[solved] dnscrypt - a little help

Started by cake, December 01, 2016, 05:23:32 AM

Previous topic - Next topic
December 01, 2016, 05:23:32 AM Last Edit: December 01, 2016, 07:20:37 AM by cake
Did from terminal -- pkg install dnscrypt-proxy

It installed fine, I am very grateful to whoever compiled that.
Trying to set it up so 3 instances get started at boot from a script. In the script it will have something like:
dnscrypt-proxy --resolver-name=d0wn-is-ns1 --local-address=127.0.0.2
dnscrypt-proxy --resolver-name=d0wn-is-ns1 --local-address=127.0.0.3
dnscrypt-proxy --resolver-name=d0wn-is-ns1 --local-address=127.0.0.4
...

When I enter manually from terminal I get:
root@J1900:/etc # dnscrypt-proxy --resolver-name=d0wn-is-ns1 --local-address=127.0.0.2
[INFO] - [d0wn-is-ns1] does not support DNS Security Extensions
[INFO] + Namecoin domains can be resolved
[INFO] + Provider supposedly doesn't keep logs
[NOTICE] Starting dnscrypt-proxy 1.7.0
[INFO] Generating a new session key pair
[INFO] Done
[ERROR] Unable to bind (UDP) [Can't assign requested address]


This works but is not what I am after:
dnscrypt-proxy --resolver-name=d0wn-is-ns1 --local-address=127.0.0.1

How do I get rid of the bind error?

reply to self, lol
From terminal--->
ifconfig lo0 alias 127.0.0.2/32

sigh
cheers self :-)

Hi cake,

Looks like it clashes with the GUI running on 443 TCP... :)

127.0.0.0 is a /8


Cheers,
Franco

December 01, 2016, 09:21:36 AM #3 Last Edit: December 01, 2016, 09:27:24 AM by cake
Hi Franco,

I am slowly getting there. So far I have one instance of dnscrypt successfully running on 127.0.0.2, also have port 53 being redirected from LAN to it. Survived a reboot, so hopefully I can add a nice tutorial for others soon so its a painless as possible for those that want redundant dnscrypt, and all port 53 queries from devices on their lan redirected to it.

cheers Franco

Very happy so far, Opnsense is very stable and has the features I want: OpenVPN with XOR and dnscrypt. The last thing on my list when I get this just right is ad blocking. :-)

Edit: Here is what I have that is working so far in /etc/rc.conf
ifconfig lo0 alias 127.0.0.2/32
dnscrypt_proxy_enable="YES"
dnscrypt_proxy_resolver="ipredator"
dnscrypt_proxy_flags="-a 127.0.0.2:53 --provider-key=F581:BDCD:C1F7:469C:6B55:A144:39AA:F2F6:3AD1:8C5F:AE57:7EE1:06C9:B2EC:D29E:6849 --resolver-name=ipredator --resolver-address=194.132.32.32 -T -E -l /var/log/"