Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Thread] Running dnscrypt-proxy on Android #41

Open
jedisct1 opened this issue Jan 27, 2018 · 101 comments

Comments

@jedisct1
Copy link
Collaborator

@jedisct1 jedisct1 commented Jan 27, 2018

Current status:

  • The proxy compiles without any changes using gomobile
  • It also compiles and runs fine on Termux

This is fantastic, but not enough for most Android users to easily install and use it.

Since my knowledge of Android is fairly limited, help would be welcome!

@Sporif

This comment has been minimized.

Copy link

@Sporif Sporif commented Jan 28, 2018

Exactly how do you build it with gomobile? I tried and it makes an apk which doesn't work.

I was thinking of just making a magisk module. It's either that or a root app and I don't know how to make apps. I already updated this unmaintained v1 module for the latest magisk version and some extra improvements, It should be simple enough to adapt to v2. I just need a way to make the binaries.

@jedisct1

This comment has been minimized.

Copy link
Collaborator Author

@jedisct1 jedisct1 commented Jan 28, 2018

It requires an app.Main() function, that can just call the (actual) main function. That's all I know :)

@Sporif

This comment has been minimized.

Copy link

@Sporif Sporif commented Jan 28, 2018

Well the linux arm64 variant works seems to fine on my phone. Maybe we don't need android specific binaries after all.

Also I have a request, I don't know if it's possible but could you add an option to have paths relative to dnscrypt-proxy.toml? It would be useful since I'm separating the binary from the config files (can't well keep them in /system/xbin). Otherwise every path in dnscrypt-proxy.toml must be a hardcoded absolute path.

@Sak94664

This comment has been minimized.

Copy link

@Sak94664 Sak94664 commented Jan 28, 2018

./dnscrypt-proxy
[2018-01-28 15:10:08] [CRITICAL] Unable use source [public-resolvers]: [Get http://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md: dial tcp: lookup download.dnscrypt.info on [::1]:53: read udp [::1]:44259->[::1]:53: read: connection refused]
[2018-01-28 15:10:08] [NOTICE] Starting dnscrypt-proxy 2.0.0beta11
[2018-01-28 15:10:08] [NOTICE] Now listening to 127.0.0.1:5353 [UDP]
[2018-01-28 15:10:08] [NOTICE] Now listening to 127.0.0.1:5353 [TCP]
[2018-01-28 15:10:08] [NOTICE] Now listening to [::1]:5353 [UDP]
[2018-01-28 15:10:08] [NOTICE] Now listening to [::1]:5353 [TCP]
[2018-01-28 15:10:08] [ERROR] Head https://dns.google.com/experimental: dial tcp: lookup dns.google.com on [::1]:53: read udp [::1]:43670->[::1]:53: read: connection refused
[2018-01-28 15:10:08] [NOTICE] dnscrypt-proxy is waiting for at least one server to be reachable
^C[2018-01-28 15:10:58] [NOTICE] Stopped.``

This is the binary file from release page,running on termux.(arm64)
But when I use self-compiled binary,it works fine.
(Maybe it's because I run it without setting the port to 53?Set port 5353 ).
Android 7.1.2

Edit:Works fine when I use self-compiled binary.(set port to 5353.)
And I found a similar issue on another project.It said that the software will not run on android if the domain name is set,but it can run if the ip is set
issue:fatedier/frp#633 (Chinese)

edit(2019.11.03):.
it seems that this problem occurs when /etc/resolv.conf is missing
and Android absolutely don't have this file in that exact place.
a chroot or proot may do the trick.(use proot image or just execute dnscrypt proxy right after termux-chroot is ok,e.g. termux-chroot ./dnscrypt-proxy )

  • if you are using termux-chroot please don't forget to add ~/../usr/etc/resolv.conf and edit it.

  • You can just download linux-arm or linux-arm64 version from releases page and use it.

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented Feb 7, 2018

Hi, I am trying the arm binaries on my phone and they seem to work fine.
However i have a problem with configuration, since i receive this error:

Starting dnscrypt-proxy...
[2018-02-07 13:53:31] [NOTICE] System DNS configuration not usable yet, exceptionally resolving [download.dnscrypt.info] using fallback resolver [9.9.9.9:53]
[2018-02-07 13:53:31] [NOTICE] System DNS configuration not usable yet, exceptionally resolving [download.dnscrypt.info] using fallback resolver [9.9.9.9:53]
[2018-02-07 13:53:31] [CRITICAL] Unable use source [public-resolvers]: [read udp 10.102.21.149:50517->9.9.9.9:53: read: connection refused]
[2018-02-07 13:53:31] [FATAL] No servers configured

Here is my dnscrypt-proxy.toml: https://pastebin.com/c5HM2SMW

@jedisct1

This comment has been minimized.

Copy link
Collaborator Author

@jedisct1 jedisct1 commented Feb 7, 2018

Is your network usable? connection refused is pretty self-explanatory; it looks like the phone doesn't have access to the internet, or that something is blocking outgoing DNS connections.

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented Feb 7, 2018

Ok thank you, the problem was that just after starting dnscrypt-proxy i tryed to divert all dns requests to localhost:

iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination 127.0.0.1
iptables -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to-destination 127.0.0.1

Unfortunately, i don't know how to configure my phone to use 127.0.0.1 as dns server after starting dnscrypt-proxy :(

@Sporif

This comment has been minimized.

Copy link

@Sporif Sporif commented Feb 11, 2018

I added a guide to building the Android version on a non-Android OS, if anyone's interested.

https://github.com/jedisct1/dnscrypt-proxy/wiki/Building-the-Android-version-on-non-Android-OS

@jedisct1

This comment has been minimized.

Copy link
Collaborator Author

@jedisct1 jedisct1 commented Feb 11, 2018

This is fantastic, thank you @Sporif!

@jedisct1 jedisct1 closed this Feb 17, 2018
@JERW86

This comment has been minimized.

Copy link

@JERW86 JERW86 commented Feb 17, 2018

@Sporif are you still planning to release a Magisk module for 15+?

@jedisct1 jedisct1 reopened this Feb 17, 2018
@Sporif

This comment has been minimized.

Copy link

@Sporif Sporif commented Feb 17, 2018

@JERW86 Yeah I am, it's just going to be a while. Still writing the script that calls dnscrypt-proxy.

@jedisct1 jedisct1 changed the title Help wanted: Android support [Thread] Running dnscrypt-proxy on Android Feb 20, 2018
@HI54U

This comment has been minimized.

Copy link

@HI54U HI54U commented Feb 20, 2018

System: Android LOS 7.1.2 latest, amd64 compiled, root, Afwall+ (on/off) moved the folder dnscrypt-proxy to data/local/tmp, all files 777 privileges

I encountered the following error while starting it with ./dnscrypt-proxy:
[FATAL] listen udp 127.0.0.1:5353: bind: address already in use

I changed the standard configuration file:

listen_addresses = ['127.0.0.1:53', '[::1]:53']
to
listen_addresses = ['127.0.0.1:53', '127.0.0.1:53']

If not I got an error that there's no UDP connection possible

require_dnssec = false
to
require_dnssec = true

SSH:
gemini:/data/local/tmp/dnscrypt-proxy # ./dnscrypt-proxy
[2018-02-20 16:57:11] [NOTICE] Source [https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md] loaded
[2018-02-20 16:57:11] [NOTICE] dnscrypt-proxy 2.0.1
[2018-02-20 16:57:11] [NOTICE] Now listening to 127.0.0.1:53 [UDP]
[2018-02-20 16:57:11] [NOTICE] Now listening to 127.0.0.1:53 [TCP]
[2018-02-20 16:57:11] [FATAL] listen udp 127.0.0.1:53: bind: address already in use
255|gemini:/data/local/tmp/dnscrypt-proxy #

How can I fix this and run dnscrypt-proxy permantly?

@jedisct1

This comment has been minimized.

Copy link
Collaborator Author

@jedisct1 jedisct1 commented Feb 20, 2018

listen_addresses = ['127.0.0.1:53', '127.0.0.1:53']

Looks like you are listening to the same IP and port twice.

@HI54U

This comment has been minimized.

Copy link

@HI54U HI54U commented Feb 20, 2018

Ok, changed it again to the standard listen addresses
But then getting an error again:

gemini:/ $ su
gemini:/data/local/tmp/dns/dnscrypt-proxy <
[2018-02-20 18:03:30] [NOTICE] Source [https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md] loaded
[2018-02-20 18:03:30] [NOTICE] dnscrypt-proxy 2.0.1
[2018-02-20 18:03:30] [NOTICE] Now listening to 127.0.0.1:53 [UDP]
[2018-02-20 18:03:30] [NOTICE] Now listening to 127.0.0.1:53 [TCP]
[2018-02-20 18:03:30] [FATAL] listen udp [::1]:53: bind: cannot assign requested address
255|gemini:/data/local/tmp/dnsc,rypt-proxy #

@jedisct1

This comment has been minimized.

Copy link
Collaborator Author

@jedisct1 jedisct1 commented Feb 20, 2018

Try a single address, then:

listen_addresses = ['127.0.0.1:53']
@Teyro

This comment has been minimized.

Copy link

@Teyro Teyro commented Feb 20, 2018

Could you sent me a copy of your compiled dns crypt? Cant get it wo work :(

@Sporif

This comment has been minimized.

Copy link

@Sporif Sporif commented Feb 20, 2018

@HI54U
If you haveen't already, you also need to set the dns server with iptables.

iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination $ipv4address 
iptables -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to-destination $ipv4address

Where $ipv4address is the ipv4 address used in listen_addresses

To remove the rules it's the same command except use iptables -t nat -D instead of iptables -t nat -A.

@Sporif

This comment has been minimized.

Copy link

@Sporif Sporif commented Feb 20, 2018

@Teyro what have you tried so far?

@HI54U

This comment has been minimized.

Copy link

@HI54U HI54U commented Feb 20, 2018

@jedisct1
thank you, that works now, no errors.

@Teyro
amd64 V2.0.1
https://files.fm/u/f9w8h4gg

@Sporif
thank you for the advice, already changed the Afwall+ startup script

What is the best way to start dnscrypt-proxy automatic and not manual in a shell for Android 7.1.2? Init.d script?

@Sporif

This comment has been minimized.

Copy link

@Sporif Sporif commented Feb 20, 2018

Yes an init.d script, or if you use magisk add the script to /sbin/.core/img/.core/service.d

@HI54U

This comment has been minimized.

Copy link

@HI54U HI54U commented Feb 20, 2018

ok, made a simple userinit script in system/etc/init.d

99userinit.sh

#!/system/bin/sh
cd data/local/tmp/dnscrypt-proxy
./dnscrypt-proxy

then started it with universal init.d

@J316

This comment has been minimized.

Copy link

@J316 J316 commented Oct 9, 2018

@HI54U what are the recommended settings? (I also tried these commands in terminal, it didn't work)

@uzen I tried it, there was no DNS resolution, IPs still worked, then thinkered a bit in AFWall+ and DNS resolved through ISP servers, don't recall what I did, anyway DNSCrypt was not working

@HI54U

This comment has been minimized.

Copy link

@HI54U HI54U commented Oct 10, 2018

Afwall+ try 2.98 or actual beta 3.0 from github
preferences - binaries - dns proxy should be disable dns via netd
-> build in iptables and busybox

@J316

This comment has been minimized.

Copy link

@J316 J316 commented Oct 10, 2018

@HI54U @uzen I managed to get it to work. Just disabling DNS via netd made blocked the DNS resolution,I had to allow (root) - Apps running as root to make DNS resolution possible. I also tried to revert DNS via netd to auto and even to allow it, and the resolution was still working, I don't know why, perhaps some internal caching. Anyway it works on AFWall+ 2.99 with installer 1.2.2. Thanks a lot for the help

@uzen

This comment has been minimized.

Copy link

@uzen uzen commented Oct 17, 2018

updated the script https://github.com/uzen/dnscrypt-android/releases/tag/1.3

  • dnscrypt shows more information if something goes wrong
  • no binding to the file name for the -r flag
@ant9000

This comment has been minimized.

Copy link

@ant9000 ant9000 commented Oct 28, 2018

As far as I can figure out, no one has yet written an Android app that makes using dnscrypt-proxy easy for everybody.

Well, I'm writing on behalf of the Blokada team: we are studying how to add support for DNSCrypt protocol into Blokada, and integrating dnscrypt-proxy directly into the app seems a really nice idea. Would you care discussing it further? Don't know which channel is more appropriate, so I just write here to let the ball start rolling!

Antonio

@licaon-kter

This comment has been minimized.

Copy link

@licaon-kter licaon-kter commented Oct 28, 2018

@ant9000 Integration would be nice.

I've used it (old version bufore the Rust rewrite) as a separate app with local VPN DNS redirection via NetGuard ( smarek/android-unbound-dns#18 ) with some success. ;)

@JERW86

This comment has been minimized.

Copy link

@JERW86 JERW86 commented Nov 23, 2018

@jedisct1 - dnscrypt-proxy- android arm64-2.0.19.zip is not listed. Is there a reason why? I would like to use the latest update on my phone. I am running ArrowOS 9.0 64 bit ROM on Moto G4 XT1625.

@jedisct1

This comment has been minimized.

Copy link
Collaborator Author

@jedisct1 jedisct1 commented Nov 23, 2018

For some reason, Github wasn't able to store that file. Everything has been reuploaded, and the file is there.

@tosunkaya

This comment has been minimized.

Copy link

@tosunkaya tosunkaya commented Nov 29, 2018

where can i download latest flashable zip or apk? is there any gui or terminal?

@sorcer1122

This comment has been minimized.

Copy link

@sorcer1122 sorcer1122 commented Dec 16, 2018

Worked fine for me (Android 8.1), starting up fine with the system boot. the only other problem is how to allow uid 0 apps only to connect to dnscrypt servers. Custom script does not work.

@Skcyte

This comment has been minimized.

Copy link

@Skcyte Skcyte commented Dec 18, 2018

How do you run the dnscrypt proxy permanently? Already compiled it but still struggle with script that run on start up using magisk still didn't work. And after a while the dnscrypt proxy seems to stop or something, the internet immediately not receiving data after a long idle.

@zedocrob

This comment has been minimized.

Copy link

@zedocrob zedocrob commented Dec 18, 2018

@uzen Flashed your script with success on Pie and using Afwall+ 3.0.3+custom start-stop scripts.
Can i safely update System/xbin/dnscryp-proxy with version 2.0.19?
or wait for you to update your zip?

@mirfatif

This comment has been minimized.

Copy link

@mirfatif mirfatif commented Dec 22, 2018

Android arm64 v2.0.19 (with linker /system/lib/linker64) works perfect on Pie.

@rigaz29

This comment has been minimized.

@lindroidux

This comment has been minimized.

Copy link

@lindroidux lindroidux commented Oct 14, 2019

@jedisct1 version2.0.28 working fine as magisk module.
Could you pls add option for primary, secondary, tertiary fallback_resolver & netprobe_address?

@Ilnahro

This comment has been minimized.

Copy link

@Ilnahro Ilnahro commented Oct 16, 2019

The magisk module is unavailable. Magisk apparently moved it into the module grave (though I cannot find any reason)

@lindroidux

This comment has been minimized.

Copy link

@lindroidux lindroidux commented Oct 16, 2019

I hv the 2.0.28 working fine on my local repo.

https://github.com/lindroidux/dnscrypt-proxy2-android.

@r4sas

This comment has been minimized.

Copy link

@r4sas r4sas commented Oct 16, 2019

For note: DNSCrypt is available in InviZible - https://github.com/Gedsh/InviZible (it's something like combiner with dnscrypt-proxy, tor and i2pd on board).
Requires root on device to start.
(idk why @Gedsh still doesn't write here about app ;) )

@Gedsh

This comment has been minimized.

Copy link

@Gedsh Gedsh commented Oct 16, 2019

why @Gedsh still doesn't write here about app

I think there may be some difficulties without a good manual in English. But I still will not find time to write it.

@jedisct1 jedisct1 pinned this issue Oct 21, 2019
@jedisct1

This comment has been minimized.

Copy link
Collaborator Author

@jedisct1 jedisct1 commented Oct 21, 2019

I'm not an Android user, but that new app looks pretty interesting:

https://github.com/Gedsh/InviZible

@pashamcr

This comment has been minimized.

Copy link

@pashamcr pashamcr commented Oct 28, 2019

@jedisct1
trying to build for android-9 aarch64
ndk20, go1.13.3

mkdir dnscrypt-proxy-src
cd dnscrypt-proxy-src
git clone https://github.com/DNSCrypt/dnscrypt-proxy.git src
$env:GOPATH=$PWD
$env:GOOS='android'
$env:GOARCH='arm64'
$NDK="c:/Users/Pasha/AppData/Local/Android/Sdk/ndk-bundle"
$env:Path += ";$NDK/toolchains/llvm/prebuilt/windows-x86_64/bin"
$env:CC="clang.exe --target=aarch64-linux-android28 -fno-addrsig"
$env:CCX="clang++.exe --target=aarch64-linux-android28 -fno-addrsig"
$env:CGO_ENABLED=1
cd src/dnscrypt-proxy
go clean
go build -ldflags="-s -w" -o $env:GOPATH/android-arm64/dnscrypt-proxy

error:

# net
c:\go\src\net\cgo_android.go:9:10: fatal error: 'netdb.h' file not found
#include <netdb.h>
         ^~~~~~~~~
1 error generated.

netdb.h is in
c:/Users/Pasha/AppData/Local/Android/Sdk/ndk-bundle/sysroot/usr/include
introduced
$env:CGO_CFLAGS="-I/c:/Users/Pasha/AppData/Local/Android/Sdk/ndk-bundle/sysroot/usr/include" - did not work

@jedisct1

This comment has been minimized.

Copy link
Collaborator Author

@jedisct1 jedisct1 commented Oct 28, 2019

You can simply download a precompiled binary :)

The one for android/aarch64 is compiled with the following command-ilne:

env CC=aarch64-linux-android-clang CXX=aarch64-linux-android-clang++ \
CGO_ENABLED=1 GOOS=android GOARCH=arm64 go build -mod vendor -ldflags="-s -w"
@pashamcr

This comment has been minimized.

Copy link

@pashamcr pashamcr commented Oct 29, 2019

@jedisct1
without creating a standalone toolchain, it worked like this:
Windows10, NDK from android studio 3.5.1, Go 1.13.3

mkdir dnscrypt-proxy-src
cd dnscrypt-proxy-src
git clone https://github.com/DNSCrypt/dnscrypt-proxy.git src
$env:GOPATH=$PWD
$env:GOOS='android'
$env:GOARCH='arm64'
$NDK="c:\Users\Pasha\AppData\Local\Android\Sdk\ndk-bundle"
$env:Path += ";$NDK/toolchains/llvm/prebuilt/windows-x86_64/bin"
$env:CCX="$NDK/toolchains/llvm/prebuilt/windows-x86_64/bin/aarch64-linux-android28-clang++"
$env:CC="$NDK/toolchains/llvm/prebuilt/windows-x86_64/bin/aarch64-linux-android28-clang"
$env:CGO_ENABLED=1
cd src/dnscrypt-proxy
go clean
go build -ldflags="-s -w" -o $env:GOPATH/android-arm64/dnscrypt-proxy
gci $env:GOPATH/src/dnscrypt-proxy/example-* | cp -dest $env:GOPATH/android-arm64

android-arm64.zip

@Gedsh

This comment has been minimized.

Copy link

@Gedsh Gedsh commented Nov 7, 2019

I'm not an Android user, but that new app looks pretty interesting:

https://github.com/Gedsh/InviZible

Thanks for the feedback. I have added precompiled apps for the new beta version. So everyone can easily use it now with a rooted device.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
You can’t perform that action at this time.