Thursday, 23 April 2015

Simple Tips for Installing DNSCrypt on OpenWrt



DNSCrypt Since Internet is full of virtual threats, availing DNS security is must to ensure smooth and safer computing operations. Tech geeks claim that DNS networks serve as the possible entry point for vulnerabilities, and they may damage your computers to an irreparable extent. You can easily install the latest security tool- DNSCrypt to enjoy encrypted Internet browsing experience. The security utility not only encrypts your inward or outward network traffic, but also helps to avoid some major security breaches that may lead to serious frauds. The tool is capable of securing communications between a client and a DNS resolver to ensure that no sensitive data or information goes into the wrong hands. The utility uses elliptic-curve cryptography and protects your device and identity by encrypting web traffic, the way the SSL turns HTTP into HTTPS. Read the blog to know how to install the tool on OpenWrt for beginners:

Steps for Installing the Tool on Your Computers 

Stage1. Installing the Utility on OpenWrt


        Open the OpenWrt’s ‘LuCI Web’ Interface and select ‘System – Software’ tab

        Click the ‘Update List’ option and wait for window to appear

        Type ‘dnscrypt-proxy’ in ‘Download and Install Packages’ field

        Click ‘OK’ and wait until the process gets completed.


If you’re using x86 Platforms, then try the following steps to install the tool:


        Type the following commands to install the utility:


A.      cd /tmp wget

B.      https://downloads.openwrt.org/snapshots/trunk/x86/packages/packages/dnscrypt-proxy_1.4.1-1_x86.ipk

C.      opkg install dnscrypt-proxy*.ipk

D.      rm -f dnscrypt-proxy*ipk
OR 

        Enter these commands to install the CACert SSL certificates


A.      mkdir -p /etc/ssl/certs/

B.      wget -P /etc/ssl/certs/ http://curl.haxx.se/ca/cacert.pem



        Now, Install libsodium by typing these commands

A.      cd /tmp

B.      curl -OL --cacert /etc/ssl/certs/cacert.pem https://github.com/damianorenfer/libsodium-openwrt/raw/master/openwrt/bin/x86/libsodium_0.4.5-1_x86.ipk

C.      opkg install libsodium_0.4.5-1_x86.ipk

D.      rm -f libsodium*.ipk


        And, finally install dnscrypt-proxy for Barrier Breaker

A.      cd /tmp

B.      curl -OL --cacert /etc/ssl/certs/cacert.pem https://github.com/damianorenfer/dnscrypt-proxy-openwrt/raw/master/bin/x86/packages/dnscrypt-proxy_1.4.0-1_x86.ipk

C.      opkg install dnscrypt-proxy_1.4.0-1_x86.ipk

D.      rm -f dnscrypt-proxy*.ipk


Stage2: Check Successful Installation of ‘dnscrypt-proxy’


        Type {opkg status | grep -n "dnscrypt-proxy"} command to check if dnscrypt-proxy already installed or not
        The command will show the following results:

“217:Package: dnscrypt-proxy

224: /etc/config/dnscrypt-proxy 7524801bccfc5504202a7c469f9fbc51”

        If it doesn’t display anything, there might be any problem with the installation of the tool.

Stage3: Configure the Tool to Work Properly


dnscrypt-proxy        Connect your network router via web Interface and select ‘System – Startup’ tab
        Find in ‘initscript – dnscrypt-proxy’ section and click ‘Enable’ button to start the service
        Now, you will need to configure OpenWrt to send DNS request to dnscrypt address
        Select ‘Network’ tab and go to the ‘DHCP and DNS’ section
        Select ‘General Setting’ tab and click the ‘DNS Forwardings’ option
        Fill the both columns with ‘127.0.0.1#2053’ and ‘/pool.ntp.org/208.67.222.222’ details
        Select ‘Resolv and Hosts File’ section and checkmark the ‘Ignore Resolve File’ option

        Press ‘Save & Apply’ option to make the changes

        Now, restart your router and select the ‘System – Startup’ tab

        Find the ‘initscript – dnsmasq’ and click ‘Restart’ option.

Stage4. Test the Tool to Confirm Encrypted Internet Browsing Experience 


        Run the following commands in SSH to test that the tool is working properly on router:

“logread | grep -n "using nameserver"

“logread | grep "Proxying from"

        If the utility has successfully installed, it will showcase the following results:

“132:Jan  1 01:01:00 openwrt daemon.info dnsmasq[1883]: using nameserver 208.67.222.222#53 for domain pool.ntp.org

133:Jan  1 01:01:00 openwrt daemon.info dnsmasq[1883]: using nameserver 127.0.0.1#2053
Jul 1 12:00:00 openwrt daemon.info dnscrypt-proxy[1831]: Proxying from 127.0.0.1:2053 to 208.67.220.220:443”

        If you’re using a Windows PC, open Command Prompt and run the following commands:

nslookup

set type=txt

debug.opendns.com

        Linux OS users will need to open Terminal and type the “dig txt debug.opendns.com” command
        If the results portray “dnscrypt enabled (7165343751484877)” messages, then you and your computing operations are secured.

Conclusion


Many of you may think that adopting DNS security tips isn’t that important, but you should consider it as an additional responsibility to safeguard your device and identity from cyber attacks. You should install DNS tool to enjoy the encrypted internet browsing environment and to secure your DNS networks. The tool can efficiently prevent you from leading cyber crimes including spying, spoofing, and man-in-the-middle attacks. So install DNSCrypt right now and browse through a protected yet secure online network!

No comments:

Post a Comment