OPNsense Forum
Archive => 20.1 Legacy Series => Topic started by: bobbis on February 12, 2020, 01:14:10 pm
-
i have a fresh installed 20.1 nano image with dnscrypt-proxy-1.6(2.0.36) configured with unbound
Unbound Custom Options:
do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 127.0.0.1@5353
from dmesg:
Generating RRD graphs...done.
Configuring system logging...done.
>>> Invoking start script 'newwanip'
>>> Invoking start script 'freebsd'
Starting dnscrypt_proxy.
.....
before restarting dnscrypt-proxy from webUI
ls -l /var/log
total 9512
lrwxr-xr-x 1 root wheel 26 Feb 12 11:56 bsdinstaller -> /root/var/log/bsdinstaller
-rw------- 1 root wheel 511488 Feb 12 12:05 configd.log
-rw------- 1 root wheel 511488 Feb 12 11:56 dhcpd.log
-rw------- 1 root wheel 511488 Feb 12 11:56 dnsmasq.log
-rw------- 1 root wheel 511488 Feb 12 12:05 filter.log
-rw------- 1 root wheel 511488 Feb 12 11:56 gateways.log
-rw------- 1 root wheel 511488 Feb 12 11:56 ipsec.log
-rw------- 1 root wheel 511488 Feb 12 11:57 lighttpd.log
drwxr-xr-x 2 root wheel 0 Feb 12 11:57 ntp
-rw------- 1 root wheel 511488 Feb 12 12:05 ntpd.log
-rw------- 1 root wheel 511488 Feb 12 11:56 openvpn.log
-rw------- 1 root wheel 511488 Feb 12 11:56 pkg.log
-rw------- 1 root wheel 511488 Feb 12 11:56 portalauth.log
-rw------- 1 root wheel 511488 Feb 12 11:56 ppps.log
-rw------- 1 root wheel 511488 Feb 12 12:05 resolver.log
-rw------- 1 root wheel 511488 Feb 12 11:56 routing.log
-rw------- 1 root wheel 511488 Feb 12 11:56 squid.log
-rw------- 1 root wheel 511488 Feb 12 11:56 suricata.log
-rw------- 1 root wheel 511488 Feb 12 12:05 system.log
-rw------- 1 root wheel 856 Feb 12 11:56 userlog
-rw-r--r-- 1 root wheel 197 Feb 12 12:05 utx.lastlogin
-rw-r--r-- 1 root wheel 85 Feb 12 12:05 utx.log
-rw------- 1 root wheel 511488 Feb 12 11:56 vpn.log
-rw------- 1 root wheel 511488 Feb 12 11:56 wireless.log
after dnscrypt-proxy has restart:
ls -l /var/log
total 9512
lrwxr-xr-x 1 root wheel 26 Feb 12 11:56 bsdinstaller -> /root/var/log/bsdinstaller
-rw------- 1 root wheel 511488 Feb 12 12:06 configd.log
-rw------- 1 root wheel 511488 Feb 12 11:56 dhcpd.log
drwxr-x--- 2 _dnscrypt-proxy _dnscrypt-proxy 128 Feb 12 12:06 dnscrypt-proxy
-rw------- 1 root wheel 511488 Feb 12 11:56 dnsmasq.log
-rw------- 1 root wheel 511488 Feb 12 12:06 filter.log
-rw------- 1 root wheel 511488 Feb 12 11:56 gateways.log
-rw------- 1 root wheel 511488 Feb 12 11:56 ipsec.log
-rw------- 1 root wheel 511488 Feb 12 12:06 lighttpd.log
drwxr-xr-x 2 root wheel 0 Feb 12 11:57 ntp
-rw------- 1 root wheel 511488 Feb 12 12:05 ntpd.log
-rw------- 1 root wheel 511488 Feb 12 11:56 openvpn.log
-rw------- 1 root wheel 511488 Feb 12 11:56 pkg.log
-rw------- 1 root wheel 511488 Feb 12 11:56 portalauth.log
-rw------- 1 root wheel 511488 Feb 12 11:56 ppps.log
-rw------- 1 root wheel 511488 Feb 12 12:05 resolver.log
-rw------- 1 root wheel 511488 Feb 12 11:56 routing.log
-rw------- 1 root wheel 511488 Feb 12 11:56 squid.log
-rw------- 1 root wheel 511488 Feb 12 11:56 suricata.log
-rw------- 1 root wheel 511488 Feb 12 12:06 system.log
-rw------- 1 root wheel 856 Feb 12 11:56 userlog
-rw-r--r-- 1 root wheel 197 Feb 12 12:05 utx.lastlogin
-rw-r--r-- 1 root wheel 85 Feb 12 12:05 utx.log
-rw------- 1 root wheel 511488 Feb 12 11:56 vpn.log
-rw------- 1 root wheel 511488 Feb 12 11:56 wireless.log
cat /var/log/userlog
2020-02-12 11:56:13 [unknown:groupadd] _dnscrypt-proxy(978)
2020-02-12 11:56:14 [unknown:useradd] _dnscrypt-proxy(978):_dnscrypt-proxy(978):dnscrypt-proxy user:/var/empty:/usr/sbin/nologin
2020-02-12 11:56:14 [unknown:groupadd] _flowd(542)
2020-02-12 11:56:14 [unknown:useradd] _flowd(542):_flowd(542):flowd privilege separation user:/var/empty:/usr/sbin/nologin
2020-02-12 11:56:15 [unknown:groupadd] dhcpd(136)
2020-02-12 11:56:15 [unknown:useradd] dhcpd(136):dhcpd(136):ISC DHCP daemon:/nonexistent:/usr/sbin/nologin
2020-02-12 11:56:16 [unknown:groupadd] squid(100)
2020-02-12 11:56:17 [unknown:useradd] squid(100):squid(100):squid caching-proxy pseudo user:/var/squid:/usr/sbin/nologin
2020-02-12 11:56:37 [unknown:usermod] root(0):wheel(0):System Administrator:/root:/usr/local/sbin/opnsense-shell
2020-02-12 11:56:37 [unknown:groupadd] admins(1999)
uname -a
FreeBSD foobar.localdomain 11.2-RELEASE-p16-HBSD FreeBSD 11.2-RELEASE-p16-HBSD fc65add89c3(stable/20.1) amd64
-
Is there any command line command for dnscrypt-proxy restart, so that i can restart dnscrypt-proxy directly from command prompt (ssh) ?
-
it seems that dnscrypt-proxy not creating the "dnscrypt-proxy" directory under /var/log .. and so dnscrypt-proxy starts without writing log files.
here is a quick fix for re-enable logging,
In the file "/usr/local/etc/rc.d/dnscrypt-proxy" add
# Logging fix
if [ ! $dnscrypt_proxy_uid == "root" ] && [ ! -d /var/log/${dnscrypt_proxy_uid#?} ]; then
mkdir -p /var/log/${dnscrypt_proxy_uid#?}
chown ${dnscrypt_proxy_uid}:${dnscrypt_proxy_uid} /var/log/${dnscrypt_proxy_uid#?}
fi
directly under "local reservedlow reservedhigh rules_current rules_dnscrypt rport ruid" .. the second line where the function dnscrypt_proxy_precmd() starts...
if done shoudl look like
command="/usr/sbin/daemon"
command_args="-p ${pidfile} -u ${dnscrypt_proxy_uid} -f ${procname} -config ${dnscrypt_proxy_conf}"
start_precmd="dnscrypt_proxy_precmd"
echo $dnscrypt_proxy_uid > /var/log/ttt
dnscrypt_proxy_precmd() {
local reservedlow reservedhigh rules_current rules_dnscrypt rport ruid
# Logging fix
if [ ! $dnscrypt_proxy_uid == "root" ] && [ ! -d /var/log/${dnscrypt_proxy_uid#?} ]; then
mkdir -p /var/log/${dnscrypt_proxy_uid#?}
chown ${dnscrypt_proxy_uid}:${dnscrypt_proxy_uid} /var/log/${dnscrypt_proxy_uid#?}
fi
if checkyesno dnscrypt_proxy_mac_portacl_enable ; then
# Check and load mac_portacl module
if ! kldstat -m mac_portacl >/dev/null 2>&1 ; then
if ! kldload mac_portacl ; then
warn "Could not load mac_portacl module."
return 1
fi
fi
---8<--snip--
-
Maybe we are missing "#/bin/sh" here:
https://github.com/opnsense/plugins/blob/master/dns/dnscrypt-proxy/src/opnsense/scripts/OPNsense/Dnscryptproxy/setup.sh
?
-
Maybe we are missing "#/bin/sh" here:
https://github.com/opnsense/plugins/blob/master/dns/dnscrypt-proxy/src/opnsense/scripts/OPNsense/Dnscryptproxy/setup.sh
?
idk, i just installed dnscrypt-proxy from webUI ->System-Firmware->plugins ... and then loggings doesnt work ... may the setup.sh from link you provided doesnt executed on installation .. idk ...
-
I'm asking so you can confirm.
Cheers,
Franco
-
the dnscrypt-proxy rc script under /usr/local/etc/rc.d/dnscrypt-proxy provides a she bang
cat /usr/local/etc/rc.d/dnscrypt-proxy | head -n3
#!/bin/sh
#
# $FreeBSD$
and also perms:
ls -lah /usr/local/etc/rc.d/dnscrypt-proxy
-r-xr-xr-x 1 root wheel 3.4K Feb 12 14:04 /usr/local/etc/rc.d/dnscrypt-proxy
Do you mean this ?
btw. i unpacked the "dnscrypt-proxy2-2.0.36.txz" and it doesn't have a "setup.sh" file ...
-
Err.... /usr/local/opnsense/scripts/OPNsense/Dnscryptproxy/setup.sh
-
the she bang line was missing as you provided in your link.
I added the she bang line:
cat /usr/local/opnsense/scripts/OPNsense/Dnscryptproxy/setup.sh
#!/bin/sh
mkdir -p /var/log/dnscrypt-proxy/
chown _dnscrypt-proxy:_dnscrypt-proxy /var/log/dnscrypt-proxy/
but after a reboot the dnscrypt-proxy directory under /var/log is still not created ...
-
Thanks for testing. /var MFS is interfering and the script is not properly registered:
https://github.com/opnsense/plugins/commit/0d5c5bcf957f
The file is under /usr/local/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt_proxy
Cheers,
Franco
-
I noticed on
uname -a
FreeBSD opernsense.localdomain 11.2-RELEASE-p16-HBSD FreeBSD 11.2-RELEASE-p16-HBSD fc65add89c3(stable/20.1) amd64OPNsense 20.1.1-amd64
FreeBSD 11.2-RELEASE-p16-HBSD
OpenSSL 1.1.1d 10 Sep 2019 and dnscrypt-proxy2-2.0.39 the problem still persist.
greetings
-
Sorry to say but 20.1.1 is irrelevant.
Cheers,
Franco