OpenWRT + Dnscrypt On TP-Link WDR3600

Because my ISP using a dns transparent, some website are blocked, to fix this problem im using a dnscrypt in my computer, but it is annoying, because i have to start dnscrypt and it use more resource on my computer, so i have to find a way to make dnscrypt to run on my router, after searching on google, theres a way to run dnscrypt on my tplink router with opwnrt firmware, and today i’m trying to flash my TP-Link WDR-3600 wireless router to OpenWRT and setup dncsrypt to run on it

Here’s the step i take

  1. Download the openwrt firmware for wdr 3600 ini here and find openwrt-15.05-ar71xx-generic-tl-wdr3600-v1-squashfs-factory.bin
  2. Rename it so the filename is not too long
  3. Login to router and do factory reset
  4. Go to upgrade firmware, select the file that already downloaded, and then upgrade
  5. It will take a while, after finish, refresh your network and then login to router using this address http://192.168.1.1
  6. Dont forget to change the password, in default theres no password
  7. Done flashing to openwrt
  8. Let’s install dnscrypt
  9. Go to System>Software
  10. Find dnscrypt, if theres no dnscrypt package, update the page first
  11. After dnscrypt installed Login to the router using ssh
  12. Edit
    1
    /etc/config/dnscrypt-proxy using vi or other editor
  13. 1
    2
    3
    4
    5
    6
    config dnscrypt-proxy
    option address '127.0.0.1'
    option port '5353'
    # option resolver 'cisco'
    # option resolvers_list '/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv'
    # option ephemeral_keys '1'
  14. edit the config as necesary
  15. Go to System>Startup
  16. put this code before exit 0
  17. 1
    2
    3
    /etc/init.d/dnscrypt-proxy enable
    sleep 10
    /etc/init.d/dnscrypt-proxy start
  18. Using ssh again and edit
    1
    /etc/config/dhcp
  19. 1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    config dnsmasq
    option domainneeded 1
    option boguspriv 1
    option filterwin2k 0
    option localise_queries 1
    option rebind_protection 1
    option rebind_localhost 1
    option local '/lan/'
    option domain 'lan'
    option expandhosts 1
    option nonegcache 0
    option authoritative 1
    option readethers 1
    option leasefile '/tmp/dhcp.leases'
    # option resolvfile '/tmp/resolv.conf.auto'
    option noresolv 1
    list server '127.0.0.1#5353'
    list server '/pool.ntp.org/208.67.222.222'
  20. Restart your router or restart the dnsmasq using /etc/init.d/dnsmasq restart
  21. Done and Good Luck!