[How-To-Updated 2021] Installing AdGuardHome on OpenWrt [Manual and opkg method]

i set up my wan dns to 127.0.0.1 and i got this rule in firewall so it forces all devices to use the dns from AGH, at least thats what i gather from the wiki page:

config redirect 'adguardhome_dns_53'
	option src 'lan'
	option proto 'tcp udp'
	option src_dport '53'
	option target 'DNAT'
	option name 'Adguard Home'
	option dest 'lan'
	option dest_port '53'

Also i got one more question about query logs, when my computer queries ipv4 dns, it shows the ip and name of my pc, but when it queries ipv6, it shows ipv6 address that i cant see anywhere in the router, and it doesnt show the name of the device, is there a way to change it?

With setting your router DNS to AGH you've forced a loop. Your router should use its ISP dns or a set dns you want. I specifically point this out with my manual thread as it will cause DNS issues.

AGH with the client dns option set will ensure reasonable clients will use the nominated AGH dns. Your dns hijack rule will enforce for hardcoded dns requests. You do not need to set your router dns to talk to AGH. That will avoid the NTP issues (because you need NTP to get correct time and without correct time you cannot do https or encrypted dns as the time will be wrong)

Use the following script to set your router DNS to cloudflare (or change to which ever DNS provider you want and that will stop your loop issues)

routerDNS.sh

#!/bin/sh
# Reconfigure router DNS provider to cloudflare upstream

# Disable peer ISP DNS
uci set network.wan.peerdns="0"
uci set network.wan6.peerdns="0"

# Reconfigure router IPv4 DNS provider to cloudflare upstream
uci -q delete network.wan.dns
uci add_list network.wan.dns="1.1.1.1"
uci add_list network.wan.dns="1.0.0.1"
 
# Reconfigure router IPv6 DNS provider to cloudflare upstream
uci -q delete network.wan6.dns
uci add_list network.wan6.dns="2606:4700:4700::1111"
uci add_list network.wan6.dns="2606:4700:4700::1001"
 
# Save changes
uci commit network

# Restart network service to reflect changes
/etc/init.d/network restart

If you are doing dhcpv6 reservations with OpenWrt then AGH should pick them up from OpenWrt as long as you have set the reverse PTR as detailed in the thread. If not then you will have to put them in manually as clients for AGH. (also be aware that google phones/devices will NOT use dhcpv6 and use SLAAC addresses and you will have to keep an eye on them)

1 Like
# DHCP option 6: which DNS (Domain Name Server) to include in the IP configuration for name resolution
uci add_list dhcp.lan.dhcp_option='6,'"${NET_ADDR}"

How to set DNS for client to have 2 DNS? I use kind of proxy and Adguardhome at same time with mobile network as WAN, for some reason the client with only 1 DNS had DNS leak. Test setup 2 DNS manually on client devices fix the problem.

Add the same DNS twice. or edit in luci

uci -q delete dhcp.lan.dhcp_option
uci add_list dhcp.lan.dhcp_option='6,192.168.1.1,192.168.1.1'
uci commit dhcp
/etc/init.d/dnsmasq restart

See here : https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#client_classifying_and_individual_options

Also options explained here https://openwrt.org/docs/guide-user/base-system/dhcp#dhcp_pools

1 Like

Thanks you

I am trying to execute the .sh scripts, but i am getting:

you made the script executable?

chmod +x routerDNS.sh then run it with ./routerDNS.sh

Tried it as well:

curious. what build of OpenWrt you using?

you can manually enter the commands but its wierd that a basic shell script isnt working.

root@OpenWrt:~# sh

BusyBox v1.33.2 (2022-02-12 23:23:30 UTC) built-in shell (ash)

the very top line of your script is this? #!/bin/sh

And yes, on both files the first line is #!/bin/sh

I am using = https://github.com/anaelorlinski/OpenWrt-NanoPi-R2S-R4S-Builds

OpenWrt 21.02-SNAPSHOT, r16497-d1c15c41d9

is version i'm using of his snapshot but it should work fine. how are you copying the script over?

I use WinSCP to edit files to avoid issues with windows > unix translations. I suspect this is the problem.

(windows uses CR/LF at end of lines. unix just uses LF) (Carriage Return/Line Feed)

1 Like

Yes, i am using winscp to transfer the files but i was creating the files using notepad++ on windows, saving them and then using winscp to transfer.

Now i tried to created the files using winscp and save them using winscp editor and it worked!

Thank you!

1 Like

I use Notepad++ for all my text editing.
Just click Edit, then EOL Conversion, then Unix.

So, I had been running the opkg package version successfully.
Until I did an Attended Sysupgrade. The adguardhome package was not available, so cause attended sysupgrade to fail. Image builder also failed to create an image if I included adguardhome . So, I looked at the list of available packages, not there either.
I removed adguardhome from the list of packages for attended sysupgrade and it built and installed perfectly.
Then, I noticed no device was resolving. The sysupgrade took adguardhome off the system.
As it was not available in opkg, I used the direct method of installing from github. All installed fine.
I made certain my yaml was in the same place as always, made sure the adguardhome config file was in place.
Start, stop, even rebooted the router. Try :8080 to get to AGH admin page, got no answer, tried :3000 and sure enough, there was the first run page. When I clicked next though, just got a blank page.
So, since there was a yaml in place but I was getting the first run page, a little bell went off in my head.

I took the yaml and put it in /opt/AdGuardHome restarted the service, and presto, all is well.

Should I have known to do this? Maybe. Point being that if you have run the opkg version and are forced to run the github version, be aware that your yaml needs to be in a different place now.

I actually like this better as in /opt all will survive a reboot.

I'm puzzled as to where the opkg is though.

yeah. opkg and manual versions are different. There's a few reasons why. But i highly suggest you double check your config to make sure its properly working. (just a sanity check? you did do a opkg update first right? after a reboot/restart opkg needs to repull its feed list as it lives in /tmp and is lost)

My manual version does the minimal needed to then use the AGH dev script to manually install AGH. This means your AGH lives in /opt/AdGuardHome. The opkg version makes edits and i believe its /etc/adguardhome for its configs and the logs and filters live in /tmp. This of course means when you reboot that you loose those. However the reason for this is that it makes a smaller footprint and thus can install on smaller routers.

@jamesmacwhite would be able to detail more on this. I believe its down to how packages are detailed for opkg. There are certain conventions and rules for a package to be accepted.

You're not the only one to report that AGH is missing from packages lately. I just helped someone else with that problem. I wonder if the packagebuilder has barfed up and not built it.

Manual installs are working fine.

Quick question, need to know the specific release branch and router targets people are using if the builds are failing on certain router architectures. I've poked james about it and if we can get more info we can do some investigations.

It does appear the adguardhome opkg package is failing on master/snapshot since Go was updated to 1.18, so that is why it's missing and not available in imagebuilder, because the package itself has failed to build. Fail logs are present for the package now.

This I believe is the reason why it's failing: https://github.com/openwrt/packages/pull/18147. AdGuardHome does not like being built with different Go versions. Right now 0.107 stable is built with 1.17 and now that Go 1.18 is used in OpenWrt buildroot in master this is likely failing.

This will be an issue for master/snapshot and the unreleased 22.03 branch, 21.02 should be OK, providing the Go version commit hasn't been backported.

2 Likes

I can see if the beta 0.108 release will build on Go 1.18, while not ideal, it's better than a completely broken package. If it can build then maybe we could get it updated in 22.03 and master, until AdGuardHome move to the next stable.

2 Likes

I understand the differences between the two. I was posting so someone who has lost the opkg version because of an update would know to move the yaml to the proper location if they do a manual install.

I didn't use a script, just untar the github version, move it to the right directory, adjust permissions, install.

An opkg update wouldn't make a difference in this case as the package simply doesn't exist. I looked at the package listings online, tried online building tools, all failed.

Since I'm running on a NanoPi R4S with a 32 Gb SD card, I'm not overly worried about space as those on an AIO would be.

1 Like

hah. so am i :slight_smile:

1 Like