[How-To-Updated 2021] Installing AdGuardHome on OpenWrt [Manual and opkg method]

i set the router WAN to cloudflare so it avoids my ISP DNS. It also does dns in the clear (no encryption) to avoid security issue. specifically that the time on router from reboot is wrong. so you need an ntp call to update it and set it before SSL will work correctly (as it requires date and time to be correct).

You can set AGH to avoid using SSL for ntp requests and that is on the wiki and in AGH instructions. However router dns is up before AGH is (as its loaded later) Thus i just made it simple to avoid issues.

However there is nothing stopping you adding multiple DNS into AGH and using them round robin fashion. I just prefer one provider and leave it like that.

Hey! Great topic!
Everything is working fine here. Desktop and smartphones but not in my pocofone. Ip on auto or dhcp (all pointing to dns server), everything going through. Any tips?

Thank you!

its probably using a hardcoded DNS. redirect it via firewall rules so it MUST go throu your AGH.

Thank you! All requests from my phone r going to google. On desktop, cloudflare.

Anyone who uses ipset functionality may come across issues with AdGuard Home starting automatically on boot. I happen to have discovered this myself, as I use it.

The issue is ipset chains not existing before AdGuard Home starts. I was initialising them in /etc/rc.local however this seems to run quite late in the boot process and AdGuard Home is trying to start earlier than this.

If you use the manual install method, the init.d script provided by the AdGuard Home developers uses S99, which is very close to the end of booting and possibly avoids it, if you use the opkg package, it uses a much earlier start value which can in some cases be too early.

You can manually change the START value in the init.d script, but this will be erased on sysupgrade.

More information: https://github.com/openwrt/packages/pull/17790#issuecomment-1046041714

The potential workaround is initialising ipset chains in another init script which starts before AdGuard Home.

How can I fix it ?
OpenWrt 21.02.2

The avahi-daemon uses udp 5353, so AdGuard Home should use another port Although ideally, you should have AdGuard Home as the primary DNS resolver on UDP 53, rather than using it as a upstream due to DNS performance with resolvers like dnsmasq forking each DNS request.

Hi! How can I confirm that AGH is running as my primary DNS resolver (on UDP 53), and that I'm not using dnsmasq? Seems to work fine, but good to verify..

if you are using different providers then its easy. But even if you aren't its easy too.

Use dnsleaktest to check who your dns is with.
Change your upstream provider with AGH.

Check your dnsleaktest again see if its changed.

Finally change it back to your original provider.

Thanks, then it works correctly! Had an issue where new connections didn't get DNS properly assigned at first, so needed to reconfigure dhcp/dnsmaq. Clients are showing rDNS as source now (not /etc/hosts). That's how it should be as well?

Really impressed with AGH overall. Effective, easy to manage both server and clients, and good visibility of what's happening.

Hi.

I have multiple OpenWrt devices in network (router and managed switches). Should I put AdGuardHome on router or on one of the managed switches (performance wise and resource wise)?

router. I'm not even sure you could run it on a switch.

34 posts were split to a new topic: Slow page loading with AdGuardHome

AGH installing is too complicating for me. I am now having a working Adblocking Setup with Banip+Adblock+DNScrypt-Proxy2. I should see if this Setup works properly or should i find an alternative.

Hey!

Do I need to add custom firewall rules for devices with hardcoded DNS servers while using this set up?

Thanks.

that depends if you want them filtered or not. forcing all dns throu your AGH would at least let you see what / who they are talking to and decide what you want to do with them. Might be rather enlightening as to what they are doing.

(edit) if you look at my first post there is a section about DNS hijacking and a link to the wiki about it.

If you are using a router running OpenWRT as a managed switch you should be able to install it on there, a normal managed switch, not so much.

Aaron Z

̶H̶i̶,̶ ̶i̶v̶e̶ ̶u̶s̶e̶d̶ ̶u̶r̶ ̶g̶u̶i̶d̶e̶ ̶a̶n̶d̶ ̶a̶l̶m̶o̶s̶t̶ ̶e̶v̶e̶r̶y̶t̶h̶i̶n̶g̶ ̶i̶s̶ ̶g̶o̶o̶d̶,̶ ̶t̶h̶e̶ ̶o̶n̶l̶y̶ ̶p̶r̶o̶b̶l̶e̶m̶ ̶i̶s̶,̶ ̶i̶f̶ ̶i̶ ̶r̶e̶s̶t̶a̶r̶t̶ ̶m̶y̶ ̶r̶o̶u̶t̶e̶r̶,̶ ̶ ̶i̶ ̶h̶a̶v̶e̶ ̶t̶o̶ ̶m̶a̶n̶u̶a̶l̶l̶y̶ ̶r̶e̶s̶t̶a̶r̶t̶ ̶A̶G̶H̶,̶ ̶o̶r̶ ̶i̶t̶ ̶w̶o̶n̶t̶ ̶w̶o̶r̶k̶.̶.̶.̶
̶D̶o̶n̶t̶ ̶r̶l̶y̶ ̶k̶n̶o̶w̶ ̶h̶o̶w̶ ̶c̶a̶n̶ ̶i̶ ̶f̶i̶x̶ ̶t̶h̶i̶s̶,̶ ̶i̶t̶ ̶s̶e̶e̶m̶s̶ ̶l̶i̶k̶e̶ ̶i̶t̶s̶ ̶s̶t̶a̶r̶t̶i̶n̶g̶ ̶a̶f̶t̶e̶r̶ ̶r̶e̶b̶o̶o̶t̶,̶ ̶b̶u̶t̶ ̶h̶a̶n̶g̶s̶ ̶i̶n̶ ̶t̶h̶e̶ ̶m̶i̶d̶d̶l̶e̶ ̶s̶o̶ ̶t̶h̶e̶ ̶w̶e̶b̶g̶u̶i̶ ̶p̶a̶g̶e̶ ̶l̶o̶a̶d̶s̶ ̶o̶n̶l̶y̶ ̶w̶h̶i̶t̶e̶ ̶s̶c̶r̶e̶e̶n̶,̶ ̶a̶n̶d̶ ̶i̶t̶ ̶m̶a̶k̶e̶s̶ ̶t̶h̶e̶ ̶l̶u̶c̶i̶ ̶l̶o̶a̶d̶ ̶v̶e̶r̶y̶ ̶s̶l̶o̶w̶l̶y̶,̶ ̶a̶n̶d̶ ̶a̶f̶t̶e̶r̶ ̶i̶ ̶r̶e̶s̶t̶a̶r̶t̶ ̶A̶G̶H̶ ̶e̶v̶e̶r̶y̶t̶h̶i̶n̶g̶ ̶i̶s̶ ̶b̶a̶c̶k̶ ̶t̶o̶ ̶n̶o̶r̶m̶a̶l̶

NVM, i just did this

and it doesnt hang anymore

It is likely a race condition during startup as you've found. NTP is problematic with DNS encryption, so the workaround in the documentation is the simplest way to fix the issue.

His router should use isp's dns or upstream dns he set rather than going through AGH. Unless he did something different from my instructions. Its only the clients that should get AGH filtering.