seems like you DON'T reset configuration. Please issue command:
wifi off; rm -f /etc/config/wireless; wifi config; wifi on
then connected by cable.
It can be zone mismatch (channel you try to set is disabled by regs) or wrond setting in configuration.
If it start working after p.4 - DO NOT apply you settings from UCI, just use LUCI to configure interface.
Like I said, cert_region=EU
global
country 98: DFS-ETSI
(2402 - 2482 @ 40), (N/A, 20), (N/A)
(5170 - 5250 @ 80), (N/A, 20), (N/A), NO-OUTDOOR, AUTO-BW
(5250 - 5330 @ 80), (N/A, 20), (0 ms), NO-OUTDOOR, DFS, AUTO-BW
(5490 - 5710 @ 160), (N/A, 27), (0 ms), DFS
(5725 - 5875 @ 80), (N/A, 13), (N/A)
(57000 - 66000 @ 2160), (N/A, 40), (N/A)
phy#1
country FR: DFS-ETSI
(2402 - 2482 @ 40), (N/A, 20), (N/A)
(5150 - 5250 @ 80), (N/A, 23), (N/A), NO-OUTDOOR, AUTO-BW
(5250 - 5350 @ 80), (N/A, 20), (0 ms), NO-OUTDOOR, DFS, AUTO-BW
(5470 - 5725 @ 160), (N/A, 27), (0 ms), DFS
(5725 - 5875 @ 80), (N/A, 13), (N/A)
(57000 - 66000 @ 2160), (N/A, 40), (N/A)
phy#0
country FR: DFS-ETSI
(2402 - 2482 @ 40), (N/A, 20), (N/A)
(5150 - 5250 @ 80), (N/A, 23), (N/A), NO-OUTDOOR, AUTO-BW
(5250 - 5350 @ 80), (N/A, 20), (0 ms), NO-OUTDOOR, DFS, AUTO-BW
(5470 - 5725 @ 160), (N/A, 27), (0 ms), DFS
(5725 - 5875 @ 80), (N/A, 13), (N/A)
(57000 - 66000 @ 2160), (N/A, 40), (N/A)
This one should be NL though. I set it that way in OpenWRT.
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11a'
option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
option htmode 'VHT80'
option country 'NL'
option distance '15'
option channel '40'
option txpower '23'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option macaddr 'AA:BB:CC:DD:EE:FF'
option ssid 'SSID5'
option encryption 'psk2+ccmp'
option key 'SUPERSECRET'
option wpa_disable_eapol_key_retries '1'
option macfilter 'allow'
list maclist 'BB:CC:DD:EE:FF:AA'
list maclist 'CC:DD:EE:FF:AA:BB'
option network 'lan'
config wifi-device 'radio1'
option type 'mac80211'
option hwmode '11g'
option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
option country 'NL'
option distance '15'
option htmode 'HT40'
option channel '3'
config wifi-iface 'default_radio1'
option device 'radio1'
option mode 'ap'
option macaddr 'DD:EE:FF:AA:BB:CC'
option encryption 'psk2+ccmp'
option key 'SUPERSECRET'
option wpa_disable_eapol_key_retries '1'
option ssid 'SSID2'
option macfilter 'allow'
list maclist 'BB:CC:DD:EE:FF:AA'
list maclist 'CC:DD:EE:FF:AA:BB'
option network 'lan'
config wifi-iface 'guest_radio1'
option device 'radio1'
option mode 'ap'
option key 'SUPERSECRET'
option wpa_disable_eapol_key_retries '1'
option ssid 'SSIDG'
option encryption 'psk2+ccmp'
option network 'lan'
option macfilter 'allow'
list maclist 'EE:FF:AA:BB:CC:DD'
And no, I did not reset my wireless config. it was a shiny, new install and I documented the changes I made. Since the 2.4Ghz was working fine, I was using it. I did use the wifi
command quite a few times. Didn't work.
I changed the channel to 40 as you can see and it appears to be working now. Unfortunately everybody and their dogs are using that range. Still had to reboot to make it turn back on though, once broken it was broken well...
I got most of the kinks out, except for only getting 1/10th of the speed I should over VPN, my log being flooded with openvpn(vpn)[1234]: AEAD Decrypt error: bad packet ID (may be a replay):
messages for every packet. I really should have stayed with my DavidC build, even though it was so old it wouldn't even do an opkg update
anymore. At least everything worked.
For the record, my previously working-like-a-charm DavidC build had:
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11a'
option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
option htmode 'VHT80'
option country 'NL'
option legacy_rates '1'
option channel '128'
option distance '15'
option log_level '3'
you can include support for MPTCP without moving to openmptcprouter builds.
In the default firewall of the davidc502 build its normal the icmpv6 no respond ping
Thanks for reply.
I installed it on my Raspberry 4 and it seems to work just fine (even with my sh*tty data sim card plan).
Since I'm a total newbie can you add more details? Do I have to compile a new kernel from source?
If so do you have any tutorial?
Openmptcprouter has also an extended web interfeca for the mptcp management. Cam I maybe "port" it from oMPTCP to davidc fw (who knows, maybe it's just a package I can copy and install. Not sure)?
Thanks.
Pino.
Hi David,
I love your builds, except for the self-signed SSL...
The process involved in setting up a machine to trust these certs really undermines the usability and user-experience of OpenWRT (especially via LuCI).
In my case I have to remove SSL because some of the people who need to be able to administer this router simply cannot handle this challenge.
Yes, they are savvy enough to add a port exception for a game, but not to handle the cert thing.
So my question: What is the cleanest way to strip out SSL/HTTPS and revert to HTTP?
I know 'luci-ssl' needs to be removed, but are there other packages or config changes I need to worry about?
In every other regard your build is superior to boilerplate OpenWrt and I'd love to stick with it, if you can help me strip out / disable the necessary packages.