(Resolved) Nano Image dnscrypt-proxy logging doesnt work *fix added*

bobbis · February 12, 2020, 01:14:10 PM

i have a fresh installed 20.1 nano image with dnscrypt-proxy-1.6(2.0.36) configured with unbound

Unbound Custom Options:

Code Select

do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 127.0.0.1@5353

from dmesg:

QuoteGenerating RRD graphs...done.
Configuring system logging...done.
>>> Invoking start script 'newwanip'
>>> Invoking start script 'freebsd'
Starting dnscrypt_proxy.
.....

before restarting dnscrypt-proxy from webUI

Code Select

ls -l /var/log
total 9512
lrwxr-xr-x  1 root  wheel      26 Feb 12 11:56 bsdinstaller -> /root/var/log/bsdinstaller
-rw-------  1 root  wheel  511488 Feb 12 12:05 configd.log
-rw-------  1 root  wheel  511488 Feb 12 11:56 dhcpd.log
-rw-------  1 root  wheel  511488 Feb 12 11:56 dnsmasq.log
-rw-------  1 root  wheel  511488 Feb 12 12:05 filter.log
-rw-------  1 root  wheel  511488 Feb 12 11:56 gateways.log
-rw-------  1 root  wheel  511488 Feb 12 11:56 ipsec.log
-rw-------  1 root  wheel  511488 Feb 12 11:57 lighttpd.log
drwxr-xr-x  2 root  wheel       0 Feb 12 11:57 ntp
-rw-------  1 root  wheel  511488 Feb 12 12:05 ntpd.log
-rw-------  1 root  wheel  511488 Feb 12 11:56 openvpn.log
-rw-------  1 root  wheel  511488 Feb 12 11:56 pkg.log
-rw-------  1 root  wheel  511488 Feb 12 11:56 portalauth.log
-rw-------  1 root  wheel  511488 Feb 12 11:56 ppps.log
-rw-------  1 root  wheel  511488 Feb 12 12:05 resolver.log
-rw-------  1 root  wheel  511488 Feb 12 11:56 routing.log
-rw-------  1 root  wheel  511488 Feb 12 11:56 squid.log
-rw-------  1 root  wheel  511488 Feb 12 11:56 suricata.log
-rw-------  1 root  wheel  511488 Feb 12 12:05 system.log
-rw-------  1 root  wheel     856 Feb 12 11:56 userlog
-rw-r--r--  1 root  wheel     197 Feb 12 12:05 utx.lastlogin
-rw-r--r--  1 root  wheel      85 Feb 12 12:05 utx.log
-rw-------  1 root  wheel  511488 Feb 12 11:56 vpn.log
-rw-------  1 root  wheel  511488 Feb 12 11:56 wireless.log

after dnscrypt-proxy has restart:

Code Select

ls -l /var/log
total 9512
lrwxr-xr-x  1 root             wheel                26 Feb 12 11:56 bsdinstaller -> /root/var/log/bsdinstaller
-rw-------  1 root             wheel            511488 Feb 12 12:06 configd.log
-rw-------  1 root             wheel            511488 Feb 12 11:56 dhcpd.log
drwxr-x---  2 _dnscrypt-proxy  _dnscrypt-proxy     128 Feb 12 12:06 dnscrypt-proxy
-rw-------  1 root             wheel            511488 Feb 12 11:56 dnsmasq.log
-rw-------  1 root             wheel            511488 Feb 12 12:06 filter.log
-rw-------  1 root             wheel            511488 Feb 12 11:56 gateways.log
-rw-------  1 root             wheel            511488 Feb 12 11:56 ipsec.log
-rw-------  1 root             wheel            511488 Feb 12 12:06 lighttpd.log
drwxr-xr-x  2 root             wheel                 0 Feb 12 11:57 ntp
-rw-------  1 root             wheel            511488 Feb 12 12:05 ntpd.log
-rw-------  1 root             wheel            511488 Feb 12 11:56 openvpn.log
-rw-------  1 root             wheel            511488 Feb 12 11:56 pkg.log
-rw-------  1 root             wheel            511488 Feb 12 11:56 portalauth.log
-rw-------  1 root             wheel            511488 Feb 12 11:56 ppps.log
-rw-------  1 root             wheel            511488 Feb 12 12:05 resolver.log
-rw-------  1 root             wheel            511488 Feb 12 11:56 routing.log
-rw-------  1 root             wheel            511488 Feb 12 11:56 squid.log
-rw-------  1 root             wheel            511488 Feb 12 11:56 suricata.log
-rw-------  1 root             wheel            511488 Feb 12 12:06 system.log
-rw-------  1 root             wheel               856 Feb 12 11:56 userlog
-rw-r--r--  1 root             wheel               197 Feb 12 12:05 utx.lastlogin
-rw-r--r--  1 root             wheel                85 Feb 12 12:05 utx.log
-rw-------  1 root             wheel            511488 Feb 12 11:56 vpn.log
-rw-------  1 root             wheel            511488 Feb 12 11:56 wireless.log

Code Select

cat /var/log/userlog
2020-02-12 11:56:13 [unknown:groupadd] _dnscrypt-proxy(978)
2020-02-12 11:56:14 [unknown:useradd] _dnscrypt-proxy(978):_dnscrypt-proxy(978):dnscrypt-proxy user:/var/empty:/usr/sbin/nologin
2020-02-12 11:56:14 [unknown:groupadd] _flowd(542)
2020-02-12 11:56:14 [unknown:useradd] _flowd(542):_flowd(542):flowd privilege separation user:/var/empty:/usr/sbin/nologin
2020-02-12 11:56:15 [unknown:groupadd] dhcpd(136)
2020-02-12 11:56:15 [unknown:useradd] dhcpd(136):dhcpd(136):ISC DHCP daemon:/nonexistent:/usr/sbin/nologin
2020-02-12 11:56:16 [unknown:groupadd] squid(100)
2020-02-12 11:56:17 [unknown:useradd] squid(100):squid(100):squid caching-proxy pseudo user:/var/squid:/usr/sbin/nologin
2020-02-12 11:56:37 [unknown:usermod] root(0):wheel(0):System Administrator:/root:/usr/local/sbin/opnsense-shell
2020-02-12 11:56:37 [unknown:groupadd] admins(1999)

Code Select

uname -a
FreeBSD foobar.localdomain 11.2-RELEASE-p16-HBSD FreeBSD 11.2-RELEASE-p16-HBSD  fc65add89c3(stable/20.1)  amd64

bobbis · February 12, 2020, 01:29:25 PM

Is there any command line command for dnscrypt-proxy restart, so that i can restart dnscrypt-proxy directly from command prompt (ssh) ?

bobbis · February 12, 2020, 03:12:52 PM

it seems that dnscrypt-proxy not creating the "dnscrypt-proxy" directory under /var/log .. and so dnscrypt-proxy starts without writing log files.
here is a quick fix for re-enable logging,
In the file "/usr/local/etc/rc.d/dnscrypt-proxy" add

Code Select

    # Logging fix
    if [ ! $dnscrypt_proxy_uid == "root" ] && [ ! -d /var/log/${dnscrypt_proxy_uid#?} ]; then
        mkdir -p /var/log/${dnscrypt_proxy_uid#?}
        chown ${dnscrypt_proxy_uid}:${dnscrypt_proxy_uid} /var/log/${dnscrypt_proxy_uid#?}
    fi

directly under "local reservedlow reservedhigh rules_current rules_dnscrypt rport ruid" .. the second line where the function dnscrypt_proxy_precmd() starts...

if done shoudl look like

Code Select

command="/usr/sbin/daemon"
command_args="-p ${pidfile} -u ${dnscrypt_proxy_uid} -f ${procname} -config ${dnscrypt_proxy_conf}"
start_precmd="dnscrypt_proxy_precmd"
echo $dnscrypt_proxy_uid > /var/log/ttt
dnscrypt_proxy_precmd() {
	local reservedlow reservedhigh rules_current rules_dnscrypt rport ruid

    # Logging fix
    if [ ! $dnscrypt_proxy_uid == "root" ] && [ ! -d /var/log/${dnscrypt_proxy_uid#?} ]; then
        mkdir -p /var/log/${dnscrypt_proxy_uid#?}
        chown ${dnscrypt_proxy_uid}:${dnscrypt_proxy_uid} /var/log/${dnscrypt_proxy_uid#?}
    fi

    if checkyesno dnscrypt_proxy_mac_portacl_enable ; then

		# Check and load mac_portacl module
		if ! kldstat -m mac_portacl >/dev/null 2>&1 ; then
			if ! kldload mac_portacl ; then
				warn "Could not load mac_portacl module."
				return 1
			fi
		fi
---8<--snip--

franco · February 12, 2020, 03:19:32 PM

Maybe we are missing "#/bin/sh" here:

https://github.com/opnsense/plugins/blob/master/dns/dnscrypt-proxy/src/opnsense/scripts/OPNsense/Dnscryptproxy/setup.sh

?

bobbis · February 12, 2020, 03:25:50 PM

Quote from: franco on February 12, 2020, 03:19:32 PM
Maybe we are missing "#/bin/sh" here:

https://github.com/opnsense/plugins/blob/master/dns/dnscrypt-proxy/src/opnsense/scripts/OPNsense/Dnscryptproxy/setup.sh

?

idk, i just installed dnscrypt-proxy from webUI ->System-Firmware->plugins ... and then loggings doesnt work ... may the setup.sh from link you provided doesnt executed on installation .. idk ...

franco · February 12, 2020, 03:26:20 PM

I'm asking so you can confirm.

Cheers,
Franco

bobbis · February 12, 2020, 03:33:16 PM

the dnscrypt-proxy rc script under /usr/local/etc/rc.d/dnscrypt-proxy provides a she bang

Code Select

cat /usr/local/etc/rc.d/dnscrypt-proxy | head -n3
#!/bin/sh
#
# $FreeBSD$

and also perms:

Code Select

ls -lah /usr/local/etc/rc.d/dnscrypt-proxy
-r-xr-xr-x  1 root  wheel   3.4K Feb 12 14:04 /usr/local/etc/rc.d/dnscrypt-proxy

Do you mean this ?

btw. i unpacked the "dnscrypt-proxy2-2.0.36.txz" and it doesn't have a "setup.sh" file ...

franco · February 12, 2020, 03:58:24 PM

Err.... /usr/local/opnsense/scripts/OPNsense/Dnscryptproxy/setup.sh

bobbis · February 12, 2020, 04:18:03 PM

the she bang line was missing as you provided in your link.
I added the she bang line:

Code Select

cat /usr/local/opnsense/scripts/OPNsense/Dnscryptproxy/setup.sh
#!/bin/sh

mkdir -p /var/log/dnscrypt-proxy/
chown _dnscrypt-proxy:_dnscrypt-proxy /var/log/dnscrypt-proxy/

but after a reboot the dnscrypt-proxy directory under /var/log is still not created ...

franco · February 12, 2020, 04:55:31 PM

Thanks for testing. /var MFS is interfering and the script is not properly registered:

https://github.com/opnsense/plugins/commit/0d5c5bcf957f

The file is under /usr/local/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt_proxy

Cheers,
Franco

bobbis · February 14, 2020, 02:06:22 AM

I noticed on

Code Select

uname -a
FreeBSD opernsense.localdomain 11.2-RELEASE-p16-HBSD FreeBSD 11.2-RELEASE-p16-HBSD  fc65add89c3(stable/20.1)  amd64

Code Select

OPNsense 20.1.1-amd64
FreeBSD 11.2-RELEASE-p16-HBSD
OpenSSL 1.1.1d 10 Sep 2019

and

Code Select

dnscrypt-proxy2-2.0.39 the problem still persist.

greetings

franco · February 14, 2020, 10:17:52 AM

Sorry to say but 20.1.1 is irrelevant.

Cheers,
Franco

(Resolved) Nano Image dnscrypt-proxy logging doesnt work fix added

bobbis

February 12, 2020, 01:14:10 PM Last Edit: February 12, 2020, 03:09:29 PM by bobbis

bobbis

February 12, 2020, 01:29:25 PM #1

bobbis

February 12, 2020, 03:12:52 PM #2 Last Edit: February 12, 2020, 03:17:10 PM by bobbis

franco

February 12, 2020, 03:19:32 PM #3

bobbis

February 12, 2020, 03:25:50 PM #4

franco

February 12, 2020, 03:26:20 PM #5

bobbis

February 12, 2020, 03:33:16 PM #6 Last Edit: February 12, 2020, 03:38:33 PM by bobbis

franco

February 12, 2020, 03:58:24 PM #7

bobbis

February 12, 2020, 04:18:03 PM #8

franco

February 12, 2020, 04:55:31 PM #9

bobbis

February 14, 2020, 02:06:22 AM #10

franco

February 14, 2020, 10:17:52 AM #11