| View previous topic :: View next topic |
| Author |
Message |
yx681745
n00b
Joined: 29 Dec 2017
Posts: 10
|
 Posted: Fri Mar 02, 2018 2:06 pm Post subject: OpenVPN + Dnscrypt panic |
 |
|
Hello, I used OpenDns + Dnscrypt on windows and it works well enough to bypass China firewall
However, when I tried to follow the guide https://wiki.installgentoo.com/index.php/DNSCrypt and merged the Dnscrypt-2.00 package and try to start dnscrpt-proxy, it saied It cant find dnscrypt.toml
Also I use NetworkManager. Even after diabling it writing resolv.conf the configuration is still a huge panic.
How can I get the right configuation to get Dnscrypt and OpenDNS work? |
|
| Back to top |
|
 |
kiksen
Guru
Joined: 24 Jun 2002
Posts: 401
Location: Denmark
|
| Posted: Wed Mar 28, 2018 9:10 am Post subject: |
|
|
Hi.
You find the dnscrypt-proxy configuration in /etc/dnscrypt-proxy/dnscrypt-proxy.toml
If you want to restrict it to only using OpenDNS, you need to add a line with:
| Code: | | server_names = ['cisco'] |
(or uncomment and edit the existing line). It's line 25 in my file.
'cisco' is the name for OpenDNS in dnscrypt-proxy.
You can see the list of servers and their names here:
https://github.com/dyne/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv |
|
| Back to top |
|
|
n05ph3r42
Tux's lil' helper
Joined: 11 Jul 2016
Posts: 134
|
| Posted: Tue Apr 03, 2018 7:42 pm Post subject: Re: OpenVPN + Dnscrypt panic |
|
|
| yx681745 wrote: | Hello, I used OpenDns + Dnscrypt on windows and it works well enough to bypass China firewall
However, when I tried to follow the guide https://wiki.installgentoo.com/index.php/DNSCrypt and merged the Dnscrypt-2.00 package and try to start dnscrpt-proxy, it saied It cant find dnscrypt.toml
Also I use NetworkManager. Even after diabling it writing resolv.conf the configuration is still a huge panic.
How can I get the right configuation to get Dnscrypt and OpenDNS work? |
Check this https://forums.gentoo.org/viewtopic-t-1076052.html and this https://forums.gentoo.org/viewtopic-t-1075746.html
btw, beware that even with dnscrypt-proxy browser still leaks the domain name via SNI extension, even though it runs over https. |
|
| Back to top |
|
|
n05ph3r42
Tux's lil' helper
Joined: 11 Jul 2016
Posts: 134
|
| Posted: Tue Apr 03, 2018 7:55 pm Post subject: |
|
|
Ah, as for | Quote: | | cant find dnscrypt.toml |
- by default dnscrypt-proxy 2.0 looks for cfg in current dir (not like v.1, i even reported a bug, but dev's say that i should specify config via parameter, and that is not a bug), so u should run it after | Code: | | cd /etc/dnscrypt-proxy/ |
or specify cfg in cmd line. |
|
| Back to top |
|
|
Hu
Moderator
Joined: 06 Mar 2007
Posts: 21623
|
| Posted: Wed Apr 04, 2018 2:00 am Post subject: Re: OpenVPN + Dnscrypt panic |
|
|
| n05ph3r42 wrote: | | btw, beware that even with dnscrypt-proxy browser still leaks the domain name via SNI extension, even though it runs over https. |
Although true, there was a similar problem before SNI was widely used. Prior to use of SNI, servers had to guess which certificate to send. The CN of the sent certificate would be visible in the clear. If you care about name privacy, you cannot allow an attacker to observe any TCP traffic between you and the server. |
|
| Back to top |
|
|
|
Networking & Security
