Setup WinSCP like this and it should login to your router and browse it like an explorer window.
The AdGuard yaml file is here /opt/AdGuardHome
The router config files are in /etc/config
Setup WinSCP like this and it should login to your router and browse it like an explorer window.
The AdGuard yaml file is here /opt/AdGuardHome
The router config files are in /etc/config
Can I just save the files back, or do I need to reboot the router after that?
Save any edits back then you will need to restart the services
eg:
/etc/init.d/AdGuardHome restart
or
/etc/init.d/dnsmasq restart
You will only need to restart the services you edit. A full router restart is abit overkill but is another way to do it.
Adding the VLAN IPs to the bind_hosts did not work. Will check the dhcp settings later.
Do I need to copy the dhcp settigns from lan to the VLANs also?
in theory you just need to have AdGuard listen on the vlan interface.
you should get output like this in your system log
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.193966 [info] Starting the DNS proxy server
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.195685 [info] Ratelimit is enabled and set to 20 rps
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.198177 [info] The server is configured to refuse ANY requests
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.203706 [info] DNS cache is enabled
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.205092 [info] MaxGoroutines is set to 300
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.208523 [info] Creating the UDP server socket
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.220304 [info] Listening to udp://127.0.0.1:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.220552 [info] Creating the UDP server socket
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.221518 [info] Listening to udp://192.168.1.1:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.221773 [info] Creating the UDP server socket
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.223923 [info] Listening to udp://[::1]:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.225279 [info] Creating a TCP server socket
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.225959 [info] Listening to tcp://127.0.0.1:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.226202 [info] Creating a TCP server socket
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.226809 [info] Listening to tcp://192.168.1.1:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.227024 [info] Creating a TCP server socket
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.228025 [info] Listening to tcp://[::1]:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.236456 [info] Entering the UDP listener loop on 127.0.0.1:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.242263 [info] Entering the tcp listener loop on 127.0.0.1:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.244311 [info] Entering the tcp listener loop on 192.168.1.1:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.244804 [info] Entering the tcp listener loop on [::1]:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.244384 [info] Entering the UDP listener loop on 192.168.1.1:53
Sun Sep 5 17:43:28 2021 daemon.err AdGuardHome[3229]: 2021/09/05 16:43:28.248713 [info] Entering the UDP listener loop on [::1]:53
This is listening on the local loopback (127), Local Lan (192) and IPv6 (::1) addresses.
one thing you need to be VERY careful editing the yaml file. it is syntax dependant. Even an extra space will screw things up.
It seems like AdGuard has picked up the IPs in the yaml file:
Sun Sep 5 17:48:43 2021 daemon.err AdGuardHome[16214]: 2021/09/05 21:48:42.999918 [info] Entering the UDP listener loop on 192.168.5.1:53
Sun Sep 5 17:48:43 2021 daemon.err AdGuardHome[16214]: 2021/09/05 21:48:43.000283 [info] Entering the UDP listener loop on 192.168.10.1:53
Sun Sep 5 17:48:43 2021 daemon.err AdGuardHome[16214]: 2021/09/05 21:48:43.000664 [info] Entering the UDP listener loop on 192.168.15.1:53
Sun Sep 5 17:48:43 2021 daemon.err AdGuardHome[16214]: 2021/09/05 21:48:43.001033 [info] Entering the UDP listener loop on 192.168.20.1:53
Sun Sep 5 17:48:43 2021 daemon.err AdGuardHome[16214]: 2021/09/05 21:48:43.001391 [info] Entering the tcp listener loop on 192.168.15.1:53
Sun Sep 5 17:48:43 2021 daemon.err AdGuardHome[16214]: 2021/09/05 21:48:43.001491 [info] Entering the tcp listener loop on 127.0.0.1:53
Sun Sep 5 17:48:43 2021 daemon.err AdGuardHome[16214]: 2021/09/05 21:48:43.001578 [info] Entering the tcp listener loop on 192.168.1.1:53
Sun Sep 5 17:48:43 2021 daemon.err AdGuardHome[16214]: 2021/09/05 21:48:43.003016 [info] Entering the tcp listener loop on 192.168.3.1:53
Sun Sep 5 17:48:43 2021 daemon.err AdGuardHome[16214]: 2021/09/05 21:48:43.003122 [info] Entering the tcp listener loop on 192.168.5.1:53
Here is the only difference in the dhcp config:
config dnsmasq
option ednspacket_max '1232'
Rest is identical.
Your lan looks quite a bit different than mine:
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option dhcpv6 'server'
option ra 'server'
option leasetime '24h'
list dhcp_option '6,192.168.1.1'
list dhcp_option '3,192.168.1.1'
list dhcp_option '6,192.168.1.1'
list dhcp_option '3,192.168.1.1'
list dhcp_option '6,192.168.1.1'
list dhcp_option '3,192.168.1.1'
I will align it with yours next. edit: no change
Also copying the additional lines from lan to one of the vlans in the dhcp config did not work
So far there is still an issue with DNS resolution. If I connect via Wifi and set the DNS manually, it works fine, but the automatic way does not work.
It works for the "lan" but not for any of the VLANs
I ran out of ideas, maybe one of you has one or two left
you only need 2 of them. take the first pair and delete the rest.
You arent actually serving DHCP to your VLANS btw. Thats proberbly your issue. They are simple static assignments.
goto your interface page and look at the DHCP page for it. Then check out your VLANs.
Assign the same dhcp options but for that VLAN subnet and enable dhcp. save it and then when you look in the dhcp file you will see it has filled in settings similar to your LAN settings. Thats the missing bit you require.
I could have thought of that one myself β¦
This worked, thanks so much! Next stop: restricting access between VLANs and restricting internet access from one VLAN
I have another question. AdGuard is running really well on my laptop, and also with different VLANs etc, the requests are in the AdGuard log. My iPad is connected to the same VLAN and Wi-Fi, but none of the connections are in AdGuard. Is there something specific I need to do?
check that it is correctly using the right ip settings. check its using the adguard DNS and not using its own.
IOS likes to do its own thing at times. See iOS 13.3 using DoH (DNS over HTTPS) to bypass Pi-Hole : pihole (reddit.com)
If you want to lock things down? [OpenWrt Wiki] DNS hijacking
Firewall rules to enforce your Adguard DNS to be the only DNS and to block other outgoing attempts.
Just make sure you have an exclusion for your router and Adguard or you will find yourself DNSless.
How do I do that? As it is part of a vlan it shows the vlan dns/gateway
Check your settings for the ipad. ( Apparently Settings > General > Device Management May have settings that might override DNS resolution) I dont use apple so have no clue on management of them.
Cloudflare ESNI Checker | Cloudflare UK
Check what DNS its using. (edit) Don't forget to reboot it so the DNS cache is purged)
hi everyone,
I tried to install wire guard and had to reboot my router. It seems like this crashed the AdGuard Home setup. I did not change anything on the DNS side yet. I cannot open the AdGuard config URL anymore, which means to me it did not get started properly. I already deleted the wire guard interface and firewall zone for now, but internet does not work anymore, as I assume DNS is not working.
How can I get the AdGuard back up? I tried
/etc/init.d/AdGuardHome restart
And
/etc/init.d/dnsmasq restart
It seemed like the page was loading and then stopped working
Thanks for a quick solution
It worked for a minute or so and then we are back to broken
Of course I also forgot my credentials - how can I get to those?
And how can I get around AdGuard Home in case it continues to act up?
SSH in and check the syslog or use luci and look at the syslog there.
OpenWrt - System Log - LuCI
logread is the command you need from the SSH prompt.
Cheat. Edit your adguard yaml file to the following
users:
- name: admin
password: $2a$10$Jh8aYu1S9.SayAY5emmiEeYpAYmoFOPYhdwogc6lXZTNyytsGVQAa
auth_attempts: 5
That changes the name and password to admin and admin.
OK, back online - thanks!
Two more questions:
Is there a way to change the password? Do I need to find the md5 value of my password and put it into the file?
AdGuard offer to upgrade to a new version: " AdGuard Home v0.107.0-a.161+fac574d3 is now available! Click here for more info". Is that recommended and can I just click on the link or do I need to jump through more hoops?
Thanks again!
* `users` β Web users info
* `name` β User name
* `password` β BCrypt-encrypted password