i have a fresh installed 20.1 nano image with dnscrypt-proxy-1.6(2.0.36) configured with unbound
Unbound Custom Options:
do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 127.0.0.1@5353from dmesg:
QuoteGenerating RRD graphs...done.
Configuring system logging...done.
>>> Invoking start script 'newwanip'
>>> Invoking start script 'freebsd'
Starting dnscrypt_proxy.
.....
before restarting dnscrypt-proxy from webUI
ls -l /var/log
total 9512
lrwxr-xr-x 1 root wheel 26 Feb 12 11:56 bsdinstaller -> /root/var/log/bsdinstaller
-rw------- 1 root wheel 511488 Feb 12 12:05 configd.log
-rw------- 1 root wheel 511488 Feb 12 11:56 dhcpd.log
-rw------- 1 root wheel 511488 Feb 12 11:56 dnsmasq.log
-rw------- 1 root wheel 511488 Feb 12 12:05 filter.log
-rw------- 1 root wheel 511488 Feb 12 11:56 gateways.log
-rw------- 1 root wheel 511488 Feb 12 11:56 ipsec.log
-rw------- 1 root wheel 511488 Feb 12 11:57 lighttpd.log
drwxr-xr-x 2 root wheel 0 Feb 12 11:57 ntp
-rw------- 1 root wheel 511488 Feb 12 12:05 ntpd.log
-rw------- 1 root wheel 511488 Feb 12 11:56 openvpn.log
-rw------- 1 root wheel 511488 Feb 12 11:56 pkg.log
-rw------- 1 root wheel 511488 Feb 12 11:56 portalauth.log
-rw------- 1 root wheel 511488 Feb 12 11:56 ppps.log
-rw------- 1 root wheel 511488 Feb 12 12:05 resolver.log
-rw------- 1 root wheel 511488 Feb 12 11:56 routing.log
-rw------- 1 root wheel 511488 Feb 12 11:56 squid.log
-rw------- 1 root wheel 511488 Feb 12 11:56 suricata.log
-rw------- 1 root wheel 511488 Feb 12 12:05 system.log
-rw------- 1 root wheel 856 Feb 12 11:56 userlog
-rw-r--r-- 1 root wheel 197 Feb 12 12:05 utx.lastlogin
-rw-r--r-- 1 root wheel 85 Feb 12 12:05 utx.log
-rw------- 1 root wheel 511488 Feb 12 11:56 vpn.log
-rw------- 1 root wheel 511488 Feb 12 11:56 wireless.log
after dnscrypt-proxy has restart:
ls -l /var/log
total 9512
lrwxr-xr-x 1 root wheel 26 Feb 12 11:56 bsdinstaller -> /root/var/log/bsdinstaller
-rw------- 1 root wheel 511488 Feb 12 12:06 configd.log
-rw------- 1 root wheel 511488 Feb 12 11:56 dhcpd.log
drwxr-x--- 2 _dnscrypt-proxy _dnscrypt-proxy 128 Feb 12 12:06 dnscrypt-proxy
-rw------- 1 root wheel 511488 Feb 12 11:56 dnsmasq.log
-rw------- 1 root wheel 511488 Feb 12 12:06 filter.log
-rw------- 1 root wheel 511488 Feb 12 11:56 gateways.log
-rw------- 1 root wheel 511488 Feb 12 11:56 ipsec.log
-rw------- 1 root wheel 511488 Feb 12 12:06 lighttpd.log
drwxr-xr-x 2 root wheel 0 Feb 12 11:57 ntp
-rw------- 1 root wheel 511488 Feb 12 12:05 ntpd.log
-rw------- 1 root wheel 511488 Feb 12 11:56 openvpn.log
-rw------- 1 root wheel 511488 Feb 12 11:56 pkg.log
-rw------- 1 root wheel 511488 Feb 12 11:56 portalauth.log
-rw------- 1 root wheel 511488 Feb 12 11:56 ppps.log
-rw------- 1 root wheel 511488 Feb 12 12:05 resolver.log
-rw------- 1 root wheel 511488 Feb 12 11:56 routing.log
-rw------- 1 root wheel 511488 Feb 12 11:56 squid.log
-rw------- 1 root wheel 511488 Feb 12 11:56 suricata.log
-rw------- 1 root wheel 511488 Feb 12 12:06 system.log
-rw------- 1 root wheel 856 Feb 12 11:56 userlog
-rw-r--r-- 1 root wheel 197 Feb 12 12:05 utx.lastlogin
-rw-r--r-- 1 root wheel 85 Feb 12 12:05 utx.log
-rw------- 1 root wheel 511488 Feb 12 11:56 vpn.log
-rw------- 1 root wheel 511488 Feb 12 11:56 wireless.logcat /var/log/userlog
2020-02-12 11:56:13 [unknown:groupadd] _dnscrypt-proxy(978)
2020-02-12 11:56:14 [unknown:useradd] _dnscrypt-proxy(978):_dnscrypt-proxy(978):dnscrypt-proxy user:/var/empty:/usr/sbin/nologin
2020-02-12 11:56:14 [unknown:groupadd] _flowd(542)
2020-02-12 11:56:14 [unknown:useradd] _flowd(542):_flowd(542):flowd privilege separation user:/var/empty:/usr/sbin/nologin
2020-02-12 11:56:15 [unknown:groupadd] dhcpd(136)
2020-02-12 11:56:15 [unknown:useradd] dhcpd(136):dhcpd(136):ISC DHCP daemon:/nonexistent:/usr/sbin/nologin
2020-02-12 11:56:16 [unknown:groupadd] squid(100)
2020-02-12 11:56:17 [unknown:useradd] squid(100):squid(100):squid caching-proxy pseudo user:/var/squid:/usr/sbin/nologin
2020-02-12 11:56:37 [unknown:usermod] root(0):wheel(0):System Administrator:/root:/usr/local/sbin/opnsense-shell
2020-02-12 11:56:37 [unknown:groupadd] admins(1999)uname -a
FreeBSD foobar.localdomain 11.2-RELEASE-p16-HBSD FreeBSD 11.2-RELEASE-p16-HBSD fc65add89c3(stable/20.1) amd64
Is there any command line command for dnscrypt-proxy restart, so that i can restart dnscrypt-proxy directly from command prompt (ssh) ?
it seems that dnscrypt-proxy not creating the "dnscrypt-proxy" directory under /var/log .. and so dnscrypt-proxy starts without writing log files.
here is a quick fix for re-enable logging,
In the file "/usr/local/etc/rc.d/dnscrypt-proxy" add
# Logging fix
if [ ! $dnscrypt_proxy_uid == "root" ] && [ ! -d /var/log/${dnscrypt_proxy_uid#?} ]; then
mkdir -p /var/log/${dnscrypt_proxy_uid#?}
chown ${dnscrypt_proxy_uid}:${dnscrypt_proxy_uid} /var/log/${dnscrypt_proxy_uid#?}
fi
directly under "local reservedlow reservedhigh rules_current rules_dnscrypt rport ruid" .. the second line where the function dnscrypt_proxy_precmd() starts...
if done shoudl look like
command="/usr/sbin/daemon"
command_args="-p ${pidfile} -u ${dnscrypt_proxy_uid} -f ${procname} -config ${dnscrypt_proxy_conf}"
start_precmd="dnscrypt_proxy_precmd"
echo $dnscrypt_proxy_uid > /var/log/ttt
dnscrypt_proxy_precmd() {
local reservedlow reservedhigh rules_current rules_dnscrypt rport ruid
# Logging fix
if [ ! $dnscrypt_proxy_uid == "root" ] && [ ! -d /var/log/${dnscrypt_proxy_uid#?} ]; then
mkdir -p /var/log/${dnscrypt_proxy_uid#?}
chown ${dnscrypt_proxy_uid}:${dnscrypt_proxy_uid} /var/log/${dnscrypt_proxy_uid#?}
fi
if checkyesno dnscrypt_proxy_mac_portacl_enable ; then
# Check and load mac_portacl module
if ! kldstat -m mac_portacl >/dev/null 2>&1 ; then
if ! kldload mac_portacl ; then
warn "Could not load mac_portacl module."
return 1
fi
fi
---8<--snip--
Maybe we are missing "#/bin/sh" here:
https://github.com/opnsense/plugins/blob/master/dns/dnscrypt-proxy/src/opnsense/scripts/OPNsense/Dnscryptproxy/setup.sh
?
Quote from: franco on February 12, 2020, 03:19:32 PM
Maybe we are missing "#/bin/sh" here:
https://github.com/opnsense/plugins/blob/master/dns/dnscrypt-proxy/src/opnsense/scripts/OPNsense/Dnscryptproxy/setup.sh
?
idk, i just installed dnscrypt-proxy from webUI ->System-Firmware->plugins ... and then loggings doesnt work ... may the setup.sh from link you provided doesnt executed on installation .. idk ...
I'm asking so you can confirm.
Cheers,
Franco
the dnscrypt-proxy rc script under /usr/local/etc/rc.d/dnscrypt-proxy provides a she bang
cat /usr/local/etc/rc.d/dnscrypt-proxy | head -n3
#!/bin/sh
#
# $FreeBSD$
and also perms:
ls -lah /usr/local/etc/rc.d/dnscrypt-proxy
-r-xr-xr-x 1 root wheel 3.4K Feb 12 14:04 /usr/local/etc/rc.d/dnscrypt-proxy
Do you mean this ?
btw. i unpacked the "dnscrypt-proxy2-2.0.36.txz" and it doesn't have a "setup.sh" file ...
Err.... /usr/local/opnsense/scripts/OPNsense/Dnscryptproxy/setup.sh
the she bang line was missing as you provided in your link.
I added the she bang line:
cat /usr/local/opnsense/scripts/OPNsense/Dnscryptproxy/setup.sh
#!/bin/sh
mkdir -p /var/log/dnscrypt-proxy/
chown _dnscrypt-proxy:_dnscrypt-proxy /var/log/dnscrypt-proxy/
but after a reboot the dnscrypt-proxy directory under /var/log is still not created ...
Thanks for testing. /var MFS is interfering and the script is not properly registered:
https://github.com/opnsense/plugins/commit/0d5c5bcf957f
The file is under /usr/local/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt_proxy
Cheers,
Franco
I noticed on uname -a
FreeBSD opernsense.localdomain 11.2-RELEASE-p16-HBSD FreeBSD 11.2-RELEASE-p16-HBSD fc65add89c3(stable/20.1) amd64
OPNsense 20.1.1-amd64
FreeBSD 11.2-RELEASE-p16-HBSD
OpenSSL 1.1.1d 10 Sep 2019 and dnscrypt-proxy2-2.0.39 the problem still persist.
greetings
Sorry to say but 20.1.1 is irrelevant.
Cheers,
Franco