MikroTik & OpenWRT & DNSCrypt
The solution to this quest is inspired by this article .
This article is intended for a user who has a home router manufactured by MikroTik, therefore, moments related directly to compilation and assembly are omitted, and examples on MikroTik are in the pictures.
So, in brief, the statement of the problem is as follows: raise a stripped-down version of OpenWRT as a virtual machine (guest) on MetaROUTER and already raise the DNS + DNSCrypt bundle on it, which is used for encrypted data exchange with external DNS servers.
To solve this problem in a standard way, taking the source code LEDE (OpenWRT) with DNSCrypt support, patchKDE under FreeBSDit was not possible to compile under Mikrotik MetaROUTER, because either errors when applying the patch, or during compilation, or the assembly behaves unstable, IMHO.
It was possible to solve the problem by the method of successive approximations - taking a ready-made, old, but stable assembly of OpenWRT AA 31411, part of the packages from the repository, some of them compiled separately and a little finalized configs with a file.
So, we take the finished kit (you can take the OpenWRT assembly separately here ), unzip it, via FTP or via the clipboard (in the explorer, copy it on Files-> Paste router), upload openwrt-mr-mips-rootfs-31411-basic files to MikroTik. tar.gz and files.tar.gz
Create a new guest by importing the assembly into MetaROUTER (MetaROUTER-> Import Image):
Add a new eth interface for the guest:
In order to simplify the launch of OpenWRT IP, he receives DHCP from MikroTik, for this we indicate to add a guest int. (I have it vif19) to the bridge (I have it - bridge1), which also contains the internal master int. router (in my example, a little differently, but does not change the essence). When OpenWRT receives the address, make it static in the DHCP server settings of the router and specify this address in the DHCP server settings as the DNS server address for computers (IP-> DHCP server-> Networks-> DNS servers).
After creating the guest, he is in Disable. Make Enable, open Console (right-click on the guest), wait about 75 seconds, periodically launching ifconfig to catch the moment of raising the network interface and getting the address (something like this):
Before moving on, I recommend testing OpenWRT - connecting via telnet, starting something - ping, netstat, etc. to make sure OpenWRT doesn't crash into kernel panic.
If all is well - proceed to the 'dopilivanie' (in the console):
If there were no errors, we overload OpenWRT:
After restarting OpenWRT (~ 75 sec), go to the console and check that dnscrypt-proxy has started:
We check the operation of DNSCrypt, for example, let's cut something:
We restart the network int. On the computer, look at its settings, make sure that the address of our OpenWRT is received as the DNS server address.
If so, the task can be considered completed.
The performance of the solution was tested on 951/2011 models.
This article is intended for a user who has a home router manufactured by MikroTik, therefore, moments related directly to compilation and assembly are omitted, and examples on MikroTik are in the pictures.
So, in brief, the statement of the problem is as follows: raise a stripped-down version of OpenWRT as a virtual machine (guest) on MetaROUTER and already raise the DNS + DNSCrypt bundle on it, which is used for encrypted data exchange with external DNS servers.
To solve this problem in a standard way, taking the source code LEDE (OpenWRT) with DNSCrypt support, patch
It was possible to solve the problem by the method of successive approximations - taking a ready-made, old, but stable assembly of OpenWRT AA 31411, part of the packages from the repository, some of them compiled separately and a little finalized configs with a file.
So, we take the finished kit (you can take the OpenWRT assembly separately here ), unzip it, via FTP or via the clipboard (in the explorer, copy it on Files-> Paste router), upload openwrt-mr-mips-rootfs-31411-basic files to MikroTik. tar.gz and files.tar.gz
Create a new guest by importing the assembly into MetaROUTER (MetaROUTER-> Import Image):
Add a new eth interface for the guest:
In order to simplify the launch of OpenWRT IP, he receives DHCP from MikroTik, for this we indicate to add a guest int. (I have it vif19) to the bridge (I have it - bridge1), which also contains the internal master int. router (in my example, a little differently, but does not change the essence). When OpenWRT receives the address, make it static in the DHCP server settings of the router and specify this address in the DHCP server settings as the DNS server address for computers (IP-> DHCP server-> Networks-> DNS servers).
After creating the guest, he is in Disable. Make Enable, open Console (right-click on the guest), wait about 75 seconds, periodically launching ifconfig to catch the moment of raising the network interface and getting the address (something like this):
root@metarouter:/# ifconfig
eth0 Link encap:Ethernet HWaddr 02:8D:A2:1D:9D:73
inet addr:172.16.1.247 Bcast:172.16.1.255 Mask:255.255.255.255
…
Before moving on, I recommend testing OpenWRT - connecting via telnet, starting something - ping, netstat, etc. to make sure OpenWRT doesn't crash into kernel panic.
If all is well - proceed to the 'dopilivanie' (in the console):
root@metarouter:/# cd /tmp
root@metarouter:/tmp# wget ftp://admin:passwd@router/files.tar.gz (где, router - IP адрес Mikrotik)
root@metarouter:/tmp# tar xzf files.tar.gz
root@metarouter:/tmp cd files
root@metarouter:/tmp/files# ./install.sh
The result of install.sh (for the absence of errors)
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq = 0 ttl = 56 time = 13.374 ms
64 bytes from 8.8.8.8: seq = 1 ttl = 56 time = 15.320 ms
64 bytes from 8.8.8.8: seq = 2 ttl = 56 time = 12.756 ms
- 8.8.8.8 ping statistics - 3 packets transmitted, 3 packets received, 0% packet loss
round-trip min / avg / max = 12.756 / 13.816 / 15.320 ms
Downloading openwrt .wk.cz / trunk / mr-mips / packages / Packages.gz .
Inflating openwrt.wk.cz/trunk/mr-mips/packages/Packages.gz .
Updated list of available packages in / var / opkg-lists / snapshots.
Installing libcap (2.22-1) to root ...
Downloading openwrt.wk.cz/trunk/mr-mips/packages/libcap_2.22-1_mr-mips.ipk .
Configuring libcap.
Installing ntpdate (4.2.6p5-1) to root ...
Downloading openwrt.wk.cz/trunk/mr-mips/packages/ntpdate_4.2.6p5-1_mr-mips.ipk .
Configuring ntpdate.
Installing libsodium (1.0.16-1) to root ...
Multiple packages (libc and libc) providing same name marked HOLD or PREFER. Using latest.
Installing libpthread (0.9.33-104) to root ...
Downloading openwrt.wk.cz/trunk/mr-mips/packages/libpthread_0.9.33-104_mr-mips.ipk .
Configuring libpthread.
Configuring libsodium.
Installing dnscrypt-proxy-resolvers (1.9.5 + git-20171001-2d43be3-8) to root ...
Multiple packages (libc and libc) providing same name marked HOLD or PREFER. Using latest.
Configuring dnscrypt-proxy-resolvers.
Installing dnscrypt-proxy (1.9.5-8) to root ...
Multiple packages (libc and libc) providing same name marked HOLD or PREFER. Using latest.
Configuring dnscrypt-proxy.
Installing rng-tools (5-1) to root ...
Multiple packages (libc and libc) providing same name marked HOLD or PREFER. Using latest.
Configuring rng-tools.
24 Apr 11:22:24 ntpdate [2321]: adjust time server 91.203.172.2 offset -0.010429 sec
cp: omitting directory 'etc / config'
64 bytes from 8.8.8.8: seq = 0 ttl = 56 time = 13.374 ms
64 bytes from 8.8.8.8: seq = 1 ttl = 56 time = 15.320 ms
64 bytes from 8.8.8.8: seq = 2 ttl = 56 time = 12.756 ms
- 8.8.8.8 ping statistics - 3 packets transmitted, 3 packets received, 0% packet loss
round-trip min / avg / max = 12.756 / 13.816 / 15.320 ms
Downloading openwrt .wk.cz / trunk / mr-mips / packages / Packages.gz .
Inflating openwrt.wk.cz/trunk/mr-mips/packages/Packages.gz .
Updated list of available packages in / var / opkg-lists / snapshots.
Installing libcap (2.22-1) to root ...
Downloading openwrt.wk.cz/trunk/mr-mips/packages/libcap_2.22-1_mr-mips.ipk .
Configuring libcap.
Installing ntpdate (4.2.6p5-1) to root ...
Downloading openwrt.wk.cz/trunk/mr-mips/packages/ntpdate_4.2.6p5-1_mr-mips.ipk .
Configuring ntpdate.
Installing libsodium (1.0.16-1) to root ...
Multiple packages (libc and libc) providing same name marked HOLD or PREFER. Using latest.
Installing libpthread (0.9.33-104) to root ...
Downloading openwrt.wk.cz/trunk/mr-mips/packages/libpthread_0.9.33-104_mr-mips.ipk .
Configuring libpthread.
Configuring libsodium.
Installing dnscrypt-proxy-resolvers (1.9.5 + git-20171001-2d43be3-8) to root ...
Multiple packages (libc and libc) providing same name marked HOLD or PREFER. Using latest.
Configuring dnscrypt-proxy-resolvers.
Installing dnscrypt-proxy (1.9.5-8) to root ...
Multiple packages (libc and libc) providing same name marked HOLD or PREFER. Using latest.
Configuring dnscrypt-proxy.
Installing rng-tools (5-1) to root ...
Multiple packages (libc and libc) providing same name marked HOLD or PREFER. Using latest.
Configuring rng-tools.
24 Apr 11:22:24 ntpdate [2321]: adjust time server 91.203.172.2 offset -0.010429 sec
cp: omitting directory 'etc / config'
If there were no errors, we overload OpenWRT:
root@metarouter:/tmp/files# rebootAfter restarting OpenWRT (~ 75 sec), go to the console and check that dnscrypt-proxy has started:
root@metarouter:/# netstat -anp
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:5353 0.0.0.0:* LISTEN 2150/dnscrypt-proxy
…
We check the operation of DNSCrypt, for example, let's cut something:
root@metarouter:/# nslookup ya.ru
Server: 127.0.0.1
Address 1: 127.0.0.1 localhost
Name: ya.ru
Address 1: 2a02:6b8::2:242 ya.ru
Address 2: 87.250.250.242 ya.ru
We restart the network int. On the computer, look at its settings, make sure that the address of our OpenWRT is received as the DNS server address.
If so, the task can be considered completed.
The performance of the solution was tested on 951/2011 models.