DNSCrypt Proxy Service late Start

[crissi]

Hello,

when i restart my fw the DNSCrypt Proxy Plugin is started as the last service... Is there a way to force the DNSCrypt Proxy Plugin to Start early during Boot of the Firewall?

Thx!

[gpb]

What issue are you running into?  Just curious.

[crissi]

Hi gpb,

the DNS Crypt Proxy is loading as the latest service when rebooting my firewall. The Problem is, that the OpenVPN Connection is loaded before, but the VPN Tunnel could not be established automatically, as the DNS Crypt Proxy service is loaded as the last service, and i have to Stop / Start the OpenVPN Service manually.

Hope there is an Option to load the DNS Crypt Service directly / early on boot of the fw.

[crissi]

Just saw under /usr/local/etc/rc.d/dnscrypt-proxy the Parameter enable service on boot and changed from NO to YES and restarted, but the DNS Crypt Proxy is still loaded as the last Services ..

Code Select Expand

#!/bin/sh

# PROVIDE: dnscrypt_proxy
# REQUIRE: cleanvar SERVERS
# BEFORE:  dnsmasq local_unbound named nsmasq pdns unbound
#
# Options to configure dnscrypt-proxy via /etc/rc.conf:
#
# dnscrypt_proxy_enable (bool) Enable service on boot
# Default: NO
#

[crissi]

Found yet under /usr/local/etc/rc.syshook.d/start the scripts, and created new one 60-dnscrypt-proxy and added this:

dnscrypt_proxy_var_script="/usr/local/opnsense/scripts/OPNsense/Dnscryptproxy/setup.sh"
dnscrypt_proxy_enable="YES"


But im not sure, if this is correct, if the script should be in /start or /early and with which priority?

[gpb]

I was hunting around yesterday and was going to suggest exactly what you just tested...great minds lol.  Too bad that didn't work.  I don't have an answer...but since we're close to 22.1 and the boot process has apparently changed (now faster), it might address the problem.  I know my boot takes about 4 minutes (21.7.7) and seems to hang obtaining a new wan ip address.  You can look in your /var/log/system folder and scan the system log to see if yours is also hanging...I get a few 45 second delays before timeouts occur and that keeps most services from starting because the wan isn't available yet.  Might be just a local problem for me...not sure.

[crissi]

Thx, i moved the created script to /early and checked again, and during the boot process the dnscrypt-proxy script is really executed where the other /early scripts be.. login to the gui after the "beep" still shows the dnscrypt-proxy service as not started, so i guess it could be that the gui is not picking up / syncing correctly even if the service is already started..

The boot time in total is in my case also 3,30 minutes.., and yes hangs also by receiving the wan address... testing on my actual hardware with pfsense, pf sense is loaded really fast.. and when i connect my old sophos, (yes i know its linux :)) the boot is amazing fast in compare.. also sophos picks up the wan ip in one second, and in 6 years has just twice the issue not get the wan ip (but also has a button to refresh the wan ip) if needed..

So i really hope that in 22.1 the boot is faster, and the wan ip is correctly picked up fast as it is with other firewall solutions:)

[gpb]

Yep, that's what I was seeing in 21.7.7.  Just installed 22.1R1 yesterday, but haven't performed a reboot yet.  That delay where it's waiting for a WAN address, I can sit and watch htop in the terminal window and only about half the processes are started at that point, then once the WAN is established, they flood in.  The gui does not autoupdate so you're forced to click dashboard periodically to see the actual state.

When you install 22.1R1, you'll need to re-add your customizations for dnscrypt-proxy because the template, rc, toml and binary are all overwritten, but my back up files remained...including the toml.  So you'd just need to backup the binary and then edit the rc file to point to your custom toml.

[crissi]

Thanks for the Hint when updating to 22.1R1 regarding the DNSCrypt Custom Config

The DNS Crypt Version 2.1.1 is doing is job perfectly, running without any Issue till now :)