Download the VHDX file
Creating the Relay VM
- Create a New Virtual Machine
- Make Sure to choose Generation 2
- Make sure you choose to use an existing virtual hard disk (VHDX format)
- In order to run the Relay as a Generation 2 Hyper-V virtual machine, you can either switch off the Secure Boot or Enable Linux Secure Boot depending on your HyperV version as follows:
Setting up the Relay
- Log in to the VM:
- Change the password:
- Edit the relay.conf file(use step 4 for some values to edit):
sudo nano relay.conf -- (this is a symbolic link to /etc/relay/relay.conf)
- In relay.conf (found at the following location:
/etc/relay/relay.conf) set secret site key, Name, and set level to "debug"Note1: The name needs to match the deployment name set in your dashboard.
Note2: To save the changes made within relay.conf use ctrl+o to write out then hit return to finalise the file name, you can then exit with ctrl+x.
- By default, the system is set to use DHCP to obtain an IP - this is fine as long as you create a permanent DHCP lease in your firewall for the MAC of the Virtual NIC of the ESXI Container. If you wish to have a static IP assigned to the machine, you can do the following by using the command in step 5. (Note: # comments out the line it is placed before)
Add a # before dhcp4: true
Remove the #'s before the next 5 lines
Update addresses: [192.168.1.15/24] to reflect the static IP that the machine is going to have - (i.e.: it would become addresses: [172.16.0.44/24])
Update gateway4: 192.168.1.1 to the appropriate gateway of the network the machine is on - (i.e.: it would become gateway4: 172.16.0.1)
- Save the file and run:
sudo netplan generate
sudo netplan apply
- Reboot the machine
- Verify General Connectivity by running the following command to verify that the correct IP is shown:
- Verify that a response is received by running:
- If everything has gone well up until now, it’s time to start up the relay!
- Start the docker service by running the following commands:
sudo systemctl enable docker.service
sudo systemctl start docker.service
- Start the Relay containers by running:
sudo docker start relay1 relay2Wait 10-20 seconds
- Verify the containers are running properly by running:
sudo docker psThis will provide some output similar to one of the two following blocks:
*Good* output looks like this and you can move to step 14:
6 days ago
Up 12 Seconds
6 days ago
Up 13 Seconds
*Bad* output looks like this and some troubleshooting will be required:
6 days ago
Restarting (1) 3 seconds ago
6 days ago
Restarting (1) 4 seconds ago
- If you run:
sudo docker logs relay1You will receive the output of the logs for that container (relay1) - the two most common errors you will see are:
time=“2022-02-23T21:53:33.355562001Z” level=fatal msg=“can not auto-register agent, please verify settings or contact support, trace: invalid organization or network secret key”
This means the secret key you’ve entered into the relay.conf file is invalid.
Double-check that the correct value is in the file.
time=“2022-02-23T21:58:33Z” level=fatal msg=“not a valid TOML config file” config=/etc/relay/relay.conf error=“open /usr/local/bin/lan-proxy.conf: no such file or directory”
This means there is a formatting error or errant character in your relay.conf file - verify that it is nearly identical to our example file
- Resolve these issues and run:
sudo docker restart relay1 relay2Verify that things match the good output above, and move to step 16.
- Verify the relay containers are doing what they’re supposed to:
nslookup -type=txt debug.dnsfilter.com 127.0.0.1 (from the VM itself)*Good* Output looks something like:
nslookup -type=txt debug.dnsfilter.com <internal IP address> (from another machine on the network)
debug.dnsfilter.com text = “time=2022-02-23 22:02:45.528505065 +0000 UTCAlong with multiple additional lines. Skip ahead to step 17.
debug.dnsfilter.com text = “serverid=55802”
debug.dnsfilter.com text = “serverip=18.104.22.168"
debug.dnsfilter.com text = “serverport=53”
*Bad* Output looks something like:
*** Can’t find debug.dnsfilter.com: No answerIf this is your output and you're certain the containers are running properly, the likely culprit is <Transparent Proxying> and we recommend you investigate that or reach out to support.
Authoritative answers can be found from: dnsfilter.com
origin = amir.ns.cloudflare.com
mail addr = dns.cloudflare.com
serial = 2271027187
refresh = 10000
retry = 2400
expire = 604800
minimum = 3600
- You’re done! You can now point all appropriate machines on the network to use this VM for DNS Resolution