AdGuard Home with multiple network interfaces

route66 · October 5, 2023, 4:29pm

Hi!

I have a number of network interfaces (guest, IoT, etc) set up in addition to lan interface, all was tested to work smoothly.

After installing AdGuard Home (port 53, dnsmasq moved to port 54) as described in opkg AdGuard Home wiki, no more connectivity for network interfaces, only for lan interface.

Extract of configs.

dhcp:

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'
	option cachesize '1000'
	option rebind_protection '0'
	option port '54'
	list server '192.168.1.35'
	list interface 'lan'
	list interface 'guest'
	list interface 'iot'
	list interface 'iot2wan'
	list interface 'tv'

config dhcp 'lan'
	option interface 'lan'
	option leasetime '12h'
	option dhcpv4 'server'
	option start '100'
	option limit '150'
	list dhcp_option '6,192.168.1.35'
	list dhcp_option '3,192.168.1.35'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'GUEST'
	option interface 'GUEST'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	list dhcp_option '6,192.168.1.35'
	list dhcp_option '3,192.168.1.35

firewall:

config zone
	option name 'GuestZone'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	list network 'GUEST'

config forwarding
	option src 'GuestZone'
	option dest 'wan'

config rule
	option name 'Guest-DHCP-DNS'
	option src 'GuestZone'
	option dest_port '53 67 68'
	option target 'ACCEPT'
	list dest_ip '192.168.1.35'
	option dest 'lan'

network:

config interface 'GUEST'
	option device 'br-lan.21'
	option proto 'static'
	option ipaddr '192.168.21.1'
	option netmask '255.255.255.0'
	option defaultroute '0'

AGH yaml:

bind_host: 192.168.1.35
bind_port: 8080
beta_bind_port: 0
users:
  - name: 
    password: 
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
language: ""
debug_pprof: false
web_session_ttl: 720
dns:
  bind_hosts:
    - 127.0.0.1
    - 192.168.1.35
    - 192.168.21.1
  port: 53

I am lost - cannot figure out which setting / settings I am getting wrong.

Any hints?

lleachii · October 5, 2023, 4:33pm

You seem to have incorrectly configured the same gateway on 2 different networks.

I'm guessing that your Guest network's gateway's setting is invalid.

Normally, only WAN has a gateway - are you sure LAN and Guest need one configured?

dsouza · October 5, 2023, 5:03pm

In adguardhome.yaml, try changing:

(...)
dns:
  bind_hosts:
    - 127.0.0.1
    - 192.168.1.35
    - 192.168.21.1
(...)

To;

(...)
dns:
  bind_hosts:
    - 0.0.0.0
(...)

To see if it helps.

route66 · October 5, 2023, 6:16pm

I took out DHCP option 3 (gateway) on all interfaces, but this did not help: lan stiil has connectivity, other iterfaces don't. I had DHCP option 3 based on the script in AGH wiki above:

#DHCP option 3: default router or last resort gateway for this interface
uci add_list dhcp.lan.dhcp_option='3,'"${NET_ADDR}"

route66 · October 5, 2023, 6:18pm

I tested with bind_host 0.0.0.0, but still the same result.

route66 · October 8, 2023, 7:34pm

Built the thing from scratch and it... works.

As suggested by @lleachii, took out the gateway from configurations. The default gateway I see now on the Guest clients is the static address of the Guest interface.

For future reference, the updated settings which work for me.

dhcp:

config dhcp 'GUEST'
	option interface 'GUEST'
	option start '100'
	option limit '150'
	option leasetime '12h'
	list dhcp_option '6,192.168.1.35'

firewall:

config rule
	option name 'Guest-DHCP-DNS'
	option src 'GuestZone'
	option dest_port '53 67 68'
	option target 'ACCEPT'
	list proto 'tcp'
	list proto 'udp'

TCP / UDP were missing in my non-working settings previously. I was sure I had set them in LuCI, but it turned out I had not. Setting these in LuCI was not intuitive. My takeaway is that it is best to double check whatever one sets in LuCI.

network:

config interface 'GUEST'
	option device 'br-lan.21'
	option proto 'static'
	option ipaddr '192.168.21.1'
	option netmask '255.255.255.0'
	option delegate '0'

AGH yaml:

bind_host: 192.168.1.35
bind_port: 8080
beta_bind_port: 0
users:
  - name: 
    password: 
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
language: ""
debug_pprof: false
web_session_ttl: 720
dns:
  bind_hosts:
    - 127.0.0.1
    - 192.168.1.35
  port: 53

Interestingly, no need to bind the static address of the Guest interface in yaml. The options above were sufficient.

Thanks a lot for the valuable advice!