[How-To-Updated 2021] Installing AdGuardHome on OpenWrt [Manual and opkg method]

hi everybody my adguard gui appair like this

AdGuard Home v0.107.36 is now available! Click here for more information.

how make update basicly via uci ?

i has also installed in my router belkin rt3200

I'd rather update it via opkg. Did you try it?

no i do'nt tried with uci you has make ?

opkg update adguard home 

I never used uci to update packages. However why don't you try from Luci-opkg?

1 Like

It s soo late i has reset router ans reinstall thΓ© adguard :confused:

i'm not make that below and my router work

config redirect
        option dest 'lan'
        option target 'DNAT'
        option src 'lan'
        option src_dport '53'
        option name 'AdGuardHome DNS Interception'
        option src_ip '!'
        option dest_ip ''
        option dest_port '53'
config nat
        option name 'Prevent hardcoded DNS'
        list proto 'tcp'
        list proto 'udp'
        option src 'lan'
        option dest_ip ''
        option dest_port '53'
        option target 'MASQUERADE'
1 Like


What is the minimum RAM/Flash space recommended to run AGH with blocklists suggested in the post?

Based on GL.iNet devices - the ones with AGH pre-installed have at least 128MB flash. Those with less flash have no AGH. Probably, can take 128MB as minimum required for flash.

I believe even on 64MB RAM you can make adguard package work

1 Like

Hi, thanks for the great guide. However, on 23.05 this gives me the following error. Any idea on how to translate the statement to the new environment?

root@OpenWrt:~# nft add rule nat pre udp dport 53 ip saddr dnat 1
Error: Could not process rule: No such file or directory
add rule nat pre udp dport 53 ip saddr dnat


How does one go about solving this issue (when AGH installed on router)?

I am trying to figure out why AGH (opkg install) is not available on the router restart (after working nicely on previous restarts).

The only way I know of is to allow web access for a certain period of time at startup.

For example, let's say you've disabled all access to the wan from the router itself as a matter of policy, then defined a rule called "router-web" that allows access from "this device" to the wan interface tcp ports 80 and 443, and by default that rule is disabled.

You could then something like this to your rc.local:

tempweb() {
    rulenum=$(uci show firewall | grep 'router-web' | sed 's/.*\@//;s/\.name.*//')
    uci set firewall.@"$rulenum".enabled="1"
    sleep 90
    uci set firewall.@"$rulenum".enabled="0"

tempweb &

This should enable that rule, wait 90 seconds then disable it. That's one approach, admittedly not very carefully tested on my part. You might play around with that a little and find something that works for you.

EDIT: Since rc.local is meant to be the last thing that runs, it might be too late in practice to enable this rule. If that turns out to be the case you could instead have the rule enabled by default, delete the first "uci set" line above and just leave the part where it disables it after 90 seconds.

1 Like

Hi, does anyone know on how to translate this from the guide to 23.05?

root@OpenWrt:~# nft add rule nat pre udp dport 53 ip saddr dnat 1
Error: Could not process rule: No such file or directory
add rule nat pre udp dport 53 ip saddr dnat
1 Like

Another question. After installed AGH, I configured it as described in the wiki. Besides the point above. When trying to update DDNS, the following error shows. Before AHG it worked like a charm.

131349       : Detect registered/public IP
 131349       : #> /usr/bin/nslookup dyndns.xyz.com  >/var/run/ddns/dyndns_xyz_com_ipv4.dat 2>/var/run/ddns//dyndns_xyz_com_ipv4.err
 131349 ERROR : BusyBox nslookup error: '1'
 131349       : nslookup: write to '': Connection refused
nslookup: write to '::1': Connection refused

Thanks in advance.

Thanks to this installation guide I've been able to install AdGuardHome on my Banana R3.
However: my IPTV isn't working anymore.

I've 4 interfaces defined: wan, lan, iptv_wan and iptv_lan. The lan and iptv_lan interfaces have each a different vlan defined, as required by my ISP.

My assumption is that AdGuard Home is also enabled on the iptv_lan interface and that this results in my iptv not working anymore.

Is there a way to overcome this? I would like to have AGH working on the lan-interface only.

trying to setup openWRT and AGH on a Raspberry Pi following this guide:

everything was working fine until after installing AGH. For some reason I now can't update the lists in openWRT. Clearly a DNS setup issue but not sure where to look.
If it helps, from the rpi via SSH:
ping google.com --> "bad address.."
ping downloads.openwrt.org --> "bad address.."

however any client connected to the rpi can resolve the DNS queries.
Can someone help me pinpoint the issue, what config file, what more info do you need?

show us the "adguardhome.yaml"


Comparing the two methods described above for DNS interception:


the first NFT Tables method does not list TCP protocol. Is there reason for this, or it has to be updated?

here's the adguardhome.yaml file:

bind_port: 8080
beta_bind_port: 0
  - name: <username.
    password: <some token>
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
language: en
debug_pprof: false
web_session_ttl: 720
  port: 53
  statistics_interval: 7
  querylog_enabled: true
  querylog_file_enabled: true
  querylog_interval: 720h
  querylog_size_memory: 1000
  anonymize_client_ip: false
  protection_enabled: true
  blocking_mode: default
  blocking_ipv4: ""
  blocking_ipv6: ""
  blocked_response_ttl: 10
  parental_block_host: family-block.dns.adguard.com
  safebrowsing_block_host: standard-block.dns.adguard.com
  ratelimit: 20
  ratelimit_whitelist: []
  refuse_any: true
    - https://dns10.quad9.net/dns-query
    - https://family.adguard-dns.com/dns-query
  upstream_dns_file: ""
    - 2620:fe::10
    - 2620:fe::fe:10
  all_servers: false
  fastest_addr: false
  fastest_timeout: 1s
  allowed_clients: []
  disallowed_clients: []
    - version.bind
    - id.server
    - hostname.bind
    - ::1/128
  cache_size: 4194304
  cache_ttl_min: 0
  cache_ttl_max: 0
  cache_optimistic: false
  bogus_nxdomain: []
  aaaa_disabled: false
  enable_dnssec: false
  edns_client_subnet: false
  max_goroutines: 300
  handle_ddr: true
  ipset: []
  ipset_file: ""
  filtering_enabled: true
  filters_update_interval: 24
  parental_enabled: false
  safesearch_enabled: false
  safebrowsing_enabled: false
  safebrowsing_cache_size: 1048576
  safesearch_cache_size: 1048576
  parental_cache_size: 1048576
  cache_time: 30
  rewrites: []
  blocked_services: []
  upstream_timeout: 10s
  private_networks: []
  use_private_ptr_resolvers: true
  serve_http3: false
  use_http3_upstreams: false
  enabled: false
  server_name: ""
  force_https: false
  port_https: 443
  port_dns_over_tls: 853
  port_dns_over_quic: 853
  port_dnscrypt: 0
  dnscrypt_config_file: ""
  allow_unencrypted_doh: false
  certificate_chain: ""
  private_key: ""
  certificate_path: ""
  private_key_path: ""
  strict_sni_check: false
  - enabled: true
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
    name: AdGuard DNS filter
    id: 1
  - enabled: false
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt
    name: AdAway Default Blocklist
    id: 2
whitelist_filters: []
user_rules: []
  enabled: false
  interface_name: ""
  local_domain_name: lan
    gateway_ip: ""
    subnet_mask: ""
    range_start: ""
    range_end: ""
    lease_duration: 86400
    icmp_timeout_msec: 1000
    options: []
    range_start: ""
    lease_duration: 86400
    ra_slaac_only: false
    ra_allow_slaac: false
    whois: true
    arp: true
    rdns: true
    dhcp: true
    hosts: true
  persistent: []
log_file: ""
log_max_backups: 0
log_max_size: 100
log_max_age: 3
log_compress: false
log_localtime: false
verbose: false
  group: ""
  user: ""
  rlimit_nofile: 0
schema_version: 14

adding the lines below in the upstream dns part might fix the issue.

    - '[/lan/]'
    - '[//]'

Hi Synapse, appreciate the help, but didn't work. Still can't ping google.com from the router itself.
devices connected to the router work fine.
any other ideas? need any other info?