I won the fight yesterday in this thread to connect a VLAN to the internet. Today that internet access is not working anymore and also the additional VLANs I created do not get connected to the internet. I compared the settings (on switch and router) or the ones I created yesterday and today and cannot find any differences. They get the same IP range no matter whether I connect via cable to router or switch or via wifi to the respective VLAN. I added all VLANs to the "lan" firewall zone within OpenWRT. I can also ping 1.1.1.1 or 8.8.8.8 when connected to those VLANs, so my assumption is that AdGuard home needs to be set up to also resolve DNS for VLANs.
Could that assumption be correct and if yes, how do I do that? Or is there an on/off switch for AdGuard, so that I can test it without AdGuard?
if you have migrated from your OpenWRT dns to AdGuard DNS (and its listening properly) then it should just be transparent. It maybe it is not listening on the correct interface however.
A simple way to test would be to stop Adguard and switch OpenWRT DNS back to port 53. Then flip back when you have finished testing.
/etc/init.d/AdGuardHome stop
uci set dhcp.@dnsmasq[0].server='1.1.1.1'
uci set dhcp.@dnsmasq[0].port='53'
uci delete dhcp.lan.dhcp_option
uci commit dhcp
/etc/init.d/dnsmasq restart
That will stop adguard. Reset your OpenWRT to use 1.1.1.1 Cloudflare DNS. Change the DNS port back to 53. Delete the dhcp option address that was pushed out and restart Dnsmasq.
Just checked the config. There is a difference between lan, the VLAN I created yesterday (vlan 3) and the one I created today (vlan_home). I also upgraded toe OpenWRT 21 today, maybe that is where the ra_flags line comes from?
:edit:
Currently the only way to modify the interface is via the yaml file and then to restart Adguard. It is something they are aware off and it is hopefully going to be part of the 108 release.
To be safe? stop adguard. edit the file then start adguard and it should take the new interface and start listening.
Now go check your Adguard yaml file for its dns section. As i posted above i think you just need to add in your Vlan interface for it to listen to your vlans.
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.193966 [info] Starting the DNS proxy server
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.195685 [info] Ratelimit is enabled and set to 20 rps
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.198177 [info] The server is configured to refuse ANY requests
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.203706 [info] DNS cache is enabled
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.205092 [info] MaxGoroutines is set to 300
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.208523 [info] Creating the UDP server socket
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.220304 [info] Listening to udp://127.0.0.1:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.220552 [info] Creating the UDP server socket
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.221518 [info] Listening to udp://192.168.1.1:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.221773 [info] Creating the UDP server socket
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.223923 [info] Listening to udp://[::1]:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.225279 [info] Creating a TCP server socket
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.225959 [info] Listening to tcp://127.0.0.1:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.226202 [info] Creating a TCP server socket
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.226809 [info] Listening to tcp://192.168.1.1:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.227024 [info] Creating a TCP server socket
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.228025 [info] Listening to tcp://[::1]:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.236456 [info] Entering the UDP listener loop on 127.0.0.1:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.242263 [info] Entering the tcp listener loop on 127.0.0.1:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.244311 [info] Entering the tcp listener loop on 192.168.1.1:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.244804 [info] Entering the tcp listener loop on [::1]:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.244384 [info] Entering the UDP listener loop on 192.168.1.1:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.248713 [info] Entering the UDP listener loop on [::1]:53
This is listening on the local loopback (127), Local Lan (192) and IPv6 (::1) addresses.
It seems like AdGuard has picked up the IPs in the yaml file:
Sun Sep 5 17:48:43 2021 daemon.err AdGuardHome[16214]: 2021/09/05 21:48:42.999918 [info] Entering the UDP listener loop on 192.168.5.1:53
Sun Sep 5 17:48:43 2021 daemon.err AdGuardHome[16214]: 2021/09/05 21:48:43.000283 [info] Entering the UDP listener loop on 192.168.10.1:53
Sun Sep 5 17:48:43 2021 daemon.err AdGuardHome[16214]: 2021/09/05 21:48:43.000664 [info] Entering the UDP listener loop on 192.168.15.1:53
Sun Sep 5 17:48:43 2021 daemon.err AdGuardHome[16214]: 2021/09/05 21:48:43.001033 [info] Entering the UDP listener loop on 192.168.20.1:53
Sun Sep 5 17:48:43 2021 daemon.err AdGuardHome[16214]: 2021/09/05 21:48:43.001391 [info] Entering the tcp listener loop on 192.168.15.1:53
Sun Sep 5 17:48:43 2021 daemon.err AdGuardHome[16214]: 2021/09/05 21:48:43.001491 [info] Entering the tcp listener loop on 127.0.0.1:53
Sun Sep 5 17:48:43 2021 daemon.err AdGuardHome[16214]: 2021/09/05 21:48:43.001578 [info] Entering the tcp listener loop on 192.168.1.1:53
Sun Sep 5 17:48:43 2021 daemon.err AdGuardHome[16214]: 2021/09/05 21:48:43.003016 [info] Entering the tcp listener loop on 192.168.3.1:53
Sun Sep 5 17:48:43 2021 daemon.err AdGuardHome[16214]: 2021/09/05 21:48:43.003122 [info] Entering the tcp listener loop on 192.168.5.1:53
Here is the only difference in the dhcp config:
config dnsmasq
option ednspacket_max '1232'
Rest is identical.
Your lan looks quite a bit different than mine:
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option dhcpv6 'server'
option ra 'server'
option leasetime '24h'
list dhcp_option '6,192.168.1.1'
list dhcp_option '3,192.168.1.1'
list dhcp_option '6,192.168.1.1'
list dhcp_option '3,192.168.1.1'
list dhcp_option '6,192.168.1.1'
list dhcp_option '3,192.168.1.1'
I will align it with yours next. edit: no change
Also copying the additional lines from lan to one of the vlans in the dhcp config did not work
So far there is still an issue with DNS resolution. If I connect via Wifi and set the DNS manually, it works fine, but the automatic way does not work.
It works for the "lan" but not for any of the VLANs
I ran out of ideas, maybe one of you has one or two left
Assign the same dhcp options but for that VLAN subnet and enable dhcp. save it and then when you look in the dhcp file you will see it has filled in settings similar to your LAN settings. Thats the missing bit you require.