OPNsense Forum

Archive => 16.7 Legacy Series => Topic started by: cake on December 01, 2016, 05:23:32 am

Title: [solved] dnscrypt - a little help
Post by: cake on December 01, 2016, 05:23:32 am

Did from terminal -- pkg install dnscrypt-proxy

It installed fine, I am very grateful to whoever compiled that.
Trying to set it up so 3 instances get started at boot from a script. In the script it will have something like:
dnscrypt-proxy --resolver-name=d0wn-is-ns1 --local-address=127.0.0.2
dnscrypt-proxy --resolver-name=d0wn-is-ns1 --local-address=127.0.0.3
dnscrypt-proxy --resolver-name=d0wn-is-ns1 --local-address=127.0.0.4
...

When I enter manually from terminal I get:

Code: [Select]

root@J1900:/etc # dnscrypt-proxy --resolver-name=d0wn-is-ns1 --local-address=127.0.0.2
[INFO] - [d0wn-is-ns1] does not support DNS Security Extensions
[INFO] + Namecoin domains can be resolved
[INFO] + Provider supposedly doesn't keep logs
[NOTICE] Starting dnscrypt-proxy 1.7.0
[INFO] Generating a new session key pair
[INFO] Done
[ERROR] Unable to bind (UDP) [Can't assign requested address]
This works but is not what I am after:
dnscrypt-proxy --resolver-name=d0wn-is-ns1 --local-address=127.0.0.1

How do I get rid of the bind error?

Title: Re: dnscrypt - a little help
Post by: cake on December 01, 2016, 07:20:11 am

reply to self, lol
From terminal--->
ifconfig lo0 alias 127.0.0.2/32

sigh
cheers self :-)

Title: Re: [solved] dnscrypt - a little help
Post by: franco on December 01, 2016, 08:00:49 am

Hi cake,

Looks like it clashes with the GUI running on 443 TCP... :)

127.0.0.0 is a /8


Cheers,
Franco

Title: Re: [solved] dnscrypt - a little help
Post by: cake on December 01, 2016, 09:21:36 am

Hi Franco,

I am slowly getting there. So far I have one instance of dnscrypt successfully running on 127.0.0.2, also have port 53 being redirected from LAN to it. Survived a reboot, so hopefully I can add a nice tutorial for others soon so its a painless as possible for those that want redundant dnscrypt, and all port 53 queries from devices on their lan redirected to it.

cheers Franco

Very happy so far, Opnsense is very stable and has the features I want: OpenVPN with XOR and dnscrypt. The last thing on my list when I get this just right is ad blocking. :-)

Edit: Here is what I have that is working so far in /etc/rc.conf

Code: [Select]

ifconfig lo0 alias 127.0.0.2/32
dnscrypt_proxy_enable="YES"
dnscrypt_proxy_resolver="ipredator"
dnscrypt_proxy_flags="-a 127.0.0.2:53 --provider-key=F581:BDCD:C1F7:469C:6B55:A144:39AA:F2F6:3AD1:8C5F:AE57:7EE1:06C9:B2EC:D29E:6849 --resolver-name=ipredator --resolver-address=194.132.32.32 -T -E -l /var/log/"