Help setting up kidsafe network / Using putty

I have been doing a lot of digging and keep finding bits and pieces of what I want to do, but everything assumes knowledge that I don't have and don't know how to find, so I'm hoping someone can help fill in the blanks.

What I want to do:
Network defaults to OpenDNS, restricted mode Youtube, and SafeSearch
AND a separate list of IoT devices (MAC addresses, I assume) with a different set of rules (Cloudflare DNS, no restrictions)

For OpenDNS I have seen this with the reverse option mentioned in the comments here
The problem is I have no idea how to navigate to where I enter this info. I can get logged in on SSH via putty - from there I don't know how to navigate at all. (I'm on a windows machine)

For restricted YouTube and safe search I have seen various methods. It looks like adding to the host file, then to DNSmasq. I know that my firmware has something called DNScrypt and don't know if that effects how to do this. Once again, for these, I don't know how to get to where I put this info in.
Links I've looked at -
For PiHole,
this complex solution (some comments make it sound like it doesn't work right?)

Can anyone give me the baby steps to accomplish this? :pray:
I know a few programing languages, have rooted & flashed phones, and have done a lot of techy stuff, but for some reason I can never find Linux based instructions complete enough for me to follow :woman_shrugging:

1 Like

There was a link there to this tutorial...

Yes, but I don't know how or where to enter the lines.

You can add them anywhere in etc/config/dhcp

Since you're using Microsoft Windows, download the free tool WinSCP.

It uses a Windows-like file explorer where you can edit the file on the router side with Notepad.


There is a another software solution that will do this.

AdGuardHome. Bonus is that it will adblock and allow you to give kid friendly DNS to their devices.

There are two routes to go with installing this. Either use the OpenWrt opkg version and the wiki entry to install it.

or use the manual thread which gives you the more up to date Edge build versions.

Once you have it installed and working you will then just have to define rules for your kids devices and set up which clients get what rules. The info for that is found here :

What your parental control post is doing is just using DHCP reservations to hand kid filtered DNS to their devices. Thus you are relying on OpenDNS completely for filtering.

With AdGuardHome you can do both DNS filtering by using OpenDNS as their upstream DNS but also use manual filter blocks as well. Say if you found them on sites you didnt approve of but arent blocked by OpenDNS. Also with querylogs in AGH you would be able to see their history (if they are being sneaky and using private/incogneto mode.) That just depends on how you trust them i guess?

I personally just use it for removing ads from the internet.

I agree 100%. I used to use the whole manual process of setting up KidSafe network using built-in OpenWrt tools. But it was quite painstaking.

AGH is a significantly more flexible for things like this and far easier, all within the AGH UI.

Personally, I have used AGH for DHCP server as well for several years now with zero issues. This gives the added benefit of per-device MAC filtering so that you can group kids devices based on MAC with fantastically granular control of settings per device and no need for static IP addresses.

Recently, I have also been using the AGH Remote management tool which is an IOS app (not made by AdGuard Team) that makes management from mobile devices quite handy.

1 Like

Both the wiki opkg version and my thread do not use AGH for DHCP.

There's a very good reason for that at present. AGH desperately needs to bring its DHCP up to OpenWrt standards and there are several outstanding issues on their issues pages about that.
This being one of them.

IF you have a "flat" network with simple requirements then go ahead and use AGH for DHCP. However if you have VLANS, multiple networks defined. I really would NOT use their DHCP at this time.

I really hope they can improve it soon as being able to just uninstall dnsmasq and odhcp and install AGH would make the install FAR simpler for OpenWrt users.

1 Like

To edit files on the router I suggest to install "nano" you can do it using the luci software install interface. Then after you install it you secure shell to the router and do

nano /etc/config/....

Put whatever config file you want in the .... Position. Follow the on screen keystrokes to save and quit the editor.

I think that might help you get farther?

1 Like

This was the missing piece, thanks

1 Like

@mercygroundabyss @WildByDesign

I saw some threads on Reddit where it looked like AdGuard Home had an option that forced Restricted mode for YouTube, not ModerateRestricted. Restricted is too much for our household as it blocks things we need access to.

Do either of you know if it can be set up with ModerateRestricted instead?

That can be done from the AGH UI in the DNS Rewrites section.

The YouTube SafeSearch has been problematic in my network as well, causing issues with the YouTube Kids app.

There is an issue created on their GitHub repo to allow more granular control over SafeSearch feature. But until that is fixed/completed, we kind of have to fix it manually for now with DNS Rewrites.

1 Like

Are there steps on how to do this somewhere?

Check this thread:

I haven’t done that for a while so I am a bit rusty and don’t have specific filter lines in place for it right now. But somewhere in there someone posted examples.

1 Like

I just checked their current code:

||  ,|

It appears they did switch to restricted moderate at some point. So I think it already is the way you want it and therefore you don’t need the rewrites. Sorry for my initial confusion over this.

1 Like

Thanks for your time, I really appreciate it.

1 Like

Tried to install AGH and this happened.
I also tried adding sudo before the curl statement, which resulted in -ash: sudo not found

Any ideas?

I’ve never had to use sudo before when installing AGH on OpenWrt. It seems to be a requirement specifically for that script. Possibly @mercygroundabyss can help with this because I have no experience with that script.

Do you have the sudo package installed?

opkg update
opkg install sudo

Those commands result in: -ash: opkg not found
I have also tried apt-get and have the same problem

(edit) urm. what are you installing this on? I was assuming you are installing AGH on some OpenWrt router? But that looks like you are using ubuntu or some linux?

Yes their script uses sudo to install AGH as a service.
it WILL fail if sudo is not installed.

My thread shows you the full steps if you are wanting to manually install.
It is slightly tricky as you have to move DnsMasq off port 53 (DNS service) and insert AGH into that spot. Then DnsMasq becomes your "internal" DNS resolver and AGH becomes your primary DNS.

The other way to avoid that is to turn OpenWrt's DHCP service off and enable AGH's DHCP. Thus avoiding that issue. I perhaps will have to write a tutorial for that. At the time i was testing AGH's DHCP wasnt working (it was a problem with the build) and thus i just opted to take AGH for DNS and leave OpenWrt handling DHCP.