irazasyed/howto-enable-dnscrypt-proxy-v2-netgear-router.md

## howto-enable-dnscrypt-proxy-v2-netgear-router.md

      
    Raw
  

              howto-enable-dnscrypt-proxy-v2-netgear-router.md
            
          
    How to Enable DNSCrypt-Proxy v2 on Netgear X4S R7800 / R8900 / R9000 Router


Supported routers (Netgear R7800, R8900, and R9000)

Prerequisite


Make sure telnet is enabled in your router. You can visit this page and enable (login when prompted): http://www.routerlogin.com/debug.htm.
Once you telnet into your router using your routers password, you should setup your SSH key.
[Recommended] Add SSH key id_rsa.pub to /root/.ssh/authorized_keys (You might have to create this dir and file manually if not it doesn't already exist).


Run the below commands one line at a time in your telnet/ssh console.

Enable DNSCrypt-Proxy v2


To enable DNSCrypt-Proxy v2.

nvram set dnscrypt2=1
nvram commit
reboot
Reboot your router (reboot command will reboot your router or you can manually reboot too).
Disable DNSCrypt-Proxy v2


To disable DNSCrypt-Proxy v2.

nvram set dnscrypt2=0
nvram commit
reboot
Reboot your router.
Reboot DNSCrypt-Proxy v2

/etc/init.d/dnscrypt-proxy-2 restart
Display DNSCrypt-Proxy v2 log

cat /var/log/dnscrypt-proxy-2.log
Schedule Cron Job to Update Blacklist


To schedule a job to automatically update the blacklist.txt file every morning at 4:00am, run these commands from telnet/ssh console.

Create update_blacklist.sh

echo '#!/bin/sh' >/usr/bin/update_blacklist.sh
echo 'wget -O /etc/blacklist.txt download.dnscrypt.info/blacklists/domains/mybase.txt' >>/usr/bin/update_blacklist.sh
echo '[ $? -ne 0 ] && exit 1' >>/usr/bin/update_blacklist.sh
echo '/etc/init.d/dnscrypt-proxy-2 restart' >>/usr/bin/update_blacklist.sh
Make update_blacklist.sh executable

chmod +x /usr/bin/update_blacklist.sh
Manually run (or to simply test) update_blacklist.sh

/usr/bin/update_blacklist.sh
Backup rc.local File

[ ! -e /etc/rc.local.bak ] && cp -p /etc/rc.local /etc/rc.local.bak
Create/Schedule Cronjob

echo >>/etc/rc.local
echo 'mkdir -p /opt/tmp/cronblacklist/crontabs && echo "0 4 * * * /usr/bin/update_blacklist.sh" >/opt/tmp/cronblacklist/crontabs/root && crond -c /opt/tmp/cronblacklist/crontabs -T '"'"'$($CONFIG get time_zone)'"'"'' >/tmp/x.blacklist
sed -n -i -e '/^exit 0/r /tmp/x.blacklist' -e 1x -e '2,${x;p}' -e '${x;p}' /etc/rc.local
sed -i '$ { /^$/ d}' /etc/rc.local
\rm /tmp/x.blacklist
reboot
Reboot your router.
To Uninstall (or undo above)

\cp -p /etc/rc.local.bak /etc/rc.local
\rm /usr/bin/update_blacklist.sh
\rm /etc/blacklist.txt
\rm -rf /opt/tmp/cronblacklist/
/etc/init.d/dnscrypt-proxy-2 restart
Reboot your router.
Edit DNSCrypt-Proxy v2 Config


To edit the configuration file, run these commands from telnet/ssh console.

vi /etc/dnscrypt-proxy-2.toml

Press i button to put the editor in insert/edit mode.
Make your changes.
Press esc button, type :x and press return/enter to save and exit editor.
Press esc button, type :q! and press return/enter to exit the editor without saving changes.

Verify DNSCrypt-Proxy v2 Config Changes

/usr/sbin/dnscrypt-proxy-2 -config=/etc/dnscrypt-proxy-2.toml -check
Restore Original DNSCrypt-Proxy v2 Config


To restore the original dnscrypt-proxy-2.toml file.

\cp -p /rom/etc/dnscrypt-proxy-2.toml /etc/dnscrypt-proxy-2.toml
Display DNSCrypt-Proxy v2 Configuration


To only display the configuration file.

cat /etc/dnscrypt-proxy-2.toml
Test DNSLeak


https://ipleak.net/
Extended Test: https://www.dnsleaktest.com/
If you use Cloudflare 1.1.1.1 DNS: https://www.cloudflare.com/ssl/encrypted-sni/

This is a modified version of the instructions originally posted here.