[How-To-Updated 2021] Installing AdGuardHome on OpenWrt [Manual and opkg method]

That's something you should ask the AGH team.
However caches are designed to be refilled. Just let it do its thing.

1 Like

Thanks for this tutorial, I just installed it on my Archer C7 router (Extroot USB Storage).
I have a question about how to update AGH, from the "update now" button you can't get the error message.

translate the error please?

is it asking you to manually update?

It asks me to update, and when I click on update the following error appears, sorry I'm a bit of a noob

ok. it has failed to update and is asking you to follow the manual update method.

check the openwrt syslog to see if there is more errors there. See if it cannot get the update, or another reason.

I would check your disk space to ensure there is space to download to. remember you need double the binary space (35mb so at least 70mb spare. It backs up your original AGH binary and then updates to the new version).

check how much space you have in /tmp as well as it downloads the update there before unpacking it.

Revisiting filters.

I originally listed filters with this thread and took them out in the end once AGH updated their primary lists. I figure its time to lay out why I choose the lists I do and also publicise them for others to use or explore.

AdGuard DNS List - https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt

This is included and is the primary list built in to AGH. I leave this one enabled. This is a default filter for AdGuard Home and for the public AdGuard DNS servers.

Adaway block list - https://adaway.org/hosts.txt - disabled by default. I don't use this list.

Perflyst and Dandelion Sprout's Smart-TV Blocklist - https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV-AGH.txt
This list prevents smart tvs from monitoring/reporting back on you. He also has blocklists for other devices like Amazon fires and Android blocking.

Scam Blocklist by DurableNapkin - https://raw.githubusercontent.com/durablenapkin/scamblocklist/master/adguard.txt
This is now included in the osid blocklists but I leave it in as it wasn't included at first.

https://github.com/StevenBlack/hosts - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
My primary blocklist after the default AGH list.

Latest Domain list - https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt
These are recently registered lists that serve malware. Part of the https://osint.digitalside.it/ threat groups.

EasyPrivacy List - https://v.firebog.net/hosts/Easyprivacy.txt
Part of the firebog lists. I've previously used this list with AdBlock Pro in my browser.

https://www.github.developerdan.com/hosts/ - https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt
Adblock list from developer dan. He has a selection of other lists as well.

Phishing Army List - https://phishing.army/download/phishing_army_blocklist.txt
AntiPhishing lists.

NoCoin Filter List - https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt
stops in browser-based crypto mining.

The Big List of Hacked Malware Web Sites - https://raw.githubusercontent.com/mitchellkrogza/The-Big-List-of-Hacked-Malware-Web-Sites/master/hosts

Online Malicious URL Blocklist - https://malware-filter.gitlab.io/malware-filter/urlhaus-filter.txt
A blocklist of malicious websites that are being used for malware distribution, based on the Database dump (CSV) of Abuse.ch URLhaus

Reference sites:

How AGH builds its default lists.

1 Like

How To Upgrade Your AdGuardHome Install :

Some claim that you can upgrade from AdGuardHome WEBGUI - it has never worked
for me while running OpenWRT. No need to fear - here is how to upgrade when new EDGE
Version pops up. Hopefully, if you initially Setup Exroot for your AdGuardHome Install
( that means on a USB Stick ) then all you have to do is grab the new
installation by doing exactly what you did when
you first installed AdGuardHome. With Exroot - you do not have to worry about
any space issues - this is why we recommend Exroot to begin with.
1 - Download the correct AdGuard Home package for your router's processor.
2 - Create a folder to extract the archive into - and use WinRAR, 7Zip, PeaZip or
some such file archiver to unzip AdGuardHome_linux_your_router.tar.gz
3 - You will now have a decompressed folder named " AdGuardHome " .
4 - Then issue this command below :

/etc/init.d/AdGuardHome stop

5 - Fire up WINSCP - open /opt/ directory on the right side of
the application - then Drag & Drop the AdGuardHome
decompressed folder from the directory you had it in on your desktop.
If you know how to use SCP on OpenWRT ( Linux ) you may use
that method here as well.

6 - After you drag and drop new AdGuardHome into the /opt/ directory
( overwriting the old installation ) - then enter these commands :

a - # /etc/init.d/AdGuardHome restart
b - # /etc/init.d/dnsmasq restart


The AGH manual update method is here : https://github.com/AdguardTeam/AdGuardHome/wiki/FAQ#manual-update

Its far more likely there is something else preventing his install from updating properly hence the need to check the logs.

Also AGH team has added update from shell method. https://github.com/AdguardTeam/AdGuardHome/wiki/Getting-Started#command-line-update

Command-line update
To update AdGuard Home package without the need to use Web API run:
./AdGuardHome --update

1 Like

AdGuard Home's DNS cache does not follow the cache logic of other DNS servers.

Any idea why am I getting this error in Luci system log?
Every time a phone connects to wifi I get:

Mon Nov 28 17:04:37 2022 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) f1:11:2D:70:4f:54 DadiPhone
Mon Nov 28 17:04:40 2022 daemon.err AdGuardHome[2820]: 2022/11/28 11:34:40.260839 [error] unpacking udp packet: dns: buffer size too small
Mon Nov 28 17:04:43 2022 daemon.err AdGuardHome[2820]: 2022/11/28 11:34:43.274015 [error] unpacking udp packet: dns: buffer size too small

and sometimes log is flooded with dns: bad rdata error like this:

Sun Nov 27 15:11:04 2022 daemon.notice netifd: Network device 'pppoe-wan' link is up
Sun Nov 27 15:11:04 2022 daemon.notice netifd: Interface 'wan' is now up
Sun Nov 27 15:11:04 2022 daemon.info qosify: start interface pppoe-wan
Sun Nov 27 15:11:04 2022 user.notice firewall: Reloading firewall due to ifup of wan (pppoe-wan)
Sun Nov 27 16:02:34 2022 daemon.err AdGuardHome[2820]: 2022/11/27 10:32:34.269000 [error] unpacking udp packet: dns: bad rdata
Sun Nov 27 16:02:34 2022 daemon.err AdGuardHome[2820]: 2022/11/27 10:32:34.269002 [error] unpacking udp packet: dns: bad rdata
Sun Nov 27 16:02:34 2022 daemon.err AdGuardHome[2820]: 2022/11/27 10:32:34.269006 [error] unpacking udp packet: dns: buffer size too small
Sun Nov 27 16:02:34 2022 daemon.err AdGuardHome[2820]: 2022/11/27 10:32:34.320417 [error] unpacking udp packet: dns: bad rdata
Sun Nov 27 16:02:34 2022 daemon.err AdGuardHome[2820]: 2022/11/27 10:32:34.408443 [error] unpacking udp packet: dns: bad rdata
Sun Nov 27 16:02:34 2022 daemon.err AdGuardHome[2820]: 2022/11/27 10:32:34.415034 [error] unpacking udp packet: dns: bad rdata
Sun Nov 27 16:02:34 2022 daemon.err AdGuardHome[2820]: 2022/11/27 10:32:34.415072 [error] unpacking udp packet: dns: bad rdata
Sun Nov 27 16:02:34 2022 daemon.err AdGuardHome[2820]: 2022/11/27 10:32:34.415095 [error] unpacking udp packet: dns: bad rdata
Sun Nov 27 16:02:34 2022 daemon.err AdGuardHome[2820]: 2022/11/27 10:32:34.421840 [error] unpacking udp packet: dns: bad rdata
Sun Nov 27 16:02:34 2022 daemon.err AdGuardHome[2820]: 2022/11/27 10:32:34.428710 [error] unpacking udp packet: dns: bad rdata
Sun Nov 27 16:02:34 2022 daemon.err AdGuardHome[2820]: 2022/11/27 10:32:34.474049 [error] unpacking udp packet: dns: bad rdata
Sun Nov 27 16:02:34 2022 daemon.err AdGuardHome[2820]: 2022/11/27 10:32:34.474345 [error] unpacking udp packet: dns: bad rdata
Sun Nov 27 16:02:34 2022 daemon.err AdGuardHome[2820]: 2022/11/27 10:32:34.557111 [error] unpacking udp packet: dns: bad rdata

What are these errors and what do they mean?

you are using the stable 107 build? I've not seen it with the edge 108 build.

Also are you running it in a docker container or directly on the router? Either way I'd add your bug report to that thread to see why its happening.

1 Like

Yes I am using stable version

Also are you running it in a docker container or directly on the router?

Directly on the router. I'm using stable OpenWrt 22.03.2

Either way I'd add your bug report to that thread to see why its happening.

Thank you. I tried changing TCP/UDP buffer size in openwrt but that didn't help. I googled the issue but unfortunately I couldn't find the solution on this one.

My suggestion would be to upgrade to the edge version and see if that solves your issue. If not then do add to the issue linked on adguards issue list and hopefully they can find the root issue. It does appear to be linked to buffers but I'd think its down to their go engine. Odd that more people haven't seen the issue given its a stable version. I'd defiantly report it and include what router you run AGH on, and what phone is causing the issue.

:edit: Actually. file a new bug report as it refers to 103 build but reference that bug report as part of your issue.

1 Like

Thank you. Well that was on Samsung phone. Although I didn't see flood of error logs before with default AdGuardHome settings. I'll post my settings here in brief-
Meanwhile is there a next stable version for adguardhome? Edge builds are nightly builds right? Also is it possible to upgrade AGH on stable openwrt version?


bind_port: 8080
beta_bind_port: 0
- name: root1
  password: $2a$10$UWkRVpWnZIpe5rnkY1MCXeS3RRYRhGrgj/.twXEUh4jRyAspkpAqy
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
language: ""
debug_pprof: false
web_session_ttl: 720
  port: 53
  statistics_interval: 1
  querylog_enabled: true
  querylog_file_enabled: true
  querylog_interval: 2160h
  querylog_size_memory: 1000
  anonymize_client_ip: false
  protection_enabled: true
  blocking_mode: default
  blocking_ipv4: ""
  blocking_ipv6: ""
  blocked_response_ttl: 10
  parental_block_host: family-block.dns.adguard.com
  safebrowsing_block_host: standard-block.dns.adguard.com
  ratelimit: 0
  ratelimit_whitelist: []
  refuse_any: true
  - '[/lan/]'
  - '[//]'
  - '[/pool.ntp.org/]'
  - '[/pool.ntp.org/]'
  - '[/pool.ntp.org/]'
  - '[/pool.ntp.org/]'
  - https://dns.cloudflare.com/dns-query
  - https://dns.google/dns-query
  - https://doh.opendns.com/dns-query
  - https://blitz.ahadns.com
  - https://dns.nextdns.io
  - https://basic.rethinkdns.com/
  upstream_dns_file: ""
  all_servers: true
  fastest_addr: false
  fastest_timeout: 1s
  allowed_clients: []
  disallowed_clients: []
  - version.bind
  - id.server
  - hostname.bind
  - ::1/128
  cache_size: 4194304
  cache_ttl_min: 3600
  cache_ttl_max: 86400
  cache_optimistic: true
  bogus_nxdomain: []
  aaaa_disabled: true
  enable_dnssec: true
  edns_client_subnet: false
  max_goroutines: 300
  ipset: []
  filtering_enabled: true
  filters_update_interval: 24
  parental_enabled: false
  safesearch_enabled: false
  safebrowsing_enabled: false
  safebrowsing_cache_size: 1048576
  safesearch_cache_size: 1048576
  parental_cache_size: 1048576
  cache_time: 30
  rewrites: []
  blocked_services: []
  upstream_timeout: 10s
  local_domain_name: lan
  resolve_clients: true
  use_private_ptr_resolvers: true
  enabled: false
  server_name: ""
  force_https: false
  port_https: 443
  port_dns_over_tls: 853
  port_dns_over_quic: 784
  port_dnscrypt: 0
  dnscrypt_config_file: ""
  allow_unencrypted_doh: false
  strict_sni_check: false
  certificate_chain: ""
  private_key: ""
  certificate_path: ""
  private_key_path: ""
- enabled: true
  url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
  name: AdGuard DNS filter
  id: 1
- enabled: true
  url: https://adaway.org/hosts.txt
  name: AdAway Default Blocklist
  id: 2
- enabled: true
  url: https://abp.oisd.nl/
  name: oisd
  id: 1665787488
whitelist_filters: []
- '## snpachat'
- '||analytics.snapchat.com^'
- '||app-analytics.snapchat.com^'
- '||usc.adserver.snapads.com^'
- '||snapads.com^'
- '||app-analytics-v2.snapchat.com^'
- '||asia-southeast1-gcp.api.snapchat.com^'
- '||pica.aeonlucid.com^'
- '# ||us-central1-gcp.api.snapchat.com^'
- '||usc.adserver.snapads.com^'
- '||geofilters-api.snapchat.com^'
- '||cognac-prod.appspot.com^'
- '||ase.adserver.snapads.com^'
- '||tr.snapchat.com^'
- '||loc.sc-jpl.com^'
- '# ||storage.googleapis.com^'
- '||snapchat-proxy.appspot.com^'
- '## aa01.net'
- '# ||betterstream.co^'
- '||statcounter.com^'
- '||runecrispin.com^'
- '||miracslubs.com^'
- '||addthis.com^'
- '||googletagmanager.com^'
- '||cloudflareinsights.com^'
- '||jwpltx.com^'
- '## yts.mx'
- '||builip.com^'
- '||static.cloudflareinsights.com^'
- '||cdnondemand.org^'
  enabled: false
  interface_name: ""
    gateway_ip: ""
    subnet_mask: ""
    range_start: ""
    range_end: ""
    lease_duration: 86400
    icmp_timeout_msec: 1000
    options: []
    range_start: ""
    lease_duration: 86400
    ra_slaac_only: false
    ra_allow_slaac: false
clients: []
log_compress: false
log_localtime: false
log_max_backups: 0
log_max_size: 100
log_max_age: 3
log_file: ""
verbose: false
  group: ""
  user: ""
  rlimit_nofile: 0
schema_version: 12

Update: I've opkg version of AGH so I can't update it to v108 that way

It is slightly tricky but possible.

uninstall AGH and revert your opkg changes by using my uninstall script which will set you back to defaults. Then you can use my script set to reinstall the edge version and resetup AGH.

A potentially faster way is to reset your OpenWrt install and start afresh. But that will depend on what customisations/defaults you have changed. EG DHCP statics setup etc.

The edge builds aren't nightly but are much more uptodate and so far I've not run into any major issues using them. As I've said before. Once they fix some long standing issues and AGH development is more stable then stable builds would be preferable. I still think AGH is "beta" software and thus its a moving target for builds. 107 has been more stable but they have not back ported some 108 changes.

1 Like

That seems like it'll take more time than I anticipated. Maybe I'll update it later this week. Tonight I'll look into it in detail. Thanks Mercy!

1 Like

potentially you could uninstall and use the edge script directly but I've never tested that. Also unless the router has its own WAN dns upstream set, when you remove AGH it can break DNS resolution. I'm just being cautious with how I suggest to rip/replace :slight_smile:

really when doing things like this you should always start from a "known good configuration" just "incase". Its just good engineering. Duct tape works sometimes but that's just a patch till you get it really fixed :slight_smile:

:edit: I rolled the opkg version into my thread as James and I had worked on it and it was a convenient place to have up to date info for both.

Haha :joy: Trust me I've literally spent 2-3 days fixing DNS issues while installing AGH. It's always DNS lol. Now I'm pretty aware how to setup AGH on my router :smiley: Also, I'll go with your resetting method method cuz I like it clean setup so far.
Edit: Did you say your opkg version? That's great! But alas I can't install your updated version on my firmware right? It should be manual way as you said..

1 Like

its not mine. @jamesmacwhite does the pulls of the 107 builds and gets them packaged for openwrt opkg installs. We both worked on it and the wiki to make it easier for people to use AGH on their router. I originally just worked on improving AGH's manual install and tweaked it for preparing OpenWrt for then using the script from AGH to install. James took that and used it to help do the opkg version with changes for smaller routers. There are key differences between the versions. Mine follows the /opt layout and saves all data and filters. James version due to OpenWrt settings has the bulk of the data saved in ram and thus re downloads filters etc after a reboot.

The opkg version is better for smaller space/ram routers. But it means you are restricted to stable releases only. (as OpenWrt rules require stable packages)

The manual edge builds are closer to bleeding edge and save all data to /opt. That requires more space. But also means AGH will self update.

1 Like

I'm running OpenWrt on RPi4 with 4GB RAM and Adguard workdir is set to the partition on my MicroSD. So I can give manual update a chance :slight_smile:

1 Like