MikroTik & OpenWRT & DNSCrypt
The solution to this quest is inspired by this article .
This article is intended for a user who has a home router manufactured by MikroTik, therefore, the moments related directly to the compilation and build are omitted, and examples by MikroTik are in pictures.
So, in short, setting the task is the following: pick up a trimmed version of OpenWRT as a virtual machine (guest) on MetaROUTER and already on it pick up the DNS + DNSCrypt combination, which is used for encrypted data exchange with external DNS servers.
To solve this problem in the standard way, using the source code for LEDE (OpenWRT) with DNSCrypt support, patchKDE for FreeBSD under Mikrotik MetaROUTER and could not be compiled, because either the errors when applying the patch, or when compiling, or the assembly behaves not stable, IMHO.
')
We succeeded in solving the problem by the method of successive approximations — taking a ready, old but stable assembly of OpenWRT AA 31411, delivering part of the packages from the repository, compiling part of it separately and slightly modifying the configs with a file.
So, we take a ready-made bundle (you can take the OpenWRT build separately here ), unzip it, via FTP or via the clipboard (copy it in the explorer, on the Files-> Paste router) fill in the openwrt-mr-mips-rootfs-31411-basic files on MikroTik. tar.gz and files.tar.gz
Create a new guest by importing the assembly into MetaROUTER (MetaROUTER-> Import Image):
Add a new eth interface for the guest:
In order to simplify the launch of OpenWRT IP as much as possible, it receives via DHCP from MikroTik, for this purpose we specify adding guest int. (I have this vif19) to the bridge (I have it - bridge1), which also has an internal master int. router (in my example, a little different, but in fact does not change). When OpenWRT receives the address, we make it static in the DHCP server settings of the router and specify this address in the DHCP server settings as the DNS server address for computers (IP-> DHCP server-> Networks-> DNS servers).
After creating the guest he is in disable. We do Enable, open the Console (with the right button on the guest), wait about 75 seconds, periodically running ifconfig, to catch the moment of lifting the network interface and getting the address (like this):
Before moving on, I recommend to test OpenWRT - connect with a telnet, start something - ping, netstat, etc. to make sure that OpenWRT does not crash in the kernel panic.
If all is well, proceed to the "finish" (in the console):
If there were no errors we overload OpenWRT:
After restarting OpenWRT (~ 75 sec), go to the console and check that dnscrypt-proxy has started:
We check the operation of DNSCrypt, for example, something cut open:
On the computer, restart the network int., Look at its settings, make sure that the address of our OpenWRT is received as the DNS server address.
If so, the task can be considered complete.
The efficiency of the solution was tested on 951/2011 models.
This article is intended for a user who has a home router manufactured by MikroTik, therefore, the moments related directly to the compilation and build are omitted, and examples by MikroTik are in pictures.
So, in short, setting the task is the following: pick up a trimmed version of OpenWRT as a virtual machine (guest) on MetaROUTER and already on it pick up the DNS + DNSCrypt combination, which is used for encrypted data exchange with external DNS servers.
To solve this problem in the standard way, using the source code for LEDE (OpenWRT) with DNSCrypt support, patch
')
We succeeded in solving the problem by the method of successive approximations — taking a ready, old but stable assembly of OpenWRT AA 31411, delivering part of the packages from the repository, compiling part of it separately and slightly modifying the configs with a file.
So, we take a ready-made bundle (you can take the OpenWRT build separately here ), unzip it, via FTP or via the clipboard (copy it in the explorer, on the Files-> Paste router) fill in the openwrt-mr-mips-rootfs-31411-basic files on MikroTik. tar.gz and files.tar.gz
Create a new guest by importing the assembly into MetaROUTER (MetaROUTER-> Import Image):
Add a new eth interface for the guest:
In order to simplify the launch of OpenWRT IP as much as possible, it receives via DHCP from MikroTik, for this purpose we specify adding guest int. (I have this vif19) to the bridge (I have it - bridge1), which also has an internal master int. router (in my example, a little different, but in fact does not change). When OpenWRT receives the address, we make it static in the DHCP server settings of the router and specify this address in the DHCP server settings as the DNS server address for computers (IP-> DHCP server-> Networks-> DNS servers).
After creating the guest he is in disable. We do Enable, open the Console (with the right button on the guest), wait about 75 seconds, periodically running ifconfig, to catch the moment of lifting the network interface and getting the address (like this):
root@metarouter:/# ifconfig eth0 Link encap:Ethernet HWaddr 02:8D:A2:1D:9D:73 inet addr:172.16.1.247 Bcast:172.16.1.255 Mask:255.255.255.255 … Before moving on, I recommend to test OpenWRT - connect with a telnet, start something - ping, netstat, etc. to make sure that OpenWRT does not crash in the kernel panic.
If all is well, proceed to the "finish" (in the console):
root@metarouter:/# cd /tmp root@metarouter:/tmp# wget ftp://admin:passwd@router/files.tar.gz (, router - IP Mikrotik) root@metarouter:/tmp# tar xzf files.tar.gz root@metarouter:/tmp cd files root@metarouter:/tmp/files# ./install.sh The result of the install.sh (for no errors)
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq = 0 ttl = 56 time = 13.374 ms
64 bytes from 8.8.8.8: seq = 1 ttl = 56 time = 15.320 ms
64 bytes from 8.8.8.8: seq = 2 ttl = 56 time = 12.756 ms
- 8.8.8.8 ping statistics - 3 packets, loss, 3 packets received, 0% packet loss
round-trip min / avg / max = 12.756 / 13.816 / 15.320 ms
Downloading openwrt.wk.cz/trunk/mr-mips/packages/Packages.gz .
Inflating openwrt.wk.cz/trunk/mr-mips/packages/Packages.gz .
Updated list of available packages in / var / opkg-lists / snapshots.
Installing libcap (2.22-1) to root ...
Downloading openwrt.wk.cz/trunk/mr-mips/packages/libcap_2.22-1_mr-mips.ipk .
Configuring libcap.
Installing ntpdate (4.2.6p5-1) to root ...
Downloading openwrt.wk.cz/trunk/mr-mips/packages/ntpdate_4.2.6p5-1_mr-mips.ipk .
Configuring ntpdate.
Installing libsodium (1.0.16-1) to root ...
Multiple packages (libc and libc) providing the same name marked HOLD or PREFER. Using latest.
Installing libpthread (0.9.33-104) to root ...
Downloading openwrt.wk.cz/trunk/mr-mips/packages/libpthread_0.9.33-104_mr-mips.ipk .
Configuring libpthread.
Configuring libsodium.
Installing dnscrypt-proxy-resolvers (1.9.5 + git-20171001-2d43be3-8) to root ...
Multiple packages (libc and libc) providing the same name marked HOLD or PREFER. Using latest.
Configuring dnscrypt-proxy-resolvers.
Installing dnscrypt-proxy (1.9.5-8) to root ...
Multiple packages (libc and libc) providing the same name marked HOLD or PREFER. Using latest.
Configuring dnscrypt-proxy.
Installing rng-tools (5-1) to root ...
Multiple packages (libc and libc) providing the same name marked HOLD or PREFER. Using latest.
Configuring rng-tools.
24 Apr 11:22:24 ntpdate [2321]: adjust time server 91.203.172.2 offset -0.010429 sec
cp: omitting directory 'etc / config'
64 bytes from 8.8.8.8: seq = 0 ttl = 56 time = 13.374 ms
64 bytes from 8.8.8.8: seq = 1 ttl = 56 time = 15.320 ms
64 bytes from 8.8.8.8: seq = 2 ttl = 56 time = 12.756 ms
- 8.8.8.8 ping statistics - 3 packets, loss, 3 packets received, 0% packet loss
round-trip min / avg / max = 12.756 / 13.816 / 15.320 ms
Downloading openwrt.wk.cz/trunk/mr-mips/packages/Packages.gz .
Inflating openwrt.wk.cz/trunk/mr-mips/packages/Packages.gz .
Updated list of available packages in / var / opkg-lists / snapshots.
Installing libcap (2.22-1) to root ...
Downloading openwrt.wk.cz/trunk/mr-mips/packages/libcap_2.22-1_mr-mips.ipk .
Configuring libcap.
Installing ntpdate (4.2.6p5-1) to root ...
Downloading openwrt.wk.cz/trunk/mr-mips/packages/ntpdate_4.2.6p5-1_mr-mips.ipk .
Configuring ntpdate.
Installing libsodium (1.0.16-1) to root ...
Multiple packages (libc and libc) providing the same name marked HOLD or PREFER. Using latest.
Installing libpthread (0.9.33-104) to root ...
Downloading openwrt.wk.cz/trunk/mr-mips/packages/libpthread_0.9.33-104_mr-mips.ipk .
Configuring libpthread.
Configuring libsodium.
Installing dnscrypt-proxy-resolvers (1.9.5 + git-20171001-2d43be3-8) to root ...
Multiple packages (libc and libc) providing the same name marked HOLD or PREFER. Using latest.
Configuring dnscrypt-proxy-resolvers.
Installing dnscrypt-proxy (1.9.5-8) to root ...
Multiple packages (libc and libc) providing the same name marked HOLD or PREFER. Using latest.
Configuring dnscrypt-proxy.
Installing rng-tools (5-1) to root ...
Multiple packages (libc and libc) providing the same name marked HOLD or PREFER. Using latest.
Configuring rng-tools.
24 Apr 11:22:24 ntpdate [2321]: adjust time server 91.203.172.2 offset -0.010429 sec
cp: omitting directory 'etc / config'
If there were no errors we overload OpenWRT:
root@metarouter:/tmp/files# reboot After restarting OpenWRT (~ 75 sec), go to the console and check that dnscrypt-proxy has started:
root@metarouter:/# netstat -anp Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:5353 0.0.0.0:* LISTEN 2150/dnscrypt-proxy … We check the operation of DNSCrypt, for example, something cut open:
root@metarouter:/# nslookup ya.ru Server: 127.0.0.1 Address 1: 127.0.0.1 localhost Name: ya.ru Address 1: 2a02:6b8::2:242 ya.ru Address 2: 87.250.250.242 ya.ru On the computer, restart the network int., Look at its settings, make sure that the address of our OpenWRT is received as the DNS server address.
If so, the task can be considered complete.
The efficiency of the solution was tested on 951/2011 models.
Source: https://habr.com/ru/post/354710/
All Articles