[How-To-Updated 2021] Installing AdGuardHome on OpenWrt [Manual and opkg method]

Hi community!:

First of all, thank you so much for this fantastic guide @mercygroundabyss, my setup is different than a "basic setup" (I got different VLANs for different purposses), but I've been able to make work AdGuardHome without problems, well, as a DNS resolver, but with DNS queries as plain text.

How can I make that AdGuardHome works like DoT and / or DoH DNS resolver?, at the dashboard, all the DNS queries are "DNS simple" (plain text), I'm using port 53 for AGH and 53535 for dnsmasq, the traffic is redirect from 192.168.x.0/24 port 53 to the 192.168.99.1 port53 (DNS VLAN working as DNS resolver).

Thanks you so much in advance for your help and time guys, regards.

It does not make much sense to configure DNS encryption inside of your own local network. The purpose of securing your DNS traffic is to secure it from third-parties that might be analyzing or modifying it. For instance, from your ISP.

It means that you will need a server with a public dedicated IP address. There are plenty of cheap cloud servers providers: DigitalOcean, Vultr, Linode, etc. Just choose one, create a cloud server there, and install AdGuard Home on your server.

In short you need a publicly addressable server with a SSL Cert. it is possible to do internally on a home router but somewhat tricky and requires some googling.

What are the storage space requirements when installing AdGuardHome via LuCi from the Software page (opkg)?

I installed AdGuard on my Linksys E8450 / Belkin RT3200. Do I need to worry about running out of storage space (when I upgrade in the future)? The wiki mentions the agh-backup folder and a 100MB free disk/flash space requirement. Does this apply when installing via opkg? Also seems like the filter lists are stored in RAM.

Similar question was asked on Reddit. Perhaps we can update the wiki regarding storage space requirements.

AGH itself is 35mb (I'm using 108 edge build but its been mostly stable at this size for while.)
Double that for the backup.
Then lists and your logs are the rest.

100mb should cover most setups. however if you wish to install large list sets you will need to ensure you have extra space.

My stats for space in the first post are still good. I've pared down my logging but its still 1.2mb for query logs (6hrs kept)
and 90days of stats is 27mb atm.

If you are worried about space. Mount a usbkey drive as /opt and then install AGH onto it.

Thanks for replying. I prefer not to use USB storage if I don't have to.

Can someone who has installed AdGuard via opkg comment on the disk space required?

I think the storage space requirements are lower when installing via opkg as opposed to the manual installation method from the first post in this thread. For example, lists are stored in RAM and not on flash and I think there won't be a previous version backup stored when upgrading via opkg. But I'm not sure so curious if someone can confirm.

AGH is designed to be installed and updated as they patch things. Both the stable and edge branches require this. The opkg version is not my creation but its listed here to up its profile and due to collaboration between James and I in the progress of this project.

AGH is still fixing issues and hopefully we will be able to have a much better experience via opkg as we are in the end going to replace dnsmasq and dhcp with AGH completely and thus scripts etc won't be required.

However until the AGH team updates a few things this cannot happen.
They are also looking at reducing the size of the AGH binary. James has found that compressing it with UPX improves the size.

Further up in the thread is a list of issues that were filed. unfortunately it seems that most of them have been pushed to the 109 release schedule.

Until these are fixed/closed then the only real option we have is the edge install to keep AGH added to OpenWrt. In time opkg installs will be the way to go and I'll happily retire this thread.

Yes they are but its at the cost of ram. your lists, query logs, stats etc are saved in /tmp which is ram. This does reduce the size but also you loose those when you reset your router. Its a compromise. I'm not the dev for the opkg version. I'm unsure if the opkg version will let you update over the top or not.

Give it a go. worst case you reset back to defaults. (as long as you have a backup.)

Hi mercygroundabyss, thanks for this excellent tut on installating AGH on openwrt. I run the edge version on my WRT32x under an usb HDD mounted as /opt. I tried it both with and without unbound and settled for without to reduce both footprint, complexity and dependency on external resources.
Anyway, my network includes managed switches and vlans and was wondering where the current edge version is with DHCP implementation. Is it ready to for openwrt dnsmasq/DHCP replacement yet ?
thanks...

Still outstanding unfortunately.

Until they redo it I'm not testing anything. Some have told me that simple networks work ok but I personally haven't tested AGH replacing dnsmasq and DHCP.

thank for the quick reply...are the outstanding issues around ipv6, vlans, replacing openwrt dnsmasq/DHCP or are they more general, as far as you know. I only ask cause i don't use ipv6 at all.
On another note, perhaps you can help. Do you know of any way AGH can not log queries from certain clients ? The reason I ask is because my top clients are always my mesh nodes, which is understandably considering all 4 of them are very chatty with each other and the network in general; i.e. after all that is what a mesh network is supposed to do. The result however are lots of unnecessary queries being logged. Someway of 'masking' those would be great but i haven't found any way of doing it yet.
Similarly top blocked domains, like www.google-analytics.com. For this I have found a workaround by putting the domain into the DNS Settings---Disallowed domains, this way AGH simply drops these requests (they would be blocked anyway) and the the logs are saved these unnecessary entries.

my ISP still doesn't do IPv6 so can't help there. Regarding the DHCP I originally tried 106 which had some serious issues. Hence why I settled on letting OpenWrt do DHCP and have AGH do the dns. Since they haven't refactored their DHCP which is on their milestones yet I've had no reason to do any testing.

Regarding logging? best to see if others have requested things like that on the AGH issues/requests threads.

Personally I'd just let it log and then parse the results. Purely under the basis of if you have logs you can check. You can always filter unwanted but no logs will be an issue.

thanks again. I'm running the latest edge and updates come through great. I may fire up this setup on a raspberry, simply because it's easier to overcome problems than running on WRT32x where I always keeps one partition with the oem firmware, in case I brick.
My setup will use latest stable openwrt 64bit, ipv4 (don't use ipv6), vlans and I'll try replacing both DHCP and DNS with AGH. I will report back here if I find it steady enough for a daily driver. I'll try this over the weekend otherwise my family will shout 'Dad what's happened to the internet'.
thanks....

EDIT: couldn't wait so i set this up in my testlab.Very soon into the configuration I noticed a 'feature' that renders AGH DHCP implementation not fit for my purpose. Apparently you can only select one DHCP interface so if, like me, you have multiple vlans each with their own IP range then AGH currently cannot do this. They list all available ones for selection but only one selection can be active.
I also tried manually editing the YAML file but that just resulted in unable to login showing a pop 'network error' when i tried to add more dhcp servers.
I searched on their github and saw others mentioning it, AGH response was basically 'we're trying to keep it simple' AdguardHome problem 3539. IMHO there's a big difference between simple and dumb.

sigh... that is a substantial gotcha. It seems their DHCP is more a baby barely crawling compared to OpenWrt's DHCP. That pretty much cements this guide as the only way forward at present. So much for simple eh?

Hi, I'm trying to install AdGuard Home on my Archer A7 running OpenWrt 22.03.2 r19803-9a599fee93, or rather on a USB drive plugged into the router, since it doesn't have sufficient storage capacities.

First, I followed the Automount tutorial from OpenWrt.

I saved the contents of routerDNS.sh and installAGH.sh into 2 new files and set a custom output directory (according to this answer on another thread):

installAGH.sh:

# grab and install AGH and install it in a custom directory
curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh  | sh -s -- -c edge -o /mnt/sda1/adguard

Then, I ran both of the scripts; routerDNS.sh worked fine, but installAGH.sh spit out these errors:

[...]
starting AdGuard Home installation script
curl: (23) Failure writing output to destination
cannot download the package from https://static.adtidy.org/adguardhome/edge/AdGuardHome_linux_mips_softfloat.tar.gz into AdGuardHome_linux_mips_softfloat.tar.gz
Router IPv4 : 192.168.1.1
Router IPv6 : fd61:e899:7509::1
Adding fd61:e899:7509::1 to IPV6 DNS
uci: I/O error
udhcpc: started, v1.35.0
udhcpc: broadcasting discover
udhcpc: no lease, failing
Goto http://192.168.1.1:3000 and configure AdGuardHome.

root@OpenWrt:~# ls
AdGuardHome_linux_mips_softfloat.tar.gz
installAGH.sh
routerDNS.sh

The error arises because curl doesn't download the AdGuard .tar.gz file onto the USB drive as intended but on the router's internal storage, which doesn't have sufficient capacity to actually store that file.

Though, it should actually be possible to write onto the USB drive using the path /mnt/sda1/:

root@OpenWrt:~# cd /mnt/sda1/
root@OpenWrt:/mnt/sda1# touch test.txt
root@OpenWrt:/mnt/sda1# echo "look, i can write a file onto the usb drive" >> test.txt
root@OpenWrt:/mnt/sda1# cd
root@OpenWrt:~# cat /mnt/sda1/test.txt
look, i can write a file onto the usb drive
root@OpenWrt:~#

Also, I made sure that the adguard directory on the USB drive actually exists:

root@OpenWrt:~# ls /mnt/sda1/
adguard     lost+found  test.txt

Also, Luci displays this:

image1570×828 89.4 KB

So why can't curl write the AdGuard archive onto the USB drive? What am I doing wrong?

Simplest way? mount your usb drive as /opt and rerun the script. AGH expects to install to that folder.

Change the auto mount from /mnt/sda1 to /opt.

Unfortunately, that didn't solve the issue. Though, I think the USB drive should be mounted correctly:

root@OpenWrt:~# mount | grep sda1
/dev/sda1 on /opt type ext4 (rw,relatime)

root@OpenWrt:~# cat /opt/test.txt
look, i can write a file onto the usb drive
root@OpenWrt:~#

image1756×924 106 KB

And here's the updated line of the script:

curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh  | sh -s -- -c edge -o /opt

However, the exact same error (with the exact same output) happens again.

you don't have to edit the script. just make sure your usb drive is mounted as /opt and follow my instructions.

AGH's install script expects to be installed to /opt and allows for this. it is ONLY if you have a different install folder you wish to use that u need to edit the script and you are on your own if you do that.

My scripts are just for aiding installation of AGH into its default folder for OpenWrt installations.

:edit: make sure you run the script from the /opt folder. Also if you do not have enough space to download the archive you may have to redirect your /tmp folder to the USB key as well. check your available disk space with df -h

I'd reset your router to defaults and start completely from scratch as you will have a broken setup due to the failed installs.

Thank you very much, this in fact solved the issue!

Another option is to define the following link:

ln -s /mnt/sda1 /opt

It worked for me.

How to do that?