[How-To-Updated 2021] Installing AdGuardHome on OpenWrt [Manual and opkg method]

Community Builds, Projects & Packages
587

not add lines as ask you to do synapse, it's a false info, he is not intended to answer, to fix your issue do only two steps:
Step 1. In your adguardhome.yaml file make sure you have those strings

dns:
  bind_hosts:
    - 127.0.0.1
    - 192.168.1.1

Where:

  • 127.0.0.1 [io loop]
  • 192.168.1.1 [your router ip, the one is not pinging]

Step 2. In your local startup put this sting [OpenWrt Web Interface -> System tab -> Startup tab -> Local Startup tab]
service adguardhome restart
after you do that, restart your router manually

it will 100% fix your issue, do not forget to say thanks to me.

i am a developer of AGH (Russia based HQ), and this is already a known issue of OpenWrt, not AGH itself

3 Likes
588

Thanks Sentenzo, this fixed the issue.
I knew it had to do with DNS but couldn't find where/how to fix this.
On a separate note, continued with the guide installing wireguard VPN (https://tristam.ie/2023/805/) and although it has been configured, now when I run the adguard test page it says adguard is not running.
Is that because now I'm skipping the local ad blocker and tunneling to my vpn server?
also may I ask, is a raspberry pi 3B+ still a good device for this project? I believe wireless is limited to "N" which may make it slow?

589

hello everyone!

Does anyone know why when updating in System -> Software -> Update lists, the AdGuardHome package no longer appears?

Captura de pantalla 2023-10-02 104543
Captura de pantalla 2023-10-02 104543962×508 23.6 KB

Was this package removed from the repository?

Does anyone know what happened?

Thank you for your answers...

590

i guess AGH was suspended by OpenWrt due to it broke opkg update command like mentioned me and user above your comment
it is still in a snapshot /packages/ so it has compiled but i also can't find it via software

if you have enough power you can install it manually, just put agh file into your router and use command like opkg install packagename.ipk

for that you can download it from official repository of OpenWrt via your platform
example link
https://downloads.openwrt.org/snapshots/packages/x86_64/packages/adguardhome_0.107.36-1_x86_64.ipk

591

I really didn't have DNS problems with adguardhome.
To install and configure adguardhome I followed this guide which worked well for me.

The problem came when I installed version 23.05 rc4 from scratch, since then the package does not appear when updating lists.

What I did was install as recommended on the AdGuardHome GitHub, with the following command:

curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v

The difference is that now the installation is done in /opt/AdGuardHome.

1 Like
592

I can confirm that on 23.05, we don't need to specify -c edge to have Adguard installed in /opt. It's better if you prefer to stay with stable release. Maybe it could be great to indicate it in the first post.

593

Hi,

AGH Edge was working fine on linksys 1900acs v2 openwrt 22 but after upgrading to Openwrt 23, neither the Edge nor the stable opkg is working now.

Issue: ping is working fine but webpage are not opening

594

Hi I have some questions installing Adguard Home for Openwrt.

I have a powerful x86 router (ssd, ram, cpu are plenty). Is it better to install from Adguard's website using their automated curl install script? Or is it still recommended to use the official Openwrt adguard opkg package?

When I follow the wiki and this post to install Adguard Home, Openwrt can no longer run opkg update, it cannot resolve DNS. After looking at the comments here this seems to be resolved by adding 127.0.0.1 adguardhome.yaml file to bind_hosts. Good but is missing from guide?

I had same issue as here:

but mercygroundabyss writes:

Everything the router does goes via Adguard. I can see all opkg updates, traceroutes and pings the router is doing in Adguard's logs. If I understand right, @mercygroundabyss says it should not be like this. Router should use dnsmasq port 54 for own routes, not go to Adguard that is set to port 53?

I have set WAN DNS manually and I have also tried with the default peer setting on because my ISP is fine. But it does not matter what WAN DNS I have set, because all traffic from router goes via Adguard and router do not use the set WAN DNS. It has no effect what server is there.

Discussion seems to end because user was happy that Adguard works, but I don't see proper solution. If there indeed is loop back to Adguard when there should not be and router should do DNS lookups by itself.

Same as with andretoniolo, doing diagnostic nslookup from Openwrt:

Server:		127.0.0.1
Address:	127.0.0.1:53

According to mercygroundabyss this should go to dnsmasq port 54 so it routes it by itself and not directed to Adguard port 53?
Is there any solution? I could not find any going up and down this thread.

595

Could you post your yaml file?

596

Hi let me repeat that in sense Adguard and Openwrt "works" but not the intended way according to mercygroundabyss. That the router should be capable of resolving without Adguard.
I don't know if problem is more in Openwrt settings or yaml file but feels like router, if router should be able to resolve by itself without Adguard.

yaml file:

http:
  pprof:
    port: 6060
    enabled: false
  address: 192.168.1.1:33339
  session_ttl: 720h
users:
  - name: 
    password: 
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
language: en
theme: auto
dns:
  bind_hosts:
    - 192.168.1.1
    - 127.0.0.1
  port: 53
  anonymize_client_ip: false
  ratelimit: 40
  ratelimit_whitelist: []
  refuse_any: true
  upstream_dns:
    - tls://dns.quad9.net
    - '[/lan/]127.0.0.1:54'
    - '[//]127.0.0.1:54'
    - '#[/pool.ntp.org/]1.1.1.1'
  upstream_dns_file: ""
  bootstrap_dns:
    - 9.9.9.10
    - 149.112.112.10
    - 2620:fe::10
    - 2620:fe::fe:10
  fallback_dns: []
  all_servers: false
  fastest_addr: false
  fastest_timeout: 1s
  allowed_clients: []
  disallowed_clients: []
  blocked_hosts:
    - version.bind
    - id.server
    - hostname.bind
  trusted_proxies:
    - 127.0.0.0/8
    - ::1/128
  cache_size: 4194304
  cache_ttl_min: 0
  cache_ttl_max: 0
  cache_optimistic: false
  bogus_nxdomain: []
  aaaa_disabled: false
  enable_dnssec: false
  edns_client_subnet:
    custom_ip: ""
    enabled: false
    use_custom: false
  max_goroutines: 300
  handle_ddr: true
  ipset: []
  ipset_file: ""
  bootstrap_prefer_ipv6: false
  upstream_timeout: 10s
  private_networks: []
  use_private_ptr_resolvers: true
  local_ptr_upstreams:
    - 192.168.1.1:54
  use_dns64: false
  dns64_prefixes: []
  serve_http3: false
  use_http3_upstreams: false
tls:
  enabled: false
  server_name: ""
  force_https: false
  port_https: 443
  port_dns_over_tls: 853
  port_dns_over_quic: 853
  port_dnscrypt: 0
  dnscrypt_config_file: ""
  allow_unencrypted_doh: false
  certificate_chain: ""
  private_key: ""
  certificate_path: ""
  private_key_path: ""
  strict_sni_check: false
querylog:
  ignored: []
  interval: 168h
  size_memory: 1000
  enabled: true
  file_enabled: true
statistics:
  ignored: []
  interval: 720h
  enabled: true
filters:
  - enabled: true
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
    name: AdGuard DNS filter
    id: 1
  - enabled: true
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_27.txt
    name: OISD Blocklist Big
    id: 1698335893
whitelist_filters: []
user_rules:
  - ""
dhcp:
  enabled: false
  interface_name: ""
  local_domain_name: lan
  dhcpv4:
    gateway_ip: ""
    subnet_mask: ""
    range_start: ""
    range_end: ""
    lease_duration: 86400
    icmp_timeout_msec: 1000
    options: []
  dhcpv6:
    range_start: ""
    lease_duration: 86400
    ra_slaac_only: false
    ra_allow_slaac: false
filtering:
  blocking_ipv4: ""
  blocking_ipv6: ""
  blocked_services:
    schedule:
      time_zone: UTC
    ids: []
  protection_disabled_until: null
  safe_search:
    enabled: false
    bing: true
    duckduckgo: true
    google: true
    pixabay: true
    yandex: true
    youtube: true
  blocking_mode: default
  parental_block_host: family-block.dns.adguard.com
  safebrowsing_block_host: standard-block.dns.adguard.com
  rewrites: []
  safebrowsing_cache_size: 1048576
  safesearch_cache_size: 1048576
  parental_cache_size: 1048576
  cache_time: 30
  filters_update_interval: 24
  blocked_response_ttl: 10
  filtering_enabled: true
  parental_enabled: false
  safebrowsing_enabled: false
  protection_enabled: true
clients:
  runtime_sources:
    whois: true
    arp: true
    rdns: true
    dhcp: true
    hosts: true
  persistent:
    - safe_search:
        enabled: false
        bing: true
        duckduckgo: true
        google: true
        pixabay: true
        yandex: true
        youtube: true
      blocked_services:
log:
  file: ""
  max_backups: 0
  max_size: 100
  max_age: 3
  compress: false
  local_time: false
  verbose: false
os:
  group: ""
  user: ""
  rlimit_nofile: 0
schema_version: 27
597

If you want router to resolve all your DNS queries then let openwrt to have default DNS server port i.e., 53 and DNS forwarding to 192.168.1.1#54
Where 54 DNS port is for your adguard. But from my experience you just let adguatd has DNS port 53.

This is my yaml file:

http:
  address: 192.168.1.1:8080
  session_ttl: 720h
users:
  - name:
    password: 
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
language: ""
theme: auto
debug_pprof: false
dns:
  bind_hosts:
    - 192.168.1.1
    - 127.0.0.1
  port: 53
  anonymize_client_ip: false
  protection_enabled: true
  blocking_mode: default
  blocking_ipv4: ""
  blocking_ipv6: ""
  blocked_response_ttl: 10
  protection_disabled_until: null
  parental_block_host: family-block.dns.adguard.com
  safebrowsing_block_host: standard-block.dns.adguard.com
  ratelimit: 20
  ratelimit_whitelist: []
  refuse_any: true
  upstream_dns:
    - '[/lan/]127.0.0.1:54'
    - '[//]127.0.0.1:54'
    - '[/pool.ntp.org/]1.1.1.1'
    - '[/pool.ntp.org/]1.0.0.1'
    - '[/pool.ntp.org/]8.8.8.8'
    - '[/pool.ntp.org/]8.8.4.4'
    - https://dns.cloudflare.com/dns-query
    - https://dns.google/dns-query
  upstream_dns_file: ""
  bootstrap_dns:
    - 1.1.1.1
    - 1.0.0.1
    - 8.8.8.8
    - 8.8.4.4
  all_servers: true
  fastest_addr: false
  fastest_timeout: 1s
  allowed_clients: []
  disallowed_clients: []
  blocked_hosts:
    - version.bind
    - id.server
    - hostname.bind
  trusted_proxies:
    - 127.0.0.0/8
    - ::1/128
  cache_size: 4194304
  cache_ttl_min: 3600
  cache_ttl_max: 86400
  cache_optimistic: true
  bogus_nxdomain: []
  aaaa_disabled: false
  enable_dnssec: true
  edns_client_subnet:
    custom_ip: ""
    enabled: true
    use_custom: false
  max_goroutines: 300
  handle_ddr: true
  ipset: []
  ipset_file: ""
  bootstrap_prefer_ipv6: false
  filtering_enabled: true
  filters_update_interval: 24
  parental_enabled: false
  safebrowsing_enabled: false
  safebrowsing_cache_size: 1048576
  safesearch_cache_size: 1048576
  parental_cache_size: 1048576
  cache_time: 30
  safe_search:
    enabled: false
    bing: true
    duckduckgo: true
    google: true
    pixabay: true
    yandex: true
    youtube: true
  rewrites: []
  blocked_services:
    schedule:
      time_zone: UTC
    ids: []
  upstream_timeout: 10s
  private_networks: []
  use_private_ptr_resolvers: true
  local_ptr_upstreams:
    - 192.168.1.1:54
  use_dns64: false
  dns64_prefixes: []
  serve_http3: false
  use_http3_upstreams: false
tls:
  enabled: false
  server_name: ""
  force_https: false
  port_https: 443
  port_dns_over_tls: 853
  port_dns_over_quic: 853
  port_dnscrypt: 0
  dnscrypt_config_file: ""
  allow_unencrypted_doh: false
  certificate_chain: ""
  private_key: ""
  certificate_path: ""
  private_key_path: ""
  strict_sni_check: false
querylog:
  ignored: []
  interval: 2160h
  size_memory: 1000
  enabled: true
  file_enabled: true
statistics:
  ignored: []
  interval: 24h
  enabled: true
filters:
  - enabled: true
    url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
    name: AdGuard DNS filter
    id: 1
  - enabled: true
    url: https://adaway.org/hosts.txt
    name: AdAway Default Blocklist
    id: 2
  - enabled: true
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_27.txt
    name: OISD Blocklist Full
    id: 1678555417
  - enabled: false
    url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_5.txt
    name: OISD Blocklist Basic
    id: 1678555418
  - enabled: true
    url: https://easylist.to/easylist/easylist.txt
    name: EasyList
    id: 1681390426
  - enabled: true
    url: https://easylist.to/easylist/easyprivacy.txt
    name: EasyPrivacy
    id: 1681390427
  - enabled: true
    url: https://secure.fanboy.co.nz/fanboy-annoyance.txt
    name: Fanboy's Annoyance List
    id: 1681390428
whitelist_filters: []
user_rules: []
dhcp:
  enabled: false
  interface_name: ""
  local_domain_name: lan
  dhcpv4:
    gateway_ip: ""
    subnet_mask: ""
    range_start: ""
    range_end: ""
    lease_duration: 86400
    icmp_timeout_msec: 1000
    options: []
  dhcpv6:
    range_start: ""
    lease_duration: 86400
    ra_slaac_only: false
    ra_allow_slaac: false
clients:
  runtime_sources:
    whois: true
    arp: true
    rdns: true
    dhcp: true
    hosts: true
  persistent: []
log:
  file: ""
  max_backups: 0
  max_size: 100
  max_age: 3
  compress: false
  local_time: false
  verbose: false
os:
  group: ""
  user: ""
  rlimit_nofile: 0
schema_version: 24

DHCP:


config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '0'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'
	option port '54'
	option sequential_ip '1'
	option noresolv '0'
	list server '192.168.1.1'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	option ra_slaac '1'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	list dhcp_option '6,192.168.1.1'
	list dhcp_option '3,192.168.1.1'
	list dns 'fd33:fbba:198c::1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '3'

In firewall file don't forget to add:

config redirect
	option dest 'lan'
	option target 'DNAT'
	option src 'lan'
	option src_dport '53'
	option name 'AdGuardHome DNS Interception'
	option src_ip '!192.168.1.1'
	option dest_ip '192.168.1.1'
	option dest_port '53'

config nat
	option name 'Prevent hardcoded DNS'
	list proto 'tcp'
	list proto 'udp'
	option src 'lan'
	option dest_ip '192.168.1.1'
	option dest_port '53'
	option target 'MASQUERADE'

As per guide.

600

they are two separate commands, the 2nd starting with ip

601

Same issue for me resulting in random failures to start on [re]boot for AdGuard Home (opkg verson). Quite annoying since there is no DNS failover when AGH is not up and running.

My workaround was to add service adguardhome restart line to the Local Startup, forcing AGH to restart at the end of the boot process. Tweaking Start and Stop values in /etc/init.d/adguardhome is a possibility, too, but the forced restart seems more bulletproof to me.

Seems to be working so far. Hope this helps if anyone faces the same issue.

602

As I added some complexity to the network (more interfaces with VLANs), restarting AGH from rc.local was no longer bulletproof. AGH failed again with logs showing yet another error:

couldn't start forwarding DNS server: starting listeners: listening on udp addr 127.0.0.1:53: listening to udp socket: listen udp 127.0.0.1:53: bind: cannot assign requested address

Adding sleep xx might have been another workaround.

But ultimately, I added

procd_set_param respawn ${respawn_threshold:-3600} ${respawn_timeout:-5} ${respawn_retry:-5}

to the original /etc/init.d/adguardhome file , as described in procd init scripts guide.

The default value of 5 retries allows AdGuardHome to fail 5 times and be restarted automatically after waiting for 5 seconds. No need to set delays, or change priority of the original init file. Hopefully, will be more bulletproof this time :slight_smile:

1 Like
603

Thank you for this information, I appreciate it. I will give this a try as well. It seems like a much smarter method.

1 Like
604

Hi all,

I would like to upgrade from 22.03 to 23.05. How can I make sure, that AdguardHome is running after the upgrade? It's my only DNS resolver in the network.

Is it better to use the AdguardHome pkg from the repo or the binary from Github? The Github releases are far more up to date.

605

Thanks for the great guide!

As after the last OpenWRT update I was missing AGH and my GL-B1300 has only 32Mb flash, so I had to add a USB stick as extroot.

A few things I'd like to suggest:

  1. In the case AGH service goes down (I had to restore from backup and I didn't save its huge binary into a backup, only yaml config, see below) your opkg won't work as it uses dnsmasq and you won't be able to reinstall all the packages as they are not saved either, so important things to start this manual with, as well as a rerun/terdown of this guide to restore DNS (simple change of nameserver to 1.1.1.1 in /etc/resolv.conf will not help opkg, it needs SSL):
  2. [How-To-Updated 2021] Installing AdGuardHome on OpenWrt [Manual and opkg method] - #597 by AlanDias17 used 'AdGuardHome DNS Interception' and 'Prevent hardcoded DNS' firewall configs (thanks @AlanDias17 )
  3. Installing edge and beta (didn't try stable) had my router oom'ing every 15 minutes, so first I preserved opkg lists and added a swap file, I had to edit /etc/init.d/AdGuardHome
    start_service() {
...
  procd_set_param env GOMEMLIMIT=100MiB GOGC=40
  procd_set_param command /opt/AdGuardHome/AdGuardHome -c /opt/AdGuardHome/AdGuardHome.yaml
...
}
    as described in https://github.com/AdguardTeam/AdGuardHome/issues/5606
  4. It makes sense to have these hard-earned non-default configs backed up, so at the end of the guide I'd add: "For extroot setups your AGH configs will not be backed up automatically, so go to https://192.168.1.1/cgi-bin/luci/admin/system/flash -> Configuration and add
    /opt/AdGuardHome/AdGuardHome.yaml
/etc/init.d/AdGuardHome
    then download the backup."
1 Like
606

I recently upgraded to 23.05 and installed AGH pkg from repo (due to space considerations mostly). But then overwrote the /usr/bin/AdGuardHome with the newer version from Github. No side effects for now :slight_smile:

I did not use the option to preserve settings when upgrading, but had all my configs saved as uci scripts, so had to re-run them after upgrading. For AGH though I kept the yaml file. Just my approach... Probably, not the fastest one.

607

Do you have a good approach on how to this after a clean install? How did you obtain all the required UCI commands to perform after a clean install.

608

I took most of the UCI commands from LuCI :slight_smile: You make a change through LuCI interface, and get those unsaved commands, which can be saved and re-used in the future.

I found UCI system guide to be very useful for the general understanding of the uci configs, e.g. how to index sections, how to name sections (replacing those LuCI generated autogenerated IDS, like cfg073777).