Feature Request: dnscrypt plugin support for squid transparent proxy #1014
Comments
|
As I said in the forums ... I'm thinking (could take some time) :) |
|
No Problem. This Plugin is really really great 👍 |
|
ok, it might be the problem of your local DNS servers |
|
Problem is, that i cant do this because some other Clients on another lan Interface (wlan Clients iPad/iPhone) need the dns Servers. They dont use this Plugin, because some Apps like Facebook and Banking Sites do not work with the dnscrypt Plugin. :-( |
|
Why shouldnt they work? Then add the domain to forward and set 9.9.9.9 or whatever :) |
|
i removed all dns servers, saved the settings and made a unbound service restart. result -> no difference . same problem! :-( |
|
by the way....sometimes there is a huge latency when i open websites! |
|
I set up transparent proxy at home, will test this evening .. |
|
👍 |
|
@fichtner can You assign the issue to mimugmail? I do not have the right. Thx, regards rene |
|
With the next version you can run this plugin on port 53, so you can disable unbound and set localhost as the system resolver to let squid use it. |
|
@mimugmail that are really great news..i will Test this. well done 👍 |
|
@opnsenseuser can you test please and close if it fits your need? :) |
|
@mimugmail not all my clients should go by dnscrypt proxy. some should use only unbound!. thx for your support! rené |
|
With transparent proxy this isnt possible as only the proxy does DNS requests. In docs repo is an open PR with a little documentation (also from a guy in the forums) |
|
@mimugmail thx very much. |
where can i find the doc repo´s ? |
|
@opnsenseuser it heavily depends how you use it. You can run Unbound on any interface port 53, then you add a second loopback IP via Firewall : Virtual IPs : Alias, bind dnscrypt-proxy to it and set it as the system DNS (for transparent proxy). Then all your clients use Unbound and system dnscrypt. Now you can start using NAT rules for the clients that should use dnscrypt to your loopback IP |
|
@mimugmail FYI (you may add a custom DNS server in the squid config): http://www.squid-cache.org/Doc/config/dns_nameservers/ |
|
@mimugmail i changed all the setting you said. i made a virtual ip. made a nat rule to this ip. changed the alternative server in the transparent proxy setting to the virtual ip. changed dnscrypt ip to the virtual ip. but i get the same error if i tried to nslookup 192.168.1.1 (my router) -> see my screenshot
|
|
thats my "nat-rule" with the virtual ip that is the firewall rule for the interface: these are the dnscrypt service settings: these are the transparent proxy settings: i do not know if i need this rule anymore?
@mimugmail |
|
I am not involved in any of this settings, so I'm out here (I have not developed nor used any of this settings). |
|
@mimugmail any news on this? |
|
@opnsenseuser you didn't bind dnsproxy to port 53, then it wont work ... |
|
@mimugmail where do i have to configure this? Can you help me? Regards rene |
|
dnscrypt proxy, general, listen address 192.168.1.100:53 and set allow privileged ports .. |
|
And localhost [::1]:53 too ? |
|
No, just this IP and then set dns for squid for this IP |
|
Ok, and the nat rule i Posten above. Fortward 53 to 5353. is this correct? |
|
you told me that only some users need this rule, or other just have to use unbound. the nat rule is only to force dnscrypt for specific clients. you have to decide for which users it should be set. |
|
Yes, i made a nat rule for Squid Proxy accecpt the noproxy Clients. |
|
So, can you close this? Otherwise this would more fit for the forums as dnscrypt is feature complete (besides blacklists) |
@mimugmail the Tool is one of my favorits. Works Great and easy to use.
But would be Great if you could manage this Plugin working with transparent proxy (Squid)
Regards rene
The text was updated successfully, but these errors were encountered: