[HowTo] Running Adguard Home on OpenWrt

Pros and cons of running AGH on OpenWrt vs a separate RPi (or similar)? Seems the RPi route would be better given the limited resources most OpenWrt routers have, but I see you guys doing it successfully, so that leaves me wondering.

no problems from daily using on months now, on espressobin board...

1 Like

Hi I am using Adblock for last one month in my Raspberry PI 4. The main issue I am facing is, I cannot configure a specific internal IP address, not to use safe search or not to filter a category. So I am thinking to install, Adguard Home also and then use openwrt firewall rules to redirect traffic from my specific IP address to redirect traffic to Adguard home. So please advice whether it will work these

  1. install Adguard Home along with Adblock. Will this work
  2. If so I should use the install package from the default software list in Luci or manually download and install
  3. What firewall rules, I should be using

Please help

1 Like

Can someone please help me on this.. posted 3 days ago..


I just discoverd to day on this OpenWRT wiki > Documentation, at the very bottom it mentions to disable rebind protection if you are using adguard home.

This is what I get when I tried that command:
root@OpenWrt:/opt# opkg install adguardhome

Unknown package 'adguardhome'.

Collected errors:

  • opkg_install_cmd: Cannot install package adguardhome
    Any further help, please.

What version do you have of OpenWrt? The package is on master and 21.02.

I think it is very, very important you note in your guide that the link you provided may not work for others. There are several different packages, based on different hardware, for adguardhome. I just spent 4 hours before I found the problem.

So this was a bit messy, but I managed to get it working hopefully, I get double queries in query log though, used method presented by gnashk for the most part, I have a WRT1900ACS, using the link that's for armv7 devices. Not sure what is up with those double queries, I set it up before and didn't get them, but had issues on reboot so tried stuff presented here. Also disabled rebind protection as per docs.

OpenWrt 19.07.7. That's the issue, I suppose.
Do you know if the issue on DNS and dnsmasq is resolved in the package in 21.02?
There's a lot of confusion on how to set up dnsmasq between OpenWrt and AdGuard Home. Perhaps the need to make changes in OpenWrt and AGH are resolved so it's automated, and not need to change ports, for example.
Thanks a lot.

Great find, too bad it does not say how to go about doing this, as stated on that link:
Adguard DNS and dnsmasq issues
If you use Adguard DNS as forwarder (to have a cheap and efficient network adblocker), you need to disable Rebind protection, to avoid lag or site unreachable due to Rebin protection.
If not, you can see lot of this log in system.log, and have lag or host unreachable issue.
daemon.warn dnsmasq[xxx]: possible DNS-rebind attack detected: any.adserver.dns

Until now, none of the HowTo's I've read on AGH mention this. I really hope that the package in 21.02 OpenWrt resolve all these issues. And it will be nice to know.

1 Like

I don't know if it is just me, but I thought it was easy.

The specific documentation is talking about dnsmasq service in general.

The rebind protection can be easily turned off by the following two ways.

In the luci interface > Network > DHCP and DNS > General settings > Rebind protection


When setting up aduardhome, where you change the default list server, rebind protection is also found there, which you can disable by changing it to 0

Thanks for this, that was easy enough. Since I have your attention, can you please tell me what settings concerning dnsmasq to be made on Openwrt and adguardhome, please?
Thanks a lot.

Did you try the instructions that appear in the first commit of this package? And as I already said. To install as another OpenWrt package, you should use snapshots from Master or 21.02.

So in the same section as the rebind protection, you need to make sure that DNS forwarding is set to the same IP that is displayed in Adguardhome > setup guide. Except removing ":" between the up and port number and use # instead.

Theoretically, that is all you need to do, although you may incur DNS leaks. If you do you have to go to the luci interface > Network > Interfaces > Lan > edit > DHCP server > advance settings > DHCP options you want to add 6, followed by the up. This will enforce those who connect via LAN and WIFI to use Adguardhome as the DNS. So for example, if your DNS IP is then you would enter 6, in the DHCP options.

You may find that the clients do not get listed on the home page of aguardhome, if so you need to ever the custom firewall rules under network > firewall > custom firewall rules with the details linked in the OP where it mentions firewall.

It's too bad Luci can't give you some guidance after installing a new package. Could just be a readme with link to the settings.

This is a community project, therefore it depends on the effort of each person to provide the necessary help.

Dumb question; doesn't adblock do the same as adguard?

Not dumb, yes, it does. However, adguard has some pretty cool features.

Yes, per Adguard it is much more complete and beautiful.