[How-To-Updated 2021] Installing AdGuardHome on OpenWrt [Manual and opkg method]

AlanDias17 · November 28, 2022, 6:55pm

Any idea why am I getting this error in Luci system log?
Every time a phone connects to wifi I get:

Mon Nov 28 17:04:37 2022 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 192.168.1.103 f1:11:2D:70:4f:54 DadiPhone
Mon Nov 28 17:04:40 2022 daemon.err AdGuardHome[2820]: 2022/11/28 11:34:40.260839 [error] unpacking udp packet: dns: buffer size too small
Mon Nov 28 17:04:43 2022 daemon.err AdGuardHome[2820]: 2022/11/28 11:34:43.274015 [error] unpacking udp packet: dns: buffer size too small

and sometimes log is flooded with dns: bad rdata error like this:

Sun Nov 27 15:11:04 2022 daemon.notice netifd: Network device 'pppoe-wan' link is up
Sun Nov 27 15:11:04 2022 daemon.notice netifd: Interface 'wan' is now up
Sun Nov 27 15:11:04 2022 daemon.info qosify: start interface pppoe-wan
Sun Nov 27 15:11:04 2022 user.notice firewall: Reloading firewall due to ifup of wan (pppoe-wan)
Sun Nov 27 16:02:34 2022 daemon.err AdGuardHome[2820]: 2022/11/27 10:32:34.269000 [error] unpacking udp packet: dns: bad rdata
Sun Nov 27 16:02:34 2022 daemon.err AdGuardHome[2820]: 2022/11/27 10:32:34.269002 [error] unpacking udp packet: dns: bad rdata
Sun Nov 27 16:02:34 2022 daemon.err AdGuardHome[2820]: 2022/11/27 10:32:34.269006 [error] unpacking udp packet: dns: buffer size too small
Sun Nov 27 16:02:34 2022 daemon.err AdGuardHome[2820]: 2022/11/27 10:32:34.320417 [error] unpacking udp packet: dns: bad rdata
Sun Nov 27 16:02:34 2022 daemon.err AdGuardHome[2820]: 2022/11/27 10:32:34.408443 [error] unpacking udp packet: dns: bad rdata
Sun Nov 27 16:02:34 2022 daemon.err AdGuardHome[2820]: 2022/11/27 10:32:34.415034 [error] unpacking udp packet: dns: bad rdata
Sun Nov 27 16:02:34 2022 daemon.err AdGuardHome[2820]: 2022/11/27 10:32:34.415072 [error] unpacking udp packet: dns: bad rdata
Sun Nov 27 16:02:34 2022 daemon.err AdGuardHome[2820]: 2022/11/27 10:32:34.415095 [error] unpacking udp packet: dns: bad rdata
Sun Nov 27 16:02:34 2022 daemon.err AdGuardHome[2820]: 2022/11/27 10:32:34.421840 [error] unpacking udp packet: dns: bad rdata
Sun Nov 27 16:02:34 2022 daemon.err AdGuardHome[2820]: 2022/11/27 10:32:34.428710 [error] unpacking udp packet: dns: bad rdata
Sun Nov 27 16:02:34 2022 daemon.err AdGuardHome[2820]: 2022/11/27 10:32:34.474049 [error] unpacking udp packet: dns: bad rdata
Sun Nov 27 16:02:34 2022 daemon.err AdGuardHome[2820]: 2022/11/27 10:32:34.474345 [error] unpacking udp packet: dns: bad rdata
Sun Nov 27 16:02:34 2022 daemon.err AdGuardHome[2820]: 2022/11/27 10:32:34.557111 [error] unpacking udp packet: dns: bad rdata

What are these errors and what do they mean?

mercygroundabyss · November 28, 2022, 7:12pm

github.com/AdguardTeam/AdGuardHome

error handling UDP packet: dns: buffer size too small

opened 12:04PM - 08 Jun 20 UTC

closed 11:03AM - 29 Jun 20 UTC

SanderGit

### Issue Details * **Version of AdGuard Home server:** * 0.102.0 * **How… did you setup DNS configuration:** * To CloudFlare DNS * **If it's a router or IoT, please write device model:** * Raspberry Pi model 2B+ * **Operating system and version:** * Raspbian 10.4 ### Expected Behavior Normal operation ### Actual Behavior CPU spinning 300% with AdGuardHome process. Logs in error log file. ### Additional Information AdGuardHome.err shows: 2020/06/08 12:36:43 [info] got invalid number of questions: 0 2020/06/08 12:36:43 [info] got invalid number of questions: 0 2020/06/08 12:36:51 [info] error handling UDP packet: dns: buffer size too small 2020/06/08 12:36:54 [info] error handling UDP packet: dns: buffer size too small The interrnet connection has been interrupted, it is likely that the issue is related to the interruption, but AdGuardHome could not recover from it by itself.

you are using the stable 107 build? I've not seen it with the edge 108 build.

Also are you running it in a docker container or directly on the router? Either way I'd add your bug report to that thread to see why its happening.

AlanDias17 · November 28, 2022, 7:24pm

Yes I am using stable version

Also are you running it in a docker container or directly on the router?

Directly on the router. I'm using stable OpenWrt 22.03.2

Either way I'd add your bug report to that thread to see why its happening.

Thank you. I tried changing TCP/UDP buffer size in openwrt but that didn't help. I googled the issue but unfortunately I couldn't find the solution on this one.

mercygroundabyss · November 28, 2022, 7:29pm

My suggestion would be to upgrade to the edge version and see if that solves your issue. If not then do add to the issue linked on adguards issue list and hopefully they can find the root issue. It does appear to be linked to buffers but I'd think its down to their go engine. Odd that more people haven't seen the issue given its a stable version. I'd defiantly report it and include what router you run AGH on, and what phone is causing the issue.

:edit: Actually. file a new bug report as it refers to 103 build but reference that bug report as part of your issue.

AlanDias17 · November 28, 2022, 7:33pm

Thank you. Well that was on Samsung phone. Although I didn't see flood of error logs before with default AdGuardHome settings. I'll post my settings here in brief-
Meanwhile is there a next stable version for adguardhome? Edge builds are nightly builds right? Also is it possible to upgrade AGH on stable openwrt version?

adguardhome.yaml

bind_host: 192.168.1.1
bind_port: 8080
beta_bind_port: 0
users:
- name: root1
  password: $2a$10$UWkRVpWnZIpe5rnkY1MCXeS3RRYRhGrgj/.twXEUh4jRyAspkpAqy
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
language: ""
debug_pprof: false
web_session_ttl: 720
dns:
  bind_hosts:
  - 192.168.1.1
  - 127.0.0.1
  port: 53
  statistics_interval: 1
  querylog_enabled: true
  querylog_file_enabled: true
  querylog_interval: 2160h
  querylog_size_memory: 1000
  anonymize_client_ip: false
  protection_enabled: true
  blocking_mode: default
  blocking_ipv4: ""
  blocking_ipv6: ""
  blocked_response_ttl: 10
  parental_block_host: family-block.dns.adguard.com
  safebrowsing_block_host: standard-block.dns.adguard.com
  ratelimit: 0
  ratelimit_whitelist: []
  refuse_any: true
  upstream_dns:
  - '[/lan/]127.0.0.1:54'
  - '[//]127.0.0.1:54'
  - '[/pool.ntp.org/]1.1.1.1'
  - '[/pool.ntp.org/]1.0.0.1'
  - '[/pool.ntp.org/]8.8.8.8'
  - '[/pool.ntp.org/]8.8.4.4'
  - https://dns.cloudflare.com/dns-query
  - https://dns.google/dns-query
  - https://doh.opendns.com/dns-query
  - https://blitz.ahadns.com
  - https://dns.nextdns.io
  - https://basic.rethinkdns.com/
  upstream_dns_file: ""
  bootstrap_dns:
  - 1.1.1.1
  - 1.0.0.1
  - 8.8.8.8
  - 8.8.4.4
  all_servers: true
  fastest_addr: false
  fastest_timeout: 1s
  allowed_clients: []
  disallowed_clients: []
  blocked_hosts:
  - version.bind
  - id.server
  - hostname.bind
  trusted_proxies:
  - 127.0.0.0/8
  - ::1/128
  cache_size: 4194304
  cache_ttl_min: 3600
  cache_ttl_max: 86400
  cache_optimistic: true
  bogus_nxdomain: []
  aaaa_disabled: true
  enable_dnssec: true
  edns_client_subnet: false
  max_goroutines: 300
  ipset: []
  filtering_enabled: true
  filters_update_interval: 24
  parental_enabled: false
  safesearch_enabled: false
  safebrowsing_enabled: false
  safebrowsing_cache_size: 1048576
  safesearch_cache_size: 1048576
  parental_cache_size: 1048576
  cache_time: 30
  rewrites: []
  blocked_services: []
  upstream_timeout: 10s
  local_domain_name: lan
  resolve_clients: true
  use_private_ptr_resolvers: true
  local_ptr_upstreams:
  - 192.168.1.1:54
tls:
  enabled: false
  server_name: ""
  force_https: false
  port_https: 443
  port_dns_over_tls: 853
  port_dns_over_quic: 784
  port_dnscrypt: 0
  dnscrypt_config_file: ""
  allow_unencrypted_doh: false
  strict_sni_check: false
  certificate_chain: ""
  private_key: ""
  certificate_path: ""
  private_key_path: ""
filters:
- enabled: true
  url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
  name: AdGuard DNS filter
  id: 1
- enabled: true
  url: https://adaway.org/hosts.txt
  name: AdAway Default Blocklist
  id: 2
- enabled: true
  url: https://abp.oisd.nl/
  name: oisd
  id: 1665787488
whitelist_filters: []
user_rules:
- '## snpachat'
- '||analytics.snapchat.com^'
- '||app-analytics.snapchat.com^'
- '||usc.adserver.snapads.com^'
- '||snapads.com^'
- '||app-analytics-v2.snapchat.com^'
- '||asia-southeast1-gcp.api.snapchat.com^'
- '||pica.aeonlucid.com^'
- '# ||us-central1-gcp.api.snapchat.com^'
- '||usc.adserver.snapads.com^'
- '||geofilters-api.snapchat.com^'
- '||cognac-prod.appspot.com^'
- '||ase.adserver.snapads.com^'
- '||tr.snapchat.com^'
- '||loc.sc-jpl.com^'
- '# ||storage.googleapis.com^'
- '||snapchat-proxy.appspot.com^'
- '## aa01.net'
- '# ||betterstream.co^'
- '||statcounter.com^'
- '||runecrispin.com^'
- '||miracslubs.com^'
- '||addthis.com^'
- '||googletagmanager.com^'
- '||cloudflareinsights.com^'
- '||jwpltx.com^'
- '## yts.mx'
- '||builip.com^'
- '||static.cloudflareinsights.com^'
- '||cdnondemand.org^'
dhcp:
  enabled: false
  interface_name: ""
  dhcpv4:
    gateway_ip: ""
    subnet_mask: ""
    range_start: ""
    range_end: ""
    lease_duration: 86400
    icmp_timeout_msec: 1000
    options: []
  dhcpv6:
    range_start: ""
    lease_duration: 86400
    ra_slaac_only: false
    ra_allow_slaac: false
clients: []
log_compress: false
log_localtime: false
log_max_backups: 0
log_max_size: 100
log_max_age: 3
log_file: ""
verbose: false
os:
  group: ""
  user: ""
  rlimit_nofile: 0
schema_version: 12

Update: I've opkg version of AGH so I can't update it to v108 that way

mercygroundabyss · November 28, 2022, 7:48pm

It is slightly tricky but possible.

uninstall AGH and revert your opkg changes by using my uninstall script which will set you back to defaults. Then you can use my script set to reinstall the edge version and resetup AGH.

A potentially faster way is to reset your OpenWrt install and start afresh. But that will depend on what customisations/defaults you have changed. EG DHCP statics setup etc.

The edge builds aren't nightly but are much more uptodate and so far I've not run into any major issues using them. As I've said before. Once they fix some long standing issues and AGH development is more stable then stable builds would be preferable. I still think AGH is "beta" software and thus its a moving target for builds. 107 has been more stable but they have not back ported some 108 changes.

AlanDias17 · November 28, 2022, 7:53pm

That seems like it'll take more time than I anticipated. Maybe I'll update it later this week. Tonight I'll look into it in detail. Thanks Mercy!

mercygroundabyss · November 28, 2022, 7:55pm

potentially you could uninstall and use the edge script directly but I've never tested that. Also unless the router has its own WAN dns upstream set, when you remove AGH it can break DNS resolution. I'm just being cautious with how I suggest to rip/replace

really when doing things like this you should always start from a "known good configuration" just "incase". Its just good engineering. Duct tape works sometimes but that's just a patch till you get it really fixed

:edit: I rolled the opkg version into my thread as James and I had worked on it and it was a convenient place to have up to date info for both.

AlanDias17 · November 28, 2022, 8:01pm

Haha Trust me I've literally spent 2-3 days fixing DNS issues while installing AGH. It's always DNS lol. Now I'm pretty aware how to setup AGH on my router Also, I'll go with your resetting method method cuz I like it clean setup so far.
Edit: Did you say your opkg version? That's great! But alas I can't install your updated version on my firmware right? It should be manual way as you said..

mercygroundabyss · November 28, 2022, 8:09pm

its not mine. @jamesmacwhite does the pulls of the 107 builds and gets them packaged for openwrt opkg installs. We both worked on it and the wiki to make it easier for people to use AGH on their router. I originally just worked on improving AGH's manual install and tweaked it for preparing OpenWrt for then using the script from AGH to install. James took that and used it to help do the opkg version with changes for smaller routers. There are key differences between the versions. Mine follows the /opt layout and saves all data and filters. James version due to OpenWrt settings has the bulk of the data saved in ram and thus re downloads filters etc after a reboot.

The opkg version is better for smaller space/ram routers. But it means you are restricted to stable releases only. (as OpenWrt rules require stable packages)

The manual edge builds are closer to bleeding edge and save all data to /opt. That requires more space. But also means AGH will self update.

AlanDias17 · November 28, 2022, 8:11pm

I'm running OpenWrt on RPi4 with 4GB RAM and Adguard workdir is set to the partition on my MicroSD. So I can give manual update a chance

mercygroundabyss · November 28, 2022, 8:16pm

yep. plenty of space etc. To make things simple just ensure you have a /opt folder be it part of your file system or even a mounted folder. Do that and everything will work smoothly as AGH assumes that for its install and my prepare script just moves dnsmasq so you are able to then install AGH and replace dnsmasq. Its that bit that's the tricky bit and to ensure both ipv6 and ipv4 is covered.

Then its just having AGH on different proxy port to avoid clashes with Luci (but you can also proxy it directly so you can use SSL but on your own internal lan its not really required. You could make it seamless by using nginx but that requires modifying Luci and AGH to be proxied.)

My aim was to make AGH less of an "I have to do what?" for users and more lego brick style replacement. Think of it as an aftermarket car upgrade. A few minutes with screwdrivers for better performance.

AlanDias17 · November 28, 2022, 8:21pm

Is this enough?

root@OpenWrt:~# df -h
Filesystem                Size      Used Available Use% Mounted on
/dev/root                24.8M     24.8M         0 100% /rom
tmpfs                     3.4G      4.1M      3.4G   0% /tmp
/dev/loop0               68.8M    509.0K     62.7M   1% /overlay
overlayfs:/overlay       68.8M    509.0K     62.7M   1% /
/dev/mmcblk0p1           63.9M     17.1M     46.7M  27% /boot
tmpfs                   512.0K         0    512.0K   0% /dev
/dev/mmcblk0p3           14.7G     10.8G      3.8G  74% /sda0

mercygroundabyss · November 28, 2022, 8:24pm

100mb as per the wiki. its 35mb for the AGH binary and you need double that when it upgrades and backs itself up. Then add in log space and filters. you have plenty space free but make sure you have /opt mounted as a folder rather than /sda0 as AGH expects to install to /opt.

I have a 3rd partition on my sd card mounted as /opt and keep my docker images and AGH installed there. That way I can reflash the first two partitions and reload my openwrt install but keep docker/agh and just re-add it.

AlanDias17 · November 28, 2022, 8:26pm

Ahhh Or I could use upx-4.0.0 package to make the installation files smaller to fit into /opt. It compresses 35 MB AGH file around 8-10 MB

mercygroundabyss · November 28, 2022, 8:33pm

that is another option but then you have to weigh the decompression time/power vs space. Neither is that much of an issue for rpi4 but for smaller dual or single core routers its a consideration. Also you have enough space so you don't have to compress it.

AlanDias17 · December 7, 2022, 10:22pm

Oh btw I received adguardhome 0.107.6-1 » 0.107.18-1 opkg update. I might try it later since I'm busy at work. Also I haven't received flood of Unpacking udp packet: dns: bad rdata erros for days only npacking udp packet: dns: buffer size too small

Jhunboss · December 19, 2022, 8:33pm

First of all thank you for this great tutorial. I have a problem and I must be doing it wrong. I have adguardhome installed in docker on my NAS (1.15) and I have my router openwrt (1.1).
I want adguardhome to be the primary DNS server and not do DHCP and I want the router to be the secondary DNS and to be the only DHCP server on the network. So I end up with two IP addresses instead of just one.
The idea is that if Adguardhome is not available that I can browse the internet only with my router.

With the configuration below the name resolution with does not work.

If I understood correctly, the router uses port 54 and the NAS uses port 53.

My /opt/AdGuardhome.yaml file:

dns:
   bind_hosts:
   - 127.0.0.1
   - ::1
   - 192.168.1.15
   - fd1a:c860:7174::1
   port: 53

  resolve_clients: true
   use_private_ptr_resolvers: true
   local_ptr_upstreams:
   - 192.168.1.1:54

Can you help me correct my configuration please in relation to the operation I am looking for?
I can provide you with more information if needed.

one last thing. In the dashboard in the top client box, I only have my router that appears. I had managed to configure it so that we could each client separately.

Thanks very much.

mercygroundabyss · December 19, 2022, 9:00pm

Firstly you cannot use these instructions to do a setup like yours. These instructions are for installing on router.

You won't need my scripts or to do major changes on your router. The only thing you will need to do is set your DHCP server to broadcast to use AGH DNS on your NAS. (option 6 is what you need)
This also means you won't need to move dnsmasq and so it will be port 53 on your router and not port 54.

Is there any reason why you can't run AGH on your router? or just easier to run it on your NAS?

Regarding dual DNS? That will not work. Having AGH as primary DNS and a secondary that is completely unfiltered gives a bypass. Its the equivalent of having a guard post that has a tunnel under it that anyone can use. You could mitigate this however by using AGH as your primary and another filtered DNS as secondary but again isn't ideal unless they both act similarly with regard to filters/blocking.

Jhunboss · December 19, 2022, 9:17pm

It seems very clear.
My router is a xiaomi Mi 3G V1 which is barely powerful enough to run AGH. AGH's administration interface was slow and I was limited in the number of filters because they slowed everything down. I tested the installation on my NAS and it was perfect, without power or memory limits.

I'm going to forget about this double DNS plan and I'm going to follow your configuration recommendations. Thanks again for your very quick and detailed response.