OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • [solved] dnscrypt - a little help
« previous next »
  • Print
Pages: [1]

Author Topic: [solved] dnscrypt - a little help  (Read 4569 times)

cake

  • Jr. Member
  • **
  • Posts: 64
  • Karma: 13
    • View Profile
[solved] dnscrypt - a little help
« on: December 01, 2016, 05:23:32 am »
Did from terminal -- pkg install dnscrypt-proxy

It installed fine, I am very grateful to whoever compiled that.
Trying to set it up so 3 instances get started at boot from a script. In the script it will have something like:
dnscrypt-proxy --resolver-name=d0wn-is-ns1 --local-address=127.0.0.2
dnscrypt-proxy --resolver-name=d0wn-is-ns1 --local-address=127.0.0.3
dnscrypt-proxy --resolver-name=d0wn-is-ns1 --local-address=127.0.0.4
...

When I enter manually from terminal I get:
Code: [Select]
root@J1900:/etc # dnscrypt-proxy --resolver-name=d0wn-is-ns1 --local-address=127.0.0.2
[INFO] - [d0wn-is-ns1] does not support DNS Security Extensions
[INFO] + Namecoin domains can be resolved
[INFO] + Provider supposedly doesn't keep logs
[NOTICE] Starting dnscrypt-proxy 1.7.0
[INFO] Generating a new session key pair
[INFO] Done
[ERROR] Unable to bind (UDP) [Can't assign requested address]
This works but is not what I am after:
dnscrypt-proxy --resolver-name=d0wn-is-ns1 --local-address=127.0.0.1

How do I get rid of the bind error?
« Last Edit: December 01, 2016, 07:20:37 am by cake »
Logged

cake

  • Jr. Member
  • **
  • Posts: 64
  • Karma: 13
    • View Profile
Re: dnscrypt - a little help
« Reply #1 on: December 01, 2016, 07:20:11 am »
reply to self, lol
From terminal--->
ifconfig lo0 alias 127.0.0.2/32

sigh
cheers self :-)
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 15589
  • Karma: 1347
    • View Profile
Re: [solved] dnscrypt - a little help
« Reply #2 on: December 01, 2016, 08:00:49 am »
Hi cake,

Looks like it clashes with the GUI running on 443 TCP... :)

127.0.0.0 is a /8


Cheers,
Franco
Logged

cake

  • Jr. Member
  • **
  • Posts: 64
  • Karma: 13
    • View Profile
Re: [solved] dnscrypt - a little help
« Reply #3 on: December 01, 2016, 09:21:36 am »
Hi Franco,

I am slowly getting there. So far I have one instance of dnscrypt successfully running on 127.0.0.2, also have port 53 being redirected from LAN to it. Survived a reboot, so hopefully I can add a nice tutorial for others soon so its a painless as possible for those that want redundant dnscrypt, and all port 53 queries from devices on their lan redirected to it.

cheers Franco

Very happy so far, Opnsense is very stable and has the features I want: OpenVPN with XOR and dnscrypt. The last thing on my list when I get this just right is ad blocking. :-)

Edit: Here is what I have that is working so far in /etc/rc.conf
Code: [Select]
ifconfig lo0 alias 127.0.0.2/32
dnscrypt_proxy_enable="YES"
dnscrypt_proxy_resolver="ipredator"
dnscrypt_proxy_flags="-a 127.0.0.2:53 --provider-key=F581:BDCD:C1F7:469C:6B55:A144:39AA:F2F6:3AD1:8C5F:AE57:7EE1:06C9:B2EC:D29E:6849 --resolver-name=ipredator --resolver-address=194.132.32.32 -T -E -l /var/log/"
« Last Edit: December 01, 2016, 09:27:24 am by cake »
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • [solved] dnscrypt - a little help
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2