How To Install DNSCrypt on OpenWrt

Install DNSCrypt on OpenWrt

In this tutorial we will show you how to install and configuration of DNSCrypt on your OpenWrt router.  For those of you who didn’t know, DNSCrypt is a tool for securing communications between a client and a DNS resolver using elliptic-curve cryptography in the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic. With DNSCrypt it can preventing spying, spoofing, and man-in-the-middle attacks or even bypass DNS censorship from ISP that using DNSLeak.

This article assumes you have at least basic knowledge of linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, I will show you step by step installation DNSCrypt on a OpenWrt.

Install DNSCrypt on OpenWrt

Step 1. Installing DNSCrypt.

DNSCrypt is managed by a source NOT directly included in opkg lists. So, first step is to add the Source to opkg list by adding following line at the end of ‘/etc/opkg.conf’.

echo 'src/gz exopenwrt http://exopenwrt.roland.black/barrier_breaker/14.07/ar71xx/packages/exopenwrt' >> /etc/opkg.conf

And proceed with the installation:

opkg update
opkg install dnscrypt-proxy

Confirm that the installation:

### opkg status | grep -n "dnscrypt-proxy"
### Result ###
230:Package: dnscrypt-proxy
236: /etc/config/dnscrypt-proxy ff316755d745da9b15b7166b667ed108

Step 2. Configuration DNSCrypt.

The config file /etc/config/dnscrypt-proxy is simple and should be edited according to your needs:

### nano /etc/config/dnscrypt-proxy
config dnscrypt-proxy
        option address '127.0.0.1'
        option port    '5353'
      # option resolver        'cisco'
      # option resolvers_list  '/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv'
      # option ephemeral_keys '1'

Now we will start DNSCrypt and enable auto boot for it:

/etc/init.d/dnscrypt-proxy enable
/etc/init.d/dnscrypt-proxy start

If dnscrypt-proxy is not starting after a router reboot, it may be trying to start before the network interface is fully up. Add the following to /etc/rc.local, above the line “exit 0”:

sleep 10
/etc/init.d/dnscrypt-proxy start

Next, Edit ‘/etc/config/dhcp’ so that the ‘dnsmasq’ configuration looks like below:

config dnsmasq
    option domainneeded         1
    option boguspriv            1
    option filterwin2k          0
    option localise_queries     1
    option rebind_protection    1
    option rebind_localhost     1
    option local                '/lan/'
    option domain               'lan'
    option expandhosts          1
    option nonegcache           0
    option authoritative        1
    option readethers           1
    option leasefile            '/tmp/dhcp.leases'
#   option resolvfile           '/tmp/resolv.conf.auto'
    option noresolv             1
    list server                 '127.0.0.1#5353'
    list server                 '/pool.ntp.org/208.67.222.222'
#   list server                 '208.67.222.222'
#   list server                 '208.67.220.220'

Restart dnsmasq for the changes to take effect:

/etc/init.d/dnsmasq restart

Congratulation’s! You have successfully installed DNSCrypt. Thanks for using this tutorial for installing DNSCrypt on your OpenWrt router system. For additional help or useful information, we recommend you to check the official DNSCrypt website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get a best deal!