Yes, I used the edge build. I think the problem is the filter lists being downloaded onto unsufficient storoage. I calculated that 200,000 domains à ~20 characters and 4 Byte per character could be about 200,000 × 20 × 4 Byte = 16,000,000 Byte = 16 MB in size, which is most likely simply too much for the Archer A7.
Thus, I've decided not to run the adblocker on the OpenWrt router at all but on a Raspberry Pi instead. I don't want to use only one or two filter lists just to prevent AdGuard Home from constantly crashing.
Thank you very much for all your advice, it's highly appreciated!
check where they are being downloaded to. If you have properly installed it then the edge build should save its filters into the /opt/AdGuardHome/data/filters folder. Your usb stick has 8gb and should easily cope with this. I was wondering if you had installed the opkg version that saves its filters/data into the /tmp folder and that's what was crashing your router.
If free disk space isn't the issue, then it may be your memory is running out and services are being killed (which would explain why luci and ssh die).
Try adding filters one at a time and check your free disk space and your free memory. My old BT hub 5 only had 128mb of RAM and I had to be fairly careful about how many filters I added.
Its another reason why I got the R4S. 4Gb of ram and only 2gb used means I rarely have issues.
Well, I've successfully installed AdGuard Home on my Raspberry Pi and added firewall and NAT rules to redirect all DNS requests to AdGuard, so I'm quite happy with my current setup now. By the way, if anyone is interested in this, I simply followed these instructions for the OpenWrt setup.
Hi mercygroundabyss, hoping you can help with something please !
I'm trying to set up openwrt+unbound+AdguardHome. Yes, I know AGH is itself a DNS but I have reasons for wanting to use unbound as the actual resolving server.
What I have currently is unbound_ext.conf pointing to 127.0.0.1@5355 so that unbound forwards to AGH.
Then in AGH I have upstream server as 127.0.0.1:53 so unbound can query the root servers for resolution.
Is this going to cause a DNS lookup loop ?
I need unbound to do recursive querying the root servers and AGH just used for the GUI interface since unbound doesn't seem to have one.
I'd question the reasons behind wanting unbound in the equation. It was the old way to improve DNS to use unbound/stubby for secure dns as dnsmasq couldn't do it alone. You are making life more complicated by having unbound in the equation. Also you will introduce latency as you have an extra "hop" in the chain.
AGH has a gui and you can pick any upstream secure dns service you want for it. It replaces the need for unbound/stubby completely.
That being said, if you really want it that way, you will have to lay it out like this.
dnsmasq as your downstream PTR source. That will do your internal ip > name lookups from openwrts dhcp service.
unbound as your upstream dns for AGH while unbound talks to the upstream dns you have set.
That way your dns will be laid out like this.
Upstream provider dns > unbound > AGH > dnsmasq
Do remember you will have to set your router dns to use your ISP or other upstream and don't loop it into unbound as you will have an issue where your dns will not be up in time to do NTP checks.
Thanks for the info.
My understanding is AGH is NOT a recursive dns but a forwarded so if i want to run my own recursive dns then AGH cannot give me that, is that not right?
Regarding ntp, i run my own ntp server with a rtc and then point router to that, so ntp sync for me is never an issue.
I have to give this some further thought. My current setup is just openwrt with AGH installed following your excellent tut, thanks for that BTW. That runs great and edge updates come through fine.
correct. However there are plenty of secure and well maintained dns servers out there like cloud flare, opendns, quad9 etc. Going back to the root servers and doing it yourself is one way to do it but if your purpose is just to do secured dnssec queries so your lookups cannot be snooped on? just use a forwarder to a provider you trust. Your queries will be encrypted and its far quicker.
We will never log your IP address (the way other companies identify you). And we’re not just saying that. We’ve retained a big 4 accounting firm to audit our assertions about our systems annually to ensure that we're doing what we say.
Frankly, we don’t want to know what you do on the Internet—it’s none of our business—and we’ve taken the technical steps to ensure we can’t.
We’ve built 18.104.22.168 to be the Internet’s fastest DNS directory. Don’t take our word for it. The independent DNS monitor DNSPerf ranks 22.214.171.124 the fastest DNS service in the world.
Thanks, good to know i had the concepts right. I ping and monitor dns servers every 1mt, my isp dns is always best followed by quad9, for me 126.96.36.199 always gives the highest latency.
I think I'll stick with current setup of WRT and AGH for now until i can do some further tests with different configs.
Thanks for now and have a good day.
this seems to have solved the problem of not showing client addresses on the VLAN Thanks for the advice P.S. I've only changed destination port according to my current setup. I have AdGuard running on port 54 because I'm using Openwrt DHCP.
Thanks for this tutorial, I just installed it on my Archer C7 router (Extroot USB Storage).
I have a question about how to update AGH, from the "update now" button you can't get the error message.
ok. it has failed to update and is asking you to follow the manual update method.
check the openwrt syslog to see if there is more errors there. See if it cannot get the update, or another reason.
I would check your disk space to ensure there is space to download to. remember you need double the binary space (35mb so at least 70mb spare. It backs up your original AGH binary and then updates to the new version).
check how much space you have in /tmp as well as it downloads the update there before unpacking it.
I originally listed filters with this thread and took them out in the end once AGH updated their primary lists. I figure its time to lay out why I choose the lists I do and also publicise them for others to use or explore.
Some claim that you can upgrade from AdGuardHome WEBGUI - it has never worked
for me while running OpenWRT. No need to fear - here is how to upgrade when new EDGE
Version pops up. Hopefully, if you initially Setup Exroot for your AdGuardHome Install
( that means on a USB Stick ) then all you have to do is grab the new
installation by doing exactly what you did when
you first installed AdGuardHome. With Exroot - you do not have to worry about
any space issues - this is why we recommend Exroot to begin with.
1 - Download the correct AdGuard Home package for your router's processor.
2 - Create a folder to extract the archive into - and use WinRAR, 7Zip, PeaZip or
some such file archiver to unzip AdGuardHome_linux_your_router.tar.gz
3 - You will now have a decompressed folder named " AdGuardHome " .
4 - Then issue this command below :
5 - Fire up WINSCP - open /opt/ directory on the right side of
the application - then Drag & Drop the AdGuardHome
decompressed folder from the directory you had it in on your desktop.
If you know how to use SCP on OpenWRT ( Linux ) you may use
that method here as well.
6 - After you drag and drop new AdGuardHome into the /opt/ directory
( overwriting the old installation ) - then enter these commands :
a - # /etc/init.d/AdGuardHome restart
b - # /etc/init.d/dnsmasq restart