for some reason today, DNS stopped working,
I found that AGH was using way to much memory
Likely zram-swap will push oom crash furthher away.
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall
replace AGH with adblock.
internet is down, 1st world problem.
I thought my device had memory enough, but even now it's working I indeed see AGH is consuming a lot. 139%
{
"kernel": "5.15.167",
"hostname": "OpenWrt",
"system": "ARMv8 Processor rev 4",
"model": "Zyxel EX5601-T0 ubootmod",
"board_name": "zyxel,ex5601-t0-ubootmod",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05.5",
"revision": "r24106-10cc5fcd00",
"target": "mediatek/filogic",
"description": "OpenWrt 23.05.5 r24106-10cc5fcd00"
}
}
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix '<>'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
option ipv6 '0'
config bridge-vlan
option device 'br-lan'
option vlan '180'
list ports 'lan1:u*'
list ports 'lan2:u*'
list ports 'lan3:u*'
list ports 'lan4:u*'
config bridge-vlan
option device 'br-lan'
option vlan '1'
list ports 'lan1:t'
list ports 'lan2:t'
list ports 'lan3:t'
list ports 'lan4:t'
config bridge-vlan
option device 'br-lan'
option vlan '170'
list ports 'lan1:t'
list ports 'lan2:t'
list ports 'lan3:t'
list ports 'lan4:t'
config bridge-vlan
option device 'br-lan'
option vlan '160'
list ports 'lan1:t'
list ports 'lan2:t'
list ports 'lan3:t'
list ports 'lan4:t'
config interface 'lan'
option device 'br-lan.180'
option proto 'static'
option ipaddr '192.168.180.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option device 'eth1.300'
option proto 'dhcp'
config interface 'wan6'
option device 'eth1'
option proto 'dhcpv6'
config interface 'guest'
option device 'br-lan.1'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
config interface 'smarthome'
option device 'br-lan.170'
option proto 'static'
option ipaddr '192.168.170.1'
option netmask '255.255.255.0'
config interface 'ziggo'
option device 'br-lan.160'
option proto 'static'
option ipaddr '192.168.160.1'
option netmask '255.255.255.0'
config device
option name 'br-lan.1'
option type '8021q'
option ifname 'br-lan'
option vid '1'
option ipv6 '0'
config device
option name 'br-lan.170'
option type '8021q'
option ifname 'br-lan'
option vid '170'
option ipv6 '0'
config device
option name 'br-lan.160'
option type '8021q'
option ifname 'br-lan'
option vid '160'
option ipv6 '0'
config device
option name 'br-lan.180'
option type '8021q'
option ifname 'br-lan'
option vid '180'
option ipv6 '0'
root@OpenWrt:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '0'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
option noresolv '0'
option port '54'
list server ''
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '24h'
option dhcpv4 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option dhcpv6 'server'
list dhcp_option '6,192.168.180.1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config host
option name 'pi.hole'
option mac '<>'
option ip '192.168.180.10'
config host
option name 'OpenWrt4'
option mac '<>'
option ip '192.168.180.4'
config host
option name 'OpenWrt5'
option mac '<>'
option ip '192.168.180.5'
config host
option name 'OpenWrt6'
option mac '<>'
option ip '192.168.180.6'
config host
option name 'homeassistant'
option mac '<>'
option ip '192.168.180.13'
config host
option name 'Deurbel'
option mac '<>'
option ip '192.168.180.21'
config host
option name 'SolarEdge'
option mac '28:B7:7C:13:6B:CF'
option ip '192.168.180.23'
config host
option name 'SolarEdge-Lan'
option mac '84:D6:C5:03:6B:CF''<>'
option ip '192.168.180.24'
config host
option name 'WLED'
option ip '<>'
list mac 'C8:F0:9E:79:93:B8'
config host
option name 'Galaxy-S20-FE'
option ip '<>'
list mac 'B4:CE:40:DA:3E:BB'
config host
option name 'IPhone'
option mac '<>'
option ip '192.168.180.43'
config domain
option name '.duckdns.org'
option ip '192.168.180.13'
config domain
option name '.duckdns.org'
option ip '192.168.180.13'
config domain
option name 'pi.hole'
option ip '192.168.180.10'
config dhcp 'guest'
option interface 'guest'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option '6,192.168.2.1'
config dhcp 'smarthome'
option interface 'smarthome'
option start '100'
option limit '150'
option leasetime '24h'
list dhcp_option '6,192.168.170.1'
config dhcp 'ziggo'
option interface 'ziggo'
option start '100'
option limit '150'
option leasetime '12h'
list dhcp_option '6,192.168.160.1'
config host
option name 'Stofzuiger'
option ip '192.168.180.22'
list mac '<>'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'Home Assistant'
list proto 'tcp'
option src 'wan'
option src_dport '8123'
option dest_ip '192.168.180.13'
option dest_port '8123'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'WireGuard pihole'
list proto 'udp'
option src 'wan'
option src_dport '47111'
option dest_port '47111'
option dest_ip '192.168.180.10'
option enabled '0'
config redirect
option target 'DNAT'
option name 'NTP-on router'
option src 'lan'
option src_dport '123'
list proto 'tcp'
list proto 'udp'
option enabled '0'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'DNS on Pi-hole'
option src 'lan'
option src_dport '53'
option dest_ip '192.168.180.13'
option src_ip '!192.168.180.13'
option family 'ipv4'
option enabled '0'
config rule
option name 'VacuumCleaner internet'
list src_ip '192.168.180.22'
option dest 'wan'
option target 'REJECT'
config rule
option name 'Doorbell Internet'
list src_ip '192.168.180.21'
option dest 'wan'
option target 'REJECT'
option enabled '0'
config rule
option name 'Doorbell Initial'
option dest 'wan'
option target 'ACCEPT'
option limit '10/second'
list src_ip '192.168.180.21'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'wireguard HA'
list proto 'udp'
option src 'wan'
option src_dport '51820'
option dest_ip '192.168.180.13'
option dest_port '51820'
config zone
option name 'guest'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'guest'
config forwarding
option src 'guest'
option dest 'wan'
config zone
option name 'smarthome'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'smarthome'
config forwarding
option src 'smarthome'
option dest 'lan'
config forwarding
option src 'lan'
option dest 'smarthome'
config zone
option name 'ziggo'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'ziggo'
config forwarding
option src 'ziggo'
option dest 'lan'
config forwarding
option src 'lan'
option dest 'ziggo'
root@OpenWrt:~#
type or paste code here
I ran the comments as asked.
I tried that, but for me it was to limited,
And pihole? Any windows server hiding anywhere to make critical chain longer?
I just replaced pi hole with AGH a couple of weeks back because my server was failing.
I see there are still some listings in the DHCP server, but pi hole isn't used anymore.
what I do use is unbound DNS
AGH connects to unbound, also installed on openwrt and unbound connects to the world
Adblocking requires RAM, in corner cases considerably more so than 'normal' (meaning RAM usage will be spiky by nature). Compared to adblock, adblock-fast or adblock-lean, pihole or AGH are considerably heavier (both on CPU cycles and RAM). On lower end devices, this can become problematic and require compromises (adblock instead of AGH and/or smaller blocklists), there isn't really a golden ticket (apart from giving it 'enough' RAM).
I see,
My device only has 1024MB of RAM, I expected this to be enough as pi hole runs flawless on a machine with 512MB of ram, unfortunately this is not extendible,
So I'll have to go with the other solutions,
Try zram-swap to survive until weekend you have time to fix it.
In what way ?
Both should be able to block the same things.
I just installed this
block-list per device, It should be possible using different dnsmasq instances or something, but I didn't have the time to figure it out.
I tried this a couple of months back, but I also had an issue with wildcards/regex and exceptions I believe.
Maybe I should try again.
Hope it stands time, save agh blocklist display and check back in whatever other ad blocker you want to add. 1GB is plenty for other blockers.
Hi
Did you manage to solve your problem?
You did not mention, which AGH install method you had used - opkg or manual. opkg install uses /var/adguardhome as the working directory (for logs and statistics). This directory mounts to RAM. In case you went with opkg install, this could be the reason for the memory use you experienced.
The RAM is preallocated as storage though?
I haven't had the time to take a look at this, probably also not this weekend,
but I used opkg install
as a quick fix I disabled log and statistics,
I see still 139% of memory, but hopefully this will prevent crashes.
It shouldn't make any difference at all..
you're right it doesn't,
this still means I need to make time to migrate
it takes 10 sec to swap back to dnsmasq;
stop AGH
restart dnsmasq (pre-reconfigured to use the default DNS port again)
the rest of the work can be done "online", without downtime.
The guide says it symlinks to /tmp
How do you rule this out? Is it because logs takes relatively small portion the 1GiB RAM?
If OP also rules out that AGH filtering rules take too much of RAM, then perhaps the reason for memory use spikes is not with AGH?
UPDATE:
The very first screenshot has flag --no-check-update, perhaps the reason is AGH updates filters / itself without checking RAM availability?
UPDATE 2:
Correcting myself above, the --no-check-update flag only disables AGH update checks.
Yes, and ?
Because of what I wrote earlier, it's preallocated.
Something else might tip the scale, but AGH def eats lots of memory...