[How-To-Updated 2021] Installing AdGuardHome on OpenWrt [Manual and opkg method]

set that to the below but then adgaurd its self wouldnt open

image

/opt/AdGuardHome/AdGuardHome.yaml - Manual install
/etc/adguardhome.yaml - opkg install

Its apparent more testing is needed to properly resolve the "resolve" issue. (#dadjokes)

Its causing issues and as far as i had thought and tried, this approach should have been the answer.
Logically allowing OpenWrt to grab its own NTP updates avoids the SSL/NTP issues and also avoids the delayed AGH startup (which most certainly DOES cause issues by not being available when NTP wants to pull updates)

I need to find some time and try to revisit this and figure out what exactly is the issue.

2 Likes

be EXTREMELY careful editing yaml files. Even an extra space in wrong place will cause broken config.

The most common reason for AdGuard Home not starting is due to syntax errors in the adguardhome.yaml config.

https://openwrt.org/docs/guide-user/services/dns/adguard-home#debugging try doing a verbose run and also check on AGH's wiki about configuration checks.

1 Like

cheers, yeah you would think it would be an easy fix lol, shame i cant fit a battery in case as this would be a solution.

I dont know if its power cuts, causing the issue, or the r4s crashs.

As it was up for weeks, no issue then had a few in couple of weeks, but nothing on r4s has changed

luckily i can RDP onto a computer on network and sync the time to the browser. But i generally only notice this end of day once I`m home

At least its easily replicated by setting year to 2013, reboot, then try syncing the ntp with changes.

for a tempory fix would it be worth changing the dns names for ntp and add the IPs as additional ones to check?

@mercygroundabyss Excuse me, I have a device whose CPU is QCA9531, I don't know which package to download?
I see on Github there are mips64, mips64le, mipsle, mips and ppc64le But I don't know which architecture is suitable for QCA9531

Qualcomm Atheros QCA9531 MIPS 24Kc 650MHz CPU

2 Likes

the install script should pull the right version. the manual update should not be needed unless you tight for space. I really should maybe retire that. but i had left it in for others to use as a basis for scripts.

1 Like

OK, I See!Thanks a lot!

1 Like

I am curious to know how is this different from using adblock or even pihole on raspberry pi

If you mean openwrt adblock, using AdGuard Home is just easier, if you mean adblock in browser, then thats pretty obvious, u dont have network wide adblocking, i was never able to set up the openwrt adblock to work properly, and how its different to using pihole on rpi? the difference is, you dont have to use second device for that, mostly?

Really like AdGuard Home: it solves several problems at once and does it in a very nice way.

But one concern I have about running it on the router rather than on a separate device or container is that it requires HTTPS access to the web at startup, and apparently won't finish initializing if it doesn't have it. I never allow the router device itself to access the web because that's a crucial link in the most common compromises -- for example, a buffer overrun allows execution of a tiny amount of code, which fetches the real malware payload via the web.

Note that once fully installed, OpenWRT itself never has to access the internet in order to function (except, e.g. DNS and NTP, and you can add allow rules for those or supply those facilities in another way) . It'd be useful if AdGuard Home simply displayed and logged its warnings that it was not able to fetch the latest version number or whatever it's doing, but still fully initialized and started functioning.

interesting security step but then u lose ability to do updates. plus the filters for AGH...

Understood, but for critical systems -- for me in the home/telework environment that's file servers, build systems and network infrastructure -- updating is a scheduled maintenance operation rather than an automated background task. The IT departments of big companies never let ANY system self-update at all, not even employees' Windows computers; in the latter case they maintain patched images and push them according to their own schedule, just about invisibly to the user.

Anyway, just a nice-to-have. On my main (x86_64) router I run AGH in an LXC container so it has its own network stack and I'm happy to let it self-update. At the moment I'm configuring a cold-spare router and thought I'd try running AGH on it directly, but ran up against this. But I can just do the same thing there as well. The alternative would be to script its startup to temporarily activate an allow rule, but too many complications like that make systems harder to maintain and replicate.

1 Like

may be possible to fire a script. drop in the allow. do updates. cancel the allow.

Yep, that'd be the scheduled maintenance approach. But that leaves the problem of it not initializing at startup, unless the allow rule is temporarily activated then as well. And as I said, that kind of proliferating customization makes systems hard to blueprint and replicate easily, and I'd rather just run it in a separate system or namespace to keep it all stock.

1 Like

how to use adguard ipset like dnsmasq in dnsmasq i was using * symbol which refer to anything how i can i use * in adguard ipset for example in dnsmasq ipset=/*.googlevideo.com/media how to use the same *.googlevideo.com in adguard

This is discussed in the openwrt wiki page about AdGuard Home , and also in the AdGuard Home wiki (search for "ipset" in that section).

1 Like

all went well until that last command that gives:

/etc/init.d/dnsmasq restart
udhcpc: started, v1.35.0
udhcpc: broadcasting discover
udhcpc: no lease, failing

that is fine.

TLDR? - it does a ping to make sure its the only DHCP server on the network. It is just a notification not a warning/error.