💐 👭 🧢 Step-by-step strategy or installation of Entware and DNSCrypt on Zyxel Keenetic modems 🤴🏼 😷 👩🏾‍🌾

What you need and preliminary actions

ZyXEL Keenetic with USB port, any except for 4GII / III models - one piece
Usb Flash - one piece

The flash drive can be anything. In my case, this is a fake Kingston, in which only 256MB was actually found out of 8GB

We check the firmware version in the dashboard. To install Entware, you need NDMS firmware v2.07 (2.08) or higher. If you have it like this, skip to step 2. Installing Entware

My prototype Zyxel Keenetic DSL with firmware 2.05 . Without upgrading the firmware version, the Entware installation on it prematurely terminates with the messageOpkg::Manager: /opt/etc/init.d/doinstall: FATAL: kernel too old.

therefore

We update the firmware to version 2.11 from the legacy channel
1. We connect to the router,
  
  telnet your_router_ip
  
  enter the username / password of the admin user
2. We switch the channel to legacy:
  
  components sync legacy
  
  - for firmware up to 2.06
  
  components list legacy
  
  - for firmware 2.06 and higher
3. In the web interface, go to System -> Update.
  
  Check that the "Debug version" value appears in the "Use" field . We press the "Update" button and wait.
4. . .
  
  NDMS version: 2.11.D.9.0-1 - , .
Entware
1. Keenetic DSL, LTE, VOX, DSL (KN-2010), DUO (KN-2110) ( http://bin.entware.net/mipssf-k3.4/installer/mips-installer.tar.gz)
  
  - Keenetic - mipsel-installer.tar.gz
2. . FAT32. (, ). .
3. System->Update FTP OPKG. -
4. FTP, Applications->FTP, FTP , ( , , FTP)
5. FTP ( - 2.4), (c 2.2)
6. install
7. 2.1 install
8. Applications->OPKG, "Enable", "Use external storage" , "Apply"
9. System->Log,
  
  "installer[5/5] "Entware" ! !"
  
  22 222 root keenetic
  
  ;)
  
  - /opt/etc/config/dropbear.conf
  
  - passwd
10. FTP - .
  
  , , :)
DNSCrypt2

DNS ( - DNS. , )

https://dnsleaktest.com/

https://browserleaks.com/dns

https://whatleaks.com/
1. Entware SSH
2. DNSCrypt2
  
  opkg update
  
  opkg install dnscrypt-proxy2
3. opkg install ca-certificates cron iptables
4. /opt/etc/dnscrypt-proxy.toml
  
  listen_addresses = ['127.0.0.1:53']
  
  :
  
  listen_addresses = ['0.0.0.0:53']
5. DNSCrypt2
  
  /opt/etc/init.d/S09dnscrypt-proxy2 start
6. DNS
  
  ! telnet ( Entware SSH) - 1.1
  
  opkg dns-override
  
  system configuration save
7. Home Network -> Segments
  
  Wifi , DHCP server:
  
  DNS 1 IP
  
  DNS 2
8. Internet -> Connections :
  
  DNS 1 IP
  
  DNS 2 3
9. Internet -> Extra , DNS servers IP . - .
10. ( WiFi ) , DNS-
11. ( ). . , 53 .
  
  Entware ssh
  
  /opt/etc/ndm/netfilter.d/10-ClientDNS-Redirect.sh
  
  ! 10.1.1.1 IP
  
  #!/bin/sh [ "$type" == "ip6tables" ] && exit 0 [ "$table" != "nat" ] && exit 0 [ -z "$(iptables -nvL -t nat | grep "to:10.1.1.1:53")" ] && iptables -t nat -I PREROUTING -p udp --dport 53 -j DNAT --to-destination 10.1.1.1:53 exit 0
  
  , , :
  
  ! 10.1.1.1 IP
  
  echo -e '#!/bin/sh\n[ "$type" == "ip6tables" ] && exit 0\n[ "$table" != "nat" ] && exit 0\n[ -z "$(iptables -nvL -t nat | grep "to:10.1.1.1:53")" ] && iptables -t nat -I PREROUTING -p udp --dport 53 -j DNAT --to-destination 10.1.1.1:53\nexit 0' >> /opt/etc/ndm/netfilter.d/10-ClientDNS-Redirect.sh
12. 10-ClientDNS-Redirect.sh :
  
  chmod +x /opt/etc/ndm/netfilter.d/10-ClientDNS-Redirect.sh
13. ( https://browserleaks.com/dns DNS )
14. .

DNS , .

https://forum.keenetic.net/announcement/5- where-

to- get- test- builds/ https://help.keenetic.com/hc/ru/articles/115002060049 https://forum.keenetic.net/topic / 4299-entware /? Do = findComment & comment = 50640

https://forum.keenetic.net/topic/4755-protect-dns-requests-with-dnscrypt-proxy2-bonus-block-advertising/

Step-by-step strategy or installation of Entware and DNSCrypt on Zyxel Keenetic modems

What you need and preliminary actions

More articles: