Davema
January 5, 2023, 9:09am
446
First of all, thanks for making this adguardhome package on openwrt.
I am trying to set it up properly on my openwrt router (TP link C2600) but are running into some problems when rebooting my router. I have used the tutorial of OneMarcFifty, from ~25 min , . Basically, moved DNSmasq to 5353 and let AGH run on port 53. I have set the AGH upstream DNS server 127.0.0.1:5353 as also mentioned in this wiki , .
I have enabled the adguardhome service by:
service adguardhome enable
service adguardhome start
Now when I perform a reboot of my router my internet stops and adguardhome is not starting up again. When I run by SSH: service adguardhome status the reply is running. logread -e AdGuardHome is not giving any errors.
When I now change my dnsmasq port back again from 5353 to 53 my internet works again. I have performed multiple attempts to opkg remove the adguardhome package and manually deleted the config file again (rm /etc/adguardhome.yaml). Then do a reinstall, AGH first works but every time after a router reboot the AGH breaks again.
I have read sometimes the NTP can be an issue and tried to add this to upstream server as well:
[/pool.ntp.org/]1.1.1.1
[/pool.ntp.org/]1.0.0.1
[/pool.ntp.org/]2606:4700:4700::1111
[/pool.ntp.org/]2606:4700:4700::1001
Any help on what I can do to make AGH survive a reboot of my router?
Davema
January 6, 2023, 12:19pm
447
Never mind this post I have solved the issue by very carefully following the steps in the Wiki .
Now dnsmasq is running on port 54 and by running the setup script from the wiki I have made some extra change to my /etc/config/dhcp settings that I forgot earlier. Also, the adguardhome rDNS settings and LAN domain interception settings are now fully in line with the Wiki.
Now AGH is working and coming up again after a router reboot.
1 Like
Thank you for the guide,
I have one issue:
On my LAN I have internet access but from OpenWrt I have not, becouse of the name resolver.
root@OpenWrt:~# ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: seq=0 ttl=59 time=19.352 ms
64 bytes from 1.1.1.1: seq=1 ttl=59 time=24.086 ms
64 bytes from 1.1.1.1: seq=2 ttl=59 time=24.827 ms
64 bytes from 1.1.1.1: seq=3 ttl=59 time=28.371 ms
64 bytes from 1.1.1.1: seq=4 ttl=59 time=23.944 ms
64 bytes from 1.1.1.1: seq=5 ttl=59 time=26.813 ms
64 bytes from 1.1.1.1: seq=6 ttl=59 time=29.624 ms
^C
--- 1.1.1.1 ping statistics ---
7 packets transmitted, 7 packets received, 0% packet loss
round-trip min/avg/max = 19.352/25.288/29.624 ms
root@OpenWrt:~# ping www.google.com
ping: bad address 'www.google.com'
root@OpenWrt:~# cat /etc/resolve.conf
search lan
nameserver 127.0.0.1
nameserver::1
If I change it to my openOpenWRTsIPsguard) the opeOpenWrtn resresolvee nameserver but after a reboot the resoresolvef revers my setting.
root@OpenWrt:~# cat /etc/resolve.conf
search lan
nameserver 192.168.20.1
nameserver ::1
root@OpenWrt:~# ping www.google.com
PING www.google.com (142.251.208.100): 56 data bytes
64 bytes from 142.251.208.100: seq=0 ttl=119 time=24.032 ms
64 bytes from 142.251.208.100: seq=1 ttl=119 time=17.753 ms
64 bytes from 142.251.208.100: seq=2 ttl=119 time=18.484 ms
64 bytes from 142.251.208.100: seq=3 ttl=119 time=17.345 ms
64 bytes from 142.251.208.100: seq=4 ttl=119 time=23.202 ms
^C
--- www.google.com ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 17.345/20.163/24.032 ms
How Can I make the config file pernament?
Well, I have this problem too. Opkg doesn't work with Adguard. Wrote 1.1.1.1 and 1.0.0.1 as dns servers on wan interface. No effect
zxc_TW
January 24, 2023, 1:40pm
451
@mercygroundabyss Do you have the latest version of openWRT built by anaelorlinski? (Use the version of nftables + iptables compatibility packages)
same issues here too. setting dns server on wan interface have no effect.
@Reconvene9657 @Voidstranger and whoever it may concern please follow up this simple guide:
AdGuard Home
Also follow this tutorial https://www.youtube.com/watch?v=yMcM40ipDlQ
I'm on release version OpenWrt 22.03.3 with adguardhome package version 0.107.21-1
Interfaces » WAN -> Disable Use DNS servers advertised by peer . Don't use any Use custom DNS servers
DHCP and DNS > General settings > Disable Rebind protection . In Advanced, Change DNS server port to 54 from 53.
Open AdguardHome Setup page 192.168.1.1:3000 .
Web Interface Listen Interface > Br-lan @ 8080
DNS server Listen interface > All interfaces @ 53. Next and create a password.
This is what my adguardhome.yaml looks:
bind_host: 192.168.1.1
bind_port: 8080
beta_bind_port: 0
users:
- name: usernamae
password: password
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
language: ""
debug_pprof: false
web_session_ttl: 720
dns:
bind_hosts:
- 192.168.1.1
- 127.0.0.1
port: 53
statistics_interval: 1
querylog_enabled: true
querylog_file_enabled: true
querylog_interval: 2160h
querylog_size_memory: 1000
anonymize_client_ip: false
protection_enabled: true
blocking_mode: default
blocking_ipv4: ""
blocking_ipv6: ""
blocked_response_ttl: 10
parental_block_host: family-block.dns.adguard.com
safebrowsing_block_host: standard-block.dns.adguard.com
ratelimit: 20
ratelimit_whitelist: []
refuse_any: true
upstream_dns:
- '[/lan/]127.0.0.1:54'
- '[//]127.0.0.1:54'
- '[/pool.ntp.org/]1.1.1.1'
- '[/pool.ntp.org/]1.0.0.1'
- '[/pool.ntp.org/]8.8.8.8'
- '[/pool.ntp.org/]8.8.4.4'
- https://dns.cloudflare.com/dns-query
- https://dns.google/dns-query
- https://doh.opendns.com/dns-query
- https://blitz.ahadns.com
- https://dns.nextdns.io
- https://basic.rethinkdns.com
upstream_dns_file: ""
bootstrap_dns:
- 1.1.1.1
- 1.0.0.1
- 8.8.8.8
- 8.8.4.4
all_servers: true
fastest_addr: false
fastest_timeout: 1s
allowed_clients: []
disallowed_clients: []
blocked_hosts:
- version.bind
- id.server
- hostname.bind
trusted_proxies:
- 127.0.0.0/8
- ::1/128
cache_size: 4194304
cache_ttl_min: 3600
cache_ttl_max: 86400
cache_optimistic: true
bogus_nxdomain: []
aaaa_disabled: false
enable_dnssec: true
edns_client_subnet: false
max_goroutines: 300
handle_ddr: true
ipset: []
ipset_file: ""
filtering_enabled: true
filters_update_interval: 24
parental_enabled: false
safesearch_enabled: false
safebrowsing_enabled: false
safebrowsing_cache_size: 1048576
safesearch_cache_size: 1048576
parental_cache_size: 1048576
cache_time: 30
rewrites: []
blocked_services: []
upstream_timeout: 10s
private_networks: []
use_private_ptr_resolvers: true
local_ptr_upstreams:
- 192.168.1.1:54
serve_http3: false
use_http3_upstreams: false
tls:
enabled: false
server_name: ""
force_https: false
port_https: 443
port_dns_over_tls: 853
port_dns_over_quic: 784
port_dnscrypt: 0
dnscrypt_config_file: ""
allow_unencrypted_doh: false
certificate_chain: ""
private_key: ""
certificate_path: ""
private_key_path: ""
strict_sni_check: false
filters:
- enabled: true
url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
name: AdGuard DNS filter
id: 1
- enabled: true
url: https://adaway.org/hosts.txt
name: AdAway Default Blocklist
id: 2
- enabled: true
url: https://abp.oisd.nl/
name: oisd
id: 1665787488
whitelist_filters: []
user_rules: []
dhcp:
enabled: false
interface_name: ""
local_domain_name: lan
dhcpv4:
gateway_ip: ""
subnet_mask: ""
range_start: ""
range_end: ""
lease_duration: 86400
icmp_timeout_msec: 1000
options: []
dhcpv6:
range_start: ""
lease_duration: 86400
ra_slaac_only: false
ra_allow_slaac: false
clients:
runtime_sources:
whois: true
arp: true
rdns: true
dhcp: true
hosts: true
persistent: []
log_file: ""
log_max_backups: 0
log_max_size: 100
log_max_age: 3
log_compress: false
log_localtime: false
verbose: false
os:
group: ""
user: ""
rlimit_nofile: 0
schema_version: 14
I reinstalled Adguard and chose all interfaces on first settings page. Now adguard works as intended
1 Like
Tip: you could have also just removed adguardhome.yaml file instead reinstalling whole package to get on the setup page
Just for curiosity can I see your adguardhome.yaml file?
I'm using 0.108 version. Here yaml:
bind_host: 0.0.0.0
bind_port: 8080
users:
- name: adguard
password: xxx
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
language: ""
theme: auto
debug_pprof: false
web_session_ttl: 720
dns:
bind_hosts:
- 0.0.0.0
port: 53
statistics_interval: 30
querylog_enabled: true
querylog_file_enabled: true
querylog_interval: 720h
querylog_size_memory: 1000
anonymize_client_ip: false
protection_enabled: true
blocking_mode: default
blocking_ipv4: ""
blocking_ipv6: ""
blocked_response_ttl: 10
parental_block_host: family-block.dns.adguard.com
safebrowsing_block_host: standard-block.dns.adguard.com
ratelimit: 150
ratelimit_whitelist: []
refuse_any: true
upstream_dns:
- https://dns.cloudflare.com/dns-query
- '[/lan/]127.0.0.1:54'
- '[//]127.0.0.1:54'
- '[/downloads.openwrt.org/]1.1.1.1'
- '[/pool.ntp.org/]1.1.1.1'
- '[/pool.ntp.org/]1.0.0.1'
- '[/ntp.time.in.ua/]1.1.1.1'
- '[/ntp2.time.in.ua/]1.1.1.1'
- '[/ntp3.time.in.ua/]1.1.1.1'
- '[/0.openwrt.pool.ntp.org/]1.1.1.1'
- '[/1.openwrt.pool.ntp.org/]1.1.1.1'
- '[/2.openwrt.pool.ntp.org/]1.1.1.1'
- '[/3.openwrt.pool.ntp.org/]1.1.1.1'
- '[/ntp.time.in.ua/]1.0.0.1'
- '[/ntp2.time.in.ua/]1.0.0.1'
- '[/ntp3.time.in.ua/]1.0.0.1'
- '[/0.openwrt.pool.ntp.org/]1.0.0.1'
- '[/1.openwrt.pool.ntp.org/]1.0.0.1'
- '[/2.openwrt.pool.ntp.org/]1.0.0.1'
- '[/3.openwrt.pool.ntp.org/]1.0.0.1'
upstream_dns_file: ""
bootstrap_dns:
- 9.9.9.10
- 149.112.112.10
- 2620:fe::10
- 2620:fe::fe:10
all_servers: false
fastest_addr: false
fastest_timeout: 1s
allowed_clients: []
disallowed_clients: []
blocked_hosts:
- version.bind
- id.server
- hostname.bind
trusted_proxies:
- 127.0.0.0/8
- ::1/128
cache_size: 4194304
cache_ttl_min: 0
cache_ttl_max: 0
cache_optimistic: false
bogus_nxdomain: []
aaaa_disabled: false
enable_dnssec: true
edns_client_subnet: false
max_goroutines: 300
handle_ddr: true
ipset: []
ipset_file: ""
filtering_enabled: true
filters_update_interval: 168
parental_enabled: false
safesearch_enabled: false
safebrowsing_enabled: false
safebrowsing_cache_size: 1048576
safesearch_cache_size: 1048576
parental_cache_size: 1048576
cache_time: 30
rewrites: []
blocked_services: []
upstream_timeout: 10s
private_networks: []
use_private_ptr_resolvers: true
local_ptr_upstreams: []
use_dns64: false
dns64_prefixes: []
serve_http3: false
use_http3_upstreams: false
tls:
enabled: false
server_name: ""
force_https: false
port_https: 443
port_dns_over_tls: 853
port_dns_over_quic: 853
port_dnscrypt: 0
dnscrypt_config_file: ""
allow_unencrypted_doh: false
certificate_chain: ""
private_key: ""
certificate_path: ""
private_key_path: ""
strict_sni_check: false
filters:
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
name: AdGuard DNS filter
id: 1
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt
name: AdAway Default Blocklist
id: 2
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_23.txt
name: WindowsSpyBlocker - Hosts spy rules
id: 1674589437
- enabled: true
url: https://easylist-downloads.adblockplus.org/advblock.txt
name: RU AdList
id: 1674589439
- enabled: true
url: https://easylist-downloads.adblockplus.org/antiadblockfilters.txt
name: Adblock Warning Removal List
id: 1674589440
- enabled: true
url: https://easylist.to/easylist/easylist.txt
name: EasyList
id: 1674589441
whitelist_filters: []
user_rules: []
dhcp:
enabled: false
interface_name: ""
local_domain_name: lan
dhcpv4:
gateway_ip: ""
subnet_mask: ""
range_start: ""
range_end: ""
lease_duration: 86400
icmp_timeout_msec: 1000
options: []
dhcpv6:
range_start: ""
lease_duration: 86400
ra_slaac_only: false
ra_allow_slaac: false
clients:
runtime_sources:
whois: true
arp: true
rdns: true
dhcp: true
hosts: true
persistent: []
log_file: ""
log_max_backups: 0
log_max_size: 100
log_max_age: 3
log_compress: false
log_localtime: false
verbose: false
os:
group: ""
user: ""
rlimit_nofile: 0
schema_version: 14
you can try
dns:
bind_hosts:
- 192.168.1.1
- 127.0.0.1
This will make your client list on home page readable without causing any issue hopefully.
Also try to achieve Average processing time below 3-5ms
cjom
January 29, 2023, 1:14pm
458
I'm thinking about keeping my AGH automatically updated with a daily cron job running the command "/opt/AdGuardHome/AdGuardHome --update"
Is there any "don't do it" reason I am missing?
Does anyone know how to get WireGuard working along side Adguard Home? Adguard is installed as per the instructions above.
Thanks
I haven't tried both at the same time but I will try help.
Install the wireguard
client on your router using opkg
Download the appropriate wgcf binary release from Github https://github.com/ViRb3/wgcf if you are using Linux the "linux-amd64" binary
Make the binary executable chmod a+x wgcf
Run ./wgcf register
Run run ./wgcf generate
Finally paste wgcf-profile.conf
in Luci-Interface.
Once done with these steps lemme know
So AdGuard is set up the same as above but it’s listening on all interfaces because I can’t opkg update otherwise. And WireGuard is set up like this https://youtu.be/04q41GEPvKA any tips?
While installing AGH give it default DNS port 53 and set openwrt DNS port to 54.
In adguardhome.yaml change dns to only these interfaces:
dns:
bind_hosts:
- 192.168.1.1
- 127.0.0.1
Your Network file supposed to look like this after Wireguard installation:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'ef88:4821:2f84::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option proto 'pppoe'
option device 'eth1'
option username 'username'
option ipv6 'auto'
option peerdns '0'
option password 'password'
config interface 'wireguard'
option proto 'wireguard'
option private_key 'privatekey='
option peerdns '0'
list dns '1.1.1.1'
list addresses '2601:4500:124:8ef8:9ccf:abd9:7b95:196/128'
list addresses '172.11.0.2/32'
config wireguard_wireguard
option description 'wgcf-profile.conf'
option public_key 'publickey='
option endpoint_host 'engage.cloudflareclient.com'
option endpoint_port '2408'
option route_allowed_ips '1'
option persistent_keepalive '25' #If you're behind double-nat or else set to 0
list allowed_ips '::/0'
list allowed_ips '0.0.0.0/0'
But with these settings, the wireguard interface is not protected by Adguardhome. Is that correct?
I haven't tried but theoretically it should in my opinion. I will try this setup later but until now someone try it out and let me know
It doesn’t work for me, however I have
dns:
bind_hosts:
- 0.0.0.0
Because I can’t opkg update otherwise, it’s bugged for me. Does Wireguard need to be added to the AGH client settings? And what about upstream servers for AGH?