[How-To-Updated 2021] Installing AdGuardHome on OpenWrt [Manual and opkg method]

First of all, thanks for making this adguardhome package on openwrt.

I am trying to set it up properly on my openwrt router (TP link C2600) but are running into some problems when rebooting my router. I have used the tutorial of OneMarcFifty, from ~25 min, . Basically, moved DNSmasq to 5353 and let AGH run on port 53. I have set the AGH upstream DNS server 127.0.0.1:5353 as also mentioned in this wiki, .

I have enabled the adguardhome service by:

service adguardhome enable
service adguardhome start

Now when I perform a reboot of my router my internet stops and adguardhome is not starting up again. When I run by SSH: service adguardhome status the reply is running. logread -e AdGuardHome is not giving any errors.

When I now change my dnsmasq port back again from 5353 to 53 my internet works again. I have performed multiple attempts to opkg remove the adguardhome package and manually deleted the config file again (rm /etc/adguardhome.yaml). Then do a reinstall, AGH first works but every time after a router reboot the AGH breaks again.

I have read sometimes the NTP can be an issue and tried to add this to upstream server as well:

[/pool.ntp.org/]1.1.1.1

[/pool.ntp.org/]1.0.0.1

[/pool.ntp.org/]2606:4700:4700::1111

[/pool.ntp.org/]2606:4700:4700::1001

Any help on what I can do to make AGH survive a reboot of my router?

Never mind this post I have solved the issue by very carefully following the steps in the Wiki.

Now dnsmasq is running on port 54 and by running the setup script from the wiki I have made some extra change to my /etc/config/dhcp settings that I forgot earlier. Also, the adguardhome rDNS settings and LAN domain interception settings are now fully in line with the Wiki.

Now AGH is working and coming up again after a router reboot.

1 Like

Thank you for the guide,
I have one issue:

On my LAN I have internet access but from OpenWrt I have not, becouse of the name resolver.

root@OpenWrt:~# ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: seq=0 ttl=59 time=19.352 ms
64 bytes from 1.1.1.1: seq=1 ttl=59 time=24.086 ms
64 bytes from 1.1.1.1: seq=2 ttl=59 time=24.827 ms
64 bytes from 1.1.1.1: seq=3 ttl=59 time=28.371 ms
64 bytes from 1.1.1.1: seq=4 ttl=59 time=23.944 ms
64 bytes from 1.1.1.1: seq=5 ttl=59 time=26.813 ms
64 bytes from 1.1.1.1: seq=6 ttl=59 time=29.624 ms
^C
--- 1.1.1.1 ping statistics ---
7 packets transmitted, 7 packets received, 0% packet loss
round-trip min/avg/max = 19.352/25.288/29.624 ms
root@OpenWrt:~# ping www.google.com
ping: bad address 'www.google.com'
root@OpenWrt:~# cat /etc/resolve.conf
search lan
nameserver 127.0.0.1
nameserver::1

If I change it to my openOpenWRTsIPsguard) the opeOpenWrtn resresolvee nameserver but after a reboot the resoresolvef revers my setting.

root@OpenWrt:~# cat /etc/resolve.conf
search lan
nameserver 192.168.20.1
nameserver ::1

root@OpenWrt:~# ping www.google.com
PING www.google.com (142.251.208.100): 56 data bytes
64 bytes from 142.251.208.100: seq=0 ttl=119 time=24.032 ms
64 bytes from 142.251.208.100: seq=1 ttl=119 time=17.753 ms
64 bytes from 142.251.208.100: seq=2 ttl=119 time=18.484 ms
64 bytes from 142.251.208.100: seq=3 ttl=119 time=17.345 ms
64 bytes from 142.251.208.100: seq=4 ttl=119 time=23.202 ms
^C
--- www.google.com ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 17.345/20.163/24.032 ms

How Can I make the config file pernament?

Well, I have this problem too. Opkg doesn't work with Adguard. Wrote 1.1.1.1 and 1.0.0.1 as dns servers on wan interface. No effect

Same issue here.

@mercygroundabyss Do you have the latest version of openWRT built by anaelorlinski? (Use the version of nftables + iptables compatibility packages)

same issues here too. setting dns server on wan interface have no effect.

@Reconvene9657 @Voidstranger and whoever it may concern please follow up this simple guide:
AdGuard Home
Also follow this tutorial https://www.youtube.com/watch?v=yMcM40ipDlQ
I'm on release version OpenWrt 22.03.3 with adguardhome package version 0.107.21-1

  1. Interfaces ยป WAN -> Disable Use DNS servers advertised by peer. Don't use any Use custom DNS servers
  2. DHCP and DNS > General settings > Disable Rebind protection. In Advanced, Change DNS server port to 54 from 53.
  3. Open AdguardHome Setup page 192.168.1.1:3000.
    Web Interface Listen Interface > Br-lan @ 8080
    DNS server Listen interface > All interfaces @ 53. Next and create a password.

This is what my adguardhome.yaml looks:

bind_host: 192.168.1.1
bind_port: 8080
beta_bind_port: 0
users:
  - name: usernamae
    password: password
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
language: ""
debug_pprof: false
web_session_ttl: 720
dns:
  bind_hosts:
    - 192.168.1.1
    - 127.0.0.1
  port: 53
  statistics_interval: 1
  querylog_enabled: true
  querylog_file_enabled: true
  querylog_interval: 2160h
  querylog_size_memory: 1000
  anonymize_client_ip: false
  protection_enabled: true
  blocking_mode: default
  blocking_ipv4: ""
  blocking_ipv6: ""
  blocked_response_ttl: 10
  parental_block_host: family-block.dns.adguard.com
  safebrowsing_block_host: standard-block.dns.adguard.com
  ratelimit: 20
  ratelimit_whitelist: []
  refuse_any: true
  upstream_dns:
    - '[/lan/]127.0.0.1:54'
    - '[//]127.0.0.1:54'
    - '[/pool.ntp.org/]1.1.1.1'
    - '[/pool.ntp.org/]1.0.0.1'
    - '[/pool.ntp.org/]8.8.8.8'
    - '[/pool.ntp.org/]8.8.4.4'
    - https://dns.cloudflare.com/dns-query
    - https://dns.google/dns-query
    - https://doh.opendns.com/dns-query
    - https://blitz.ahadns.com
    - https://dns.nextdns.io
    - https://basic.rethinkdns.com
  upstream_dns_file: ""
  bootstrap_dns:
    - 1.1.1.1
    - 1.0.0.1
    - 8.8.8.8
    - 8.8.4.4
  all_servers: true
  fastest_addr: false
  fastest_timeout: 1s
  allowed_clients: []
  disallowed_clients: []
  blocked_hosts:
    - version.bind
    - id.server
    - hostname.bind
  trusted_proxies:
    - 127.0.0.0/8
    - ::1/128
  cache_size: 4194304
  cache_ttl_min: 3600
  cache_ttl_max: 86400
  cache_optimistic: true
  bogus_nxdomain: []
  aaaa_disabled: false
  enable_dnssec: true
  edns_client_subnet: false
  max_goroutines: 300
  handle_ddr: true
  ipset: []
  ipset_file: ""
  filtering_enabled: true
  filters_update_interval: 24
  parental_enabled: false
  safesearch_enabled: false
  safebrowsing_enabled: false
  safebrowsing_cache_size: 1048576
  safesearch_cache_size: 1048576
  parental_cache_size: 1048576
  cache_time: 30
  rewrites: []
  blocked_services: []
  upstream_timeout: 10s
  private_networks: []
  use_private_ptr_resolvers: true
  local_ptr_upstreams:
    - 192.168.1.1:54
  serve_http3: false
  use_http3_upstreams: false
tls:
  enabled: false
  server_name: ""
  force_https: false
  port_https: 443
  port_dns_over_tls: 853
  port_dns_over_quic: 784
  port_dnscrypt: 0
  dnscrypt_config_file: ""
  allow_unencrypted_doh: false
  certificate_chain: ""
  private_key: ""
  certificate_path: ""
  private_key_path: ""
  strict_sni_check: false
filters:
  - enabled: true
    url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
    name: AdGuard DNS filter
    id: 1
  - enabled: true
    url: https://adaway.org/hosts.txt
    name: AdAway Default Blocklist
    id: 2
  - enabled: true
    url: https://abp.oisd.nl/
    name: oisd
    id: 1665787488
whitelist_filters: []
user_rules: []
dhcp:
  enabled: false
  interface_name: ""
  local_domain_name: lan
  dhcpv4:
    gateway_ip: ""
    subnet_mask: ""
    range_start: ""
    range_end: ""
    lease_duration: 86400
    icmp_timeout_msec: 1000
    options: []
  dhcpv6:
    range_start: ""
    lease_duration: 86400
    ra_slaac_only: false
    ra_allow_slaac: false
clients:
  runtime_sources:
    whois: true
    arp: true
    rdns: true
    dhcp: true
    hosts: true
  persistent: []
log_file: ""
log_max_backups: 0
log_max_size: 100
log_max_age: 3
log_compress: false
log_localtime: false
verbose: false
os:
  group: ""
  user: ""
  rlimit_nofile: 0
schema_version: 14

I reinstalled Adguard and chose all interfaces on first settings page. Now adguard works as intended

1 Like

Tip: you could have also just removed adguardhome.yaml file instead reinstalling whole package to get on the setup page

Just for curiosity can I see your adguardhome.yaml file?

I'm using 0.108 version. Here yaml:

bind_host: 0.0.0.0
bind_port: 8080
users:
  - name: adguard
    password: xxx
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
language: ""
theme: auto
debug_pprof: false
web_session_ttl: 720
dns:
  bind_hosts:
    - 0.0.0.0
  port: 53
  statistics_interval: 30
  querylog_enabled: true
  querylog_file_enabled: true
  querylog_interval: 720h
  querylog_size_memory: 1000
  anonymize_client_ip: false
  protection_enabled: true
  blocking_mode: default
  blocking_ipv4: ""
  blocking_ipv6: ""
  blocked_response_ttl: 10
  parental_block_host: family-block.dns.adguard.com
  safebrowsing_block_host: standard-block.dns.adguard.com
  ratelimit: 150
  ratelimit_whitelist: []
  refuse_any: true
  upstream_dns:
    - https://dns.cloudflare.com/dns-query
    - '[/lan/]127.0.0.1:54'
    - '[//]127.0.0.1:54'
    - '[/downloads.openwrt.org/]1.1.1.1'
    - '[/pool.ntp.org/]1.1.1.1'
    - '[/pool.ntp.org/]1.0.0.1'
    - '[/ntp.time.in.ua/]1.1.1.1'
    - '[/ntp2.time.in.ua/]1.1.1.1'
    - '[/ntp3.time.in.ua/]1.1.1.1'
    - '[/0.openwrt.pool.ntp.org/]1.1.1.1'
    - '[/1.openwrt.pool.ntp.org/]1.1.1.1'
    - '[/2.openwrt.pool.ntp.org/]1.1.1.1'
    - '[/3.openwrt.pool.ntp.org/]1.1.1.1'
    - '[/ntp.time.in.ua/]1.0.0.1'
    - '[/ntp2.time.in.ua/]1.0.0.1'
    - '[/ntp3.time.in.ua/]1.0.0.1'
    - '[/0.openwrt.pool.ntp.org/]1.0.0.1'
    - '[/1.openwrt.pool.ntp.org/]1.0.0.1'
    - '[/2.openwrt.pool.ntp.org/]1.0.0.1'
    - '[/3.openwrt.pool.ntp.org/]1.0.0.1'
  upstream_dns_file: ""
  bootstrap_dns:
    - 9.9.9.10
    - 149.112.112.10
    - 2620:fe::10
    - 2620:fe::fe:10
  all_servers: false
  fastest_addr: false
  fastest_timeout: 1s
  allowed_clients: []
  disallowed_clients: []
  blocked_hosts:
    - version.bind
    - id.server
    - hostname.bind
  trusted_proxies:
    - 127.0.0.0/8
    - ::1/128
  cache_size: 4194304
  cache_ttl_min: 0
  cache_ttl_max: 0
  cache_optimistic: false
  bogus_nxdomain: []
  aaaa_disabled: false
  enable_dnssec: true
  edns_client_subnet: false
  max_goroutines: 300
  handle_ddr: true
  ipset: []
  ipset_file: ""
  filtering_enabled: true
  filters_update_interval: 168
  parental_enabled: false
  safesearch_enabled: false
  safebrowsing_enabled: false
  safebrowsing_cache_size: 1048576
  safesearch_cache_size: 1048576
  parental_cache_size: 1048576
  cache_time: 30
  rewrites: []
  blocked_services: []
  upstream_timeout: 10s
  private_networks: []
  use_private_ptr_resolvers: true
  local_ptr_upstreams: []
  use_dns64: false
  dns64_prefixes: []
  serve_http3: false
  use_http3_upstreams: false
tls:
  enabled: false
  server_name: ""
  force_https: false
  port_https: 443
  port_dns_over_tls: 853
  port_dns_over_quic: 853
  port_dnscrypt: 0
  dnscrypt_config_file: ""
  allow_unencrypted_doh: false
  certificate_chain: ""
  private_key: ""
  certificate_path: ""
  private_key_path: ""
  strict_sni_check: false
filters:
  - enabled: true
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
    name: AdGuard DNS filter
    id: 1
  - enabled: true
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt
    name: AdAway Default Blocklist
    id: 2
  - enabled: true
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_23.txt
    name: WindowsSpyBlocker - Hosts spy rules
    id: 1674589437
  - enabled: true
    url: https://easylist-downloads.adblockplus.org/advblock.txt
    name: RU AdList
    id: 1674589439
  - enabled: true
    url: https://easylist-downloads.adblockplus.org/antiadblockfilters.txt
    name: Adblock Warning Removal List
    id: 1674589440
  - enabled: true
    url: https://easylist.to/easylist/easylist.txt
    name: EasyList
    id: 1674589441
whitelist_filters: []
user_rules: []
dhcp:
  enabled: false
  interface_name: ""
  local_domain_name: lan
  dhcpv4:
    gateway_ip: ""
    subnet_mask: ""
    range_start: ""
    range_end: ""
    lease_duration: 86400
    icmp_timeout_msec: 1000
    options: []
  dhcpv6:
    range_start: ""
    lease_duration: 86400
    ra_slaac_only: false
    ra_allow_slaac: false
clients:
  runtime_sources:
    whois: true
    arp: true
    rdns: true
    dhcp: true
    hosts: true
  persistent: []
log_file: ""
log_max_backups: 0
log_max_size: 100
log_max_age: 3
log_compress: false
log_localtime: false
verbose: false
os:
  group: ""
  user: ""
  rlimit_nofile: 0
schema_version: 14

you can try

dns:
  bind_hosts:
    - 192.168.1.1
    - 127.0.0.1

This will make your client list on home page readable without causing any issue hopefully.

Also try to achieve Average processing time below 3-5ms
image

I'm thinking about keeping my AGH automatically updated with a daily cron job running the command "/opt/AdGuardHome/AdGuardHome --update"

Is there any "don't do it" reason I am missing?