I use WinSCP to edit files on my router.
Luci will run on 443 or in your case your qnap. I dont bother using AdGuards HTTPS.
You can set different clients to use different filters for AdGuard I believe. its on their wiki.
Clients · AdguardTeam/AdGuardHome Wiki (github.com)
I won the fight yesterday in this thread to connect a VLAN to the internet. Today that internet access is not working anymore and also the additional VLANs I created do not get connected to the internet. I compared the settings (on switch and router) or the ones I created yesterday and today and cannot find any differences. They get the same IP range no matter whether I connect via cable to router or switch or via wifi to the respective VLAN. I added all VLANs to the "lan" firewall zone within OpenWRT. I can also ping 1.1.1.1 or 8.8.8.8 when connected to those VLANs, so my assumption is that AdGuard home needs to be set up to also resolve DNS for VLANs.
Could that assumption be correct and if yes, how do I do that? Or is there an on/off switch for AdGuard, so that I can test it without AdGuard?
Thanks a lot again
if you have migrated from your OpenWRT dns to AdGuard DNS (and its listening properly) then it should just be transparent. It maybe it is not listening on the correct interface however.
A simple way to test would be to stop Adguard and switch OpenWRT DNS back to port 53. Then flip back when you have finished testing.
/etc/init.d/AdGuardHome stop
uci set dhcp.@dnsmasq[0].server='1.1.1.1'
uci set dhcp.@dnsmasq[0].port='53'
uci delete dhcp.lan.dhcp_option
uci commit dhcp
/etc/init.d/dnsmasq restart
That will stop adguard. Reset your OpenWRT to use 1.1.1.1 Cloudflare DNS. Change the DNS port back to 53. Delete the dhcp option address that was pushed out and restart Dnsmasq.
Just checked the config. There is a difference between lan, the VLAN I created yesterday (vlan 3) and the one I created today (vlan_home). I also upgraded toe OpenWRT 21 today, maybe that is where the ra_flags line comes from?
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option dhcpv6 'server'
option ra 'server'
list dhcp_option '6,192.168.1.1'
list dhcp_option '3,192.168.1.1'
option leasetime '24h'
config dhcp 'VLAN3'
option start '100'
option leasetime '12h'
option limit '150'
option interface 'VLAN3'
config dhcp 'VLAN_Home'
option interface 'VLAN_Home'
option start '100'
option limit '150'
option leasetime '12h'
list ra_flags 'none'
However i suspect you just need to add in the vlan interfaces to your adguard yaml file.
AdGuardHome.yaml
dns:
bind_hosts:
- 127.0.0.1
- 192.168.1.1
- ::1
In theory if it has the loopback address it should do DNS lookups but you may have to explicitly add in your VLANS
eg
dns:
bind_hosts:
- 127.0.0.1
- 192.168.1.1
- 192.168.3.1
- ::1
:edit:
Currently the only way to modify the interface is via the yaml file and then to restart Adguard. It is something they are aware off and it is hopefully going to be part of the 108 release.
To be safe? stop adguard. edit the file then start adguard and it should take the new interface and start listening.
These are DHCPv6 options for dealing with IPv6 addresses. see Configuring IPv6 and DHCPv6 - Installing and Using OpenWrt / Network and Wireless Configuration - OpenWrt Forum for more details.
So after the changes you proposed, the internet connection stopped working entirely. I tried to revert te changes, but no luck.
Anyone idea how to get the connection back without a complete Openwrt reset?
When I do the dnsmasq restart, it only says: sending discover, no lease failing, started v1.33.1 in a loop a few times
At least I was correct that AdGuard was in the mix 
redo that and restart AdGuard back up
/etc/init.d/AdGuardHome restart
Now go check your Adguard yaml file for its dns section. As i posted above i think you just need to add in your Vlan interface for it to listen to your vlans.
Thats all dnsmasq will say 
the top portion of your /etc/config/dhcp file should look like this.
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option cachesize '1000'
option noresolv '1'
option server '192.168.1.1'
option port '5353'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
list dhcp_option '6,192.168.1.1'
list dhcp_option '3,192.168.1.1'
option leasetime '24h'
double check carefully as you may have to redo it with the reversions you made.
So the internet is back 
- thanks!
I will check the dhcp portion.
I got WinSCP working and am looking for the yaml files
Setup WinSCP like this and it should login to your router and browse it like an explorer window.
The AdGuard yaml file is here /opt/AdGuardHome
The router config files are in /etc/config
Can I just save the files back, or do I need to reboot the router after that?
Save any edits back then you will need to restart the services
eg:
/etc/init.d/AdGuardHome restart
or
/etc/init.d/dnsmasq restart
You will only need to restart the services you edit. A full router restart is abit overkill but is another way to do it.
Adding the VLAN IPs to the bind_hosts did not work. Will check the dhcp settings later.
Do I need to copy the dhcp settigns from lan to the VLANs also?
in theory you just need to have AdGuard listen on the vlan interface.
you should get output like this in your system log
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.193966 [info] Starting the DNS proxy server
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.195685 [info] Ratelimit is enabled and set to 20 rps
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.198177 [info] The server is configured to refuse ANY requests
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.203706 [info] DNS cache is enabled
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.205092 [info] MaxGoroutines is set to 300
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.208523 [info] Creating the UDP server socket
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.220304 [info] Listening to udp://127.0.0.1:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.220552 [info] Creating the UDP server socket
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.221518 [info] Listening to udp://192.168.1.1:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.221773 [info] Creating the UDP server socket
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.223923 [info] Listening to udp://[::1]:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.225279 [info] Creating a TCP server socket
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.225959 [info] Listening to tcp://127.0.0.1:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.226202 [info] Creating a TCP server socket
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.226809 [info] Listening to tcp://192.168.1.1:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.227024 [info] Creating a TCP server socket
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.228025 [info] Listening to tcp://[::1]:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.236456 [info] Entering the UDP listener loop on 127.0.0.1:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.242263 [info] Entering the tcp listener loop on 127.0.0.1:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.244311 [info] Entering the tcp listener loop on 192.168.1.1:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.244804 [info] Entering the tcp listener loop on [::1]:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.244384 [info] Entering the UDP listener loop on 192.168.1.1:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.248713 [info] Entering the UDP listener loop on [::1]:53
This is listening on the local loopback (127), Local Lan (192) and IPv6 (::1) addresses.
one thing you need to be VERY careful editing the yaml file. it is syntax dependant. Even an extra space will screw things up.
It seems like AdGuard has picked up the IPs in the yaml file:
Sun Sep 5 17:48:43 2021 daemon.err AdGuardHome[16214]: 2021/09/05 21:48:42.999918 [info] Entering the UDP listener loop on 192.168.5.1:53
Sun Sep 5 17:48:43 2021 daemon.err AdGuardHome[16214]: 2021/09/05 21:48:43.000283 [info] Entering the UDP listener loop on 192.168.10.1:53
Sun Sep 5 17:48:43 2021 daemon.err AdGuardHome[16214]: 2021/09/05 21:48:43.000664 [info] Entering the UDP listener loop on 192.168.15.1:53
Sun Sep 5 17:48:43 2021 daemon.err AdGuardHome[16214]: 2021/09/05 21:48:43.001033 [info] Entering the UDP listener loop on 192.168.20.1:53
Sun Sep 5 17:48:43 2021 daemon.err AdGuardHome[16214]: 2021/09/05 21:48:43.001391 [info] Entering the tcp listener loop on 192.168.15.1:53
Sun Sep 5 17:48:43 2021 daemon.err AdGuardHome[16214]: 2021/09/05 21:48:43.001491 [info] Entering the tcp listener loop on 127.0.0.1:53
Sun Sep 5 17:48:43 2021 daemon.err AdGuardHome[16214]: 2021/09/05 21:48:43.001578 [info] Entering the tcp listener loop on 192.168.1.1:53
Sun Sep 5 17:48:43 2021 daemon.err AdGuardHome[16214]: 2021/09/05 21:48:43.003016 [info] Entering the tcp listener loop on 192.168.3.1:53
Sun Sep 5 17:48:43 2021 daemon.err AdGuardHome[16214]: 2021/09/05 21:48:43.003122 [info] Entering the tcp listener loop on 192.168.5.1:53
Here is the only difference in the dhcp config:
config dnsmasq
option ednspacket_max '1232'
Rest is identical.
Your lan looks quite a bit different than mine:
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option dhcpv6 'server'
option ra 'server'
option leasetime '24h'
list dhcp_option '6,192.168.1.1'
list dhcp_option '3,192.168.1.1'
list dhcp_option '6,192.168.1.1'
list dhcp_option '3,192.168.1.1'
list dhcp_option '6,192.168.1.1'
list dhcp_option '3,192.168.1.1'
I will align it with yours next. edit: no change
Also copying the additional lines from lan to one of the vlans in the dhcp config did not work
So far there is still an issue with DNS resolution. If I connect via Wifi and set the DNS manually, it works fine, but the automatic way does not work.
It works for the "lan" but not for any of the VLANs
I ran out of ideas, maybe one of you has one or two left
you only need 2 of them. take the first pair and delete the rest.
You arent actually serving DHCP to your VLANS btw. Thats proberbly your issue. They are simple static assignments.
goto your interface page and look at the DHCP page for it. Then check out your VLANs.
Assign the same dhcp options but for that VLAN subnet and enable dhcp. save it and then when you look in the dhcp file you will see it has filled in settings similar to your LAN settings. Thats the missing bit you require.
I could have thought of that one myself …
This worked, thanks so much! Next stop: restricting access between VLANs and restricting internet access from one VLAN
