Got this working on a Raspberry Pi 2 by using several sets of instructions... All commands are done on the command line in a terminal instance.
- These instructions got the actual software onto my machine. Since there is no build for ubuntu, the code must be compiled on the local machine - starting with the dependent encryption suite 'libsodium' first .
- From the linked instructions "I also recommend installing the build-essential packages in case you’re missing compilers."
apt-get install build-essential
- Download the libsodium to a useable directory, I used /media/libsodium which I created first using
sudo mkdir /media/libsodium
cd /media/libsodium
Then used wget for the latest tarball release heresudo wget https://download.libsodium.org/libsodium/releases/libsodium-1.0.3.tar.gz
Untar the libsodium package and installtar -xvzf libsodium-1.0.3.tar.gz cd libsodium-1.0.3 sudo ./configure sudo make sudo make installThese instructions say "I personally have to run “make install” twice. No clue why."
- From the linked instructions "I also recommend installing the build-essential packages in case you’re missing compilers."
- Setting Up A DNSCrypt User - as from here
sudo adduser --system --quiet --home /run/dnscrypt --shell /bin/false --group --disabled-password --disabled-login dnscrypt
That’s all one command. This is so that DNSCrypt can run as another user with no rights, and chroot itself into the directory. - Now we can compile and install DNSCrypt, download the DNSCrypt to a useable directory, I used /media/dnscrypt which I created first using
sudo mkdir /media/dnscrypt
cd /media/dnscrypt
Then used wget for the latest tarball release heresudo wget https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-proxy-ios-1.6.0.tar.gz
Here is a method to authenticate the downloaddig +dnssec TXT dnscrypt-proxy-1.6.0.tar.bz2.download.dnscrypt.org- Untar the DNSCrypt package and install
tar -xvzf dnscrypt-proxy-1.6.0.tar.gz cd dnscrypt-proxy-1.6.0 sudo ./configure sudo make sudo make install
- Untar the DNSCrypt package and install
- Now you can test the install:
If there is a problem with certificate validity, check step 6.
sudo reboot
sudo mkdir /run/dnscrypt sudo dnscrypt-proxy --user=dnscrypt --ephemeral-keys --resolver-name=cloudns-syd --test=0
Settings for DNSCrypt are here. - If this is working (YAY) we can set it to run on boot as a daemon, edit /etc/rc.local
sudo nano /etc/rc.local
These were my /etc/rc.local settings:mkdir /run/dnscrypt sudo dnscrypt-proxy -a 192.168.1.190 --user=dnscrypt --ephemeral-keys --resolver-name=cloudns-syd --daemonize exit 0
using "-a 192.168.1.190" sets the listening address for DNSCrypt, I set it to the machines static local IP address, this allows other devices on the local network (eg the wifi router) to use this machine for DNS. - I found that when the machine boots DNSCrypt doesn't work as it needs the time set - which requires a DNS request for the time server... I added a couple static DNS IPs in the hosts file so the machine can access time servers on boot:
sudo nano /etc/hosts
- I added these lines to the hosts file:
203.23.237.200 0.au.pool.ntp.org 54.252.161.68 3.ubuntu.pool.ntp.org
- Then I added those servers to the NTP client as described here:
sudo nano /etc/ntp.conf
-
server 0.au.pool.ntp.org server 0.ubuntu.pool.ntp.org server 1.ubuntu.pool.ntp.org server 2.ubuntu.pool.ntp.org server 3.ubuntu.pool.ntp.org
- I added these lines to the hosts file:
- Note that the local DNS settings are set here:
sudo nano /etc/network/interfaces
This is mine:# The primary network interface allow-hotplug eth0 #iface eth0 inet dhcp iface eth0 inet static address 192.168.1.190 netmask 255.255.255.0 gateway 192.168.1.1 dns-nameservers 192.168.1.190