[How-To-Updated 2021] Installing AdGuardHome on OpenWrt [Manual and opkg method]

@jamesmacwhite might be able to help here. there was something about changing the start times due to a race conditions a while back. I wonder if this is down to that. (with the opkg version)

Yes that old trick work. Thanks. :smiley:

a) service adguardhome disable
b) vi /etc/init.d/adguardhome. Change Start from 21 to 99 and Stop 89 to 120.
c) service adguardhome enable
d) reboot

1 Like

Is there way to add few DHCP static leases??? I added two but once reboot it all gone!! Even I don't know how to backup DHCP static leases [MAC /IP / HOSTNAME] !!

bottom of the DHCP page

ooohhh. one sec. i just thought. the opkg version may be saving that data to /tmp so on reboot it will be lost.

Update to the edge build (uninstall opkg version and reinstall edge version) and it will save AGH into the /opt folder and save all your data so it is not lost on reboot. Just make sure you have enough space as you need roughly 80mb (35mb x2 for AGH binary and backup when it updates)

Edge version means that top of this manual scripts steps for install? I have 7GB USB install. Overlay is already mapped to USB stick.

1 Like

Yes, there are potential race conditions with startup, although it can be for both versions. It highly depends on certain use cases, ipset is one, there are others, we did consider increasing the start value in the init script, although, we can't go too far with the start value given it's providing DNS which needs to be available as early in the boot process as possible.

The reason why it doesn't usually happen with the manual method is because the AGH development team have edited their init script to use high start/stop values, which avoids any potential race condition, the downside to this, is that DNS is not available on startup until much later in the process, which isn't ideal, given DNS should be available as soon as possible. So it's a trade off.

The best solution is figure out what network condition is causing the race condition and then handle that in your own init script that starts before AGH. I do this with ipset chain initialisation, making sure any chain is present before AGH starts.

1 Like

Hi all,

It seems I cannot opkg update after installing Adguard Home from a fresh install using this method, everything else is working fine.

Thank you in advance.

Network:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdf3:cb86:d54c::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1.1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option device 'eth0.2'
	option proto 'dhcp'
	option peerdns '0'

config interface 'wan6'
	option device 'eth0.2'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'
	option peerdns '0'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '1 2 3 4 6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '5 0t'


dhcp:

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option localservice '1'
	option ednspacket_max '1232'
	option cachesize '1000'
	list server '192.168.1.1'
	option rebind_protection '0'
	option dnsforwardmax '1024'
	option port '5353'
	option noresolv '1'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	list dhcp_option '6,192.168.1.1'
	list dhcp_option '3,192.168.1.1'
	list dns '::1'
	option leasetime '24h'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'
	list ra_flags 'none'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

opkg update error:

Executing package manager

Downloading https://downloads.openwrt.org/releases/21.02.3/targets/ipq806x/generic/packages/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.3/targets/ipq806x/generic/packages/Packages.gz

Downloading https://downloads.openwrt.org/releases/21.02.3/packages/arm_cortex-a15_neon-vfpv4/base/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.3/packages/arm_cortex-a15_neon-vfpv4/base/Packages.gz

Downloading https://downloads.openwrt.org/releases/21.02.3/packages/arm_cortex-a15_neon-vfpv4/luci/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.3/packages/arm_cortex-a15_neon-vfpv4/luci/Packages.gz

Downloading https://downloads.openwrt.org/releases/21.02.3/packages/arm_cortex-a15_neon-vfpv4/packages/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.3/packages/arm_cortex-a15_neon-vfpv4/packages/Packages.gz

Downloading https://downloads.openwrt.org/releases/21.02.3/packages/arm_cortex-a15_neon-vfpv4/routing/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.3/packages/arm_cortex-a15_neon-vfpv4/routing/Packages.gz

Downloading https://downloads.openwrt.org/releases/21.02.3/packages/arm_cortex-a15_neon-vfpv4/telephony/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.3/packages/arm_cortex-a15_neon-vfpv4/telephony/Packages.gz

Errors

Failed to send request: Operation not permitted
Failed to send request: Operation not permitted
Failed to send request: Operation not permitted
Failed to send request: Operation not permitted
Failed to send request: Operation not permitted
Failed to send request: Operation not permitted
Collected errors:
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.3/targets/ipq806x/generic/packages/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.3/packages/arm_cortex-a15_neon-vfpv4/base/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.3/packages/arm_cortex-a15_neon-vfpv4/luci/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.3/packages/arm_cortex-a15_neon-vfpv4/packages/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.3/packages/arm_cortex-a15_neon-vfpv4/routing/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.3/packages/arm_cortex-a15_neon-vfpv4/telephony/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

The opkg update command failed with code 6.

Did u run the DNS script to setup your OpenWrt DNS? or you just using ISP DNS?

My script makes the router use cloudflare (you can set it to another provider if you wish) as upstream.
I'd suggest your upstream is not working or the router hasnt managed to get its time/date updated with NTP which is why you are failing to get updates.

I believe I just have it pointed to Adguard Upstream DNS servers, would I still need to run the DNS Script?

Edit: I have made the router use cloudflare upstreams and I can now opkg update

Thank you!

1 Like

I'm guessing that either your ISP dns was being bad, or your router hadn't got the proper NTP update and thus have correct time/date set which will also cause opkg to fail (because it uses HTTPS and thus the SSL connection will fail). Explicitly setting router upstream to a "good" DNS service helps. (i used to have to do that for a few ISPs that couldn't keep their DNS working properly and its something that's kept me working while others cannot)

https://openwrt.org/docs/guide-user/services/dns/adguard-home#dns_interception So someone was asking about interception on the new release thread.

iptables -t nat -A PREROUTING -i br-lan -p tcp --dport 53 -j DNAT --to 192.168.1.1:53
iptables -t nat -A PREROUTING -i br-lan -p udp --dport 53 -j DNAT --to 192.168.1.1:53

Are the two old iptables methods. Some light googling brings up this for NFT tables instead of IPTables. I've not updated to the new release with NFT tables but if someone wants to try that out? Obviously you need to fix that rule so it bounces to your AGH and not directly to google :slight_smile:

nft add rule nat pre udp dport 53 ip saddr 192.168.56.0/24 dnat 8.8.8.8:53

redirecting all DNS trafic from 192.168.56.0/24 to the 8.8.8.8 server.

This will work with android apps/games? Ive noticed that some apps still play ads, even tho i have blocked everything else nicely, and also, how do i unblock certain sites from being blocked? i tried whitelisting them, but the page i whitelisted, it was still being blocked...

you may require DNS hijacking to forward regular port 53 requests to AGH for filtering. Some apps/games have hardcoded dns to avoid blocking.

regarding the whitelisting, your device will be caching the previous block. restart it and try again.

1 Like

How do you run the scripts.

Also is it only /opt/AdGuardhome.yaml where you edit the IP?

Im just setting mine up but would it be possible to set it up on tempory IP then just edit the above to actual IP later?

you need to make them executeable with chmod +x <nameofscript.sh>

The manual install method installs to /opt/AdGuardHome/ the yaml file is in there.

Are you installing this on your router? or on a separate device? You can manually edit IPs but just be very careful as yaml files are sensitive to extra spaces or formatting.

cheers, i did run the Chmod, is it just then a case of typing the script name?

I currently have a standard router set up, but that will be replaced with the nano r4s, just trying to get as much set up, so once its ready, change a few IPs enable DCHP then plug this in instead

./scriptname.sh

You should install AGH on the R4S with the script but take the shortcut of copying your yaml file over the default file, (Once you edit the ips you require) or set it up again.

1 Like

cheers got this working fine

When running test, it does bog down to 50ms resposes, but thats under a high load. but its not the CPU thats hitting max, so might be just how it processes

Bit of a space update for AGH.

On a full install to the /opt folder you really require about 100mb of space.
35mb for the AGH binary and again for when it backups and upgrades. (that's in the agh-backup folder)
My Filters take 20mb for me. (Again you can raise or lower this depending on what lists you use)

However you will need to tweak your logging to keep things smaller.

I am keeping

  • 90 days of statistics (2mb file at present)
  • 7 days of query logs (last 7 days was 53mb)

You can turn these off or down as required. I've included my listings of the folders to give an overview.

root@OpenWrt:/opt/AdGuardHome# ll -h
drwxrwxrwx    4 root     root        3.4K May 13 20:50 ./
drwxr-xr-x    7 root     root        4.0K May 12 22:15 ../
-rwxr-xr-x    1 root     root       34.0M May 13 20:50 AdGuardHome*
-rw-rw-rw-    1 root     root         331 May 13 20:50 AdGuardHome.sig
-rw-r--r--    1 root     root        6.5K May 13 20:50 AdGuardHome.yaml
-rw-r--r--    1 root     root       41.2K May 13 20:50 CHANGELOG.md
-rw-r--r--    1 root     root       34.3K May 13 20:50 LICENSE.txt
-rw-r--r--    1 root     root       22.7K May 13 20:50 README.md
drwxr-xr-x    2 root     root        3.4K May 13 20:50 agh-backup/
drwxr-xr-x    3 root     root        3.4K May 19 23:21 data/
root@OpenWrt:/opt/AdGuardHome/data# ll -h
drwxr-xr-x    3 root     root        3.4K May 19 23:21 ./
drwxrwxrwx    4 root     root        3.4K May 13 20:50 ../
drwxr-xr-x    2 root     root        3.4K May 20 18:51 filters/
-rw-r--r--    1 root     root       10.9M May 21 18:02 querylog.json
-rw-r--r--    1 root     root       52.9M May 19 21:32 querylog.json.1
-rw-r--r--    1 root     root       32.0K May 18 21:09 sessions.db
-rw-r--r--    1 root     root        2.0M May 21 18:00 stats.db
root@OpenWrt:/opt/AdGuardHome/data/filters# ll -h
drwxr-xr-x    2 root     root        3.4K May 20 18:51 ./
drwxr-xr-x    3 root     root        3.4K May 19 23:21 ../
-rw-r--r--    1 root     root      865.8K May 20 18:50 1.txt
-rw-r--r--    1 root     root       10.4K May 20 18:50 1625359387.txt
-rw-r--r--    1 root     root        7.9K May 20 18:50 1625359388.txt
-rw-r--r--    1 root     root        3.5M May 20 18:50 1625359390.txt
-rw-r--r--    1 root     root        5.9K May 20 18:50 1625359391.txt
-rw-r--r--    1 root     root        3.6K May 20 18:51 1625359392.txt
-rw-r--r--    1 root     root      266.1K May 20 18:50 1625359393.txt
-rw-r--r--    1 root     root       13.3M May 20 18:50 1633201708.txt
-rw-r--r--    1 root     root        1.3M May 20 18:50 1635888815.txt
-rw-r--r--    1 root     root       18.1K May 20 18:50 1639602953.txt
-rw-r--r--    1 root     root      359.9K May 20 18:50 1639602955.txt
-rw-r--r--    1 root     root       83.8K May 20 18:51 1639602956.txt
1 Like

Many thanks for this comprehensive writeup and all your efforts in helping bringing this awesome tool to the openwrt community.

I updated my x86/64 based router yesterday to OpenWrt 21.02.3 r16554-1d4dea6d4f using the Attended SysUpgrade, which obviously removed AdGuardHome (edge) setup, included in my previously installed ImageBuilder generated image.

Since this newly updated version was not ImageBuilder generated, I decided to try your scripts to get a better understanding of your stance on AdGuardHome. I'm happy to say that, after resizing the /dev/sda2 partition to use all the remaining disk space, I was able to use your very clear instructions with ease.

Thank you very much @mercygroundabyss !

2 Likes