[HowTo] Running Adguard Home on OpenWrt

Community Builds, Projects & Packages
123

I just added firewall rules to intercept the DNS queries of devices I would like to use adguard on. Port 65353 is the DNS port on which AdGuardHome is listening.
Plain and simple. No need to tinker with any other settings.

config redirect
    option name 'Intercept-DNS_SAMSUNG-TV'
    option target 'DNAT'
    list proto 'tcp'
    list proto 'udp'
    option src 'lan'
    option src_ip '192.168.73.60'
    option src_dport '53'
    option dest 'lan'
    option dest_ip '192.168.73.1'
    option dest_port '65353'
3 Likes
124

opkg doesnt see this package for me
im sure its because i use the @davidc502 builds
Is there an address i can put in
/etc/opkg/customfeeds.conf
or
/etc/opkg/distfeeds.conf
to get this package listed?

125

Try downloading directly from the OpenWrt download site depending on your device architecture. I think ca-bundle is also needed.

1 Like
126

no i like the davidc builds (imo they are the best for linksys wrt series), i dont want to reflash my device
but i should be able to just add the repository, i just dont know what the address is

127

Directly download the compiled package here. Not the firmware for your device.

2 Likes
128

How should I setup Encryption settings?

image
image1266×1013 72.6 KB

Target to setup DNS-over-HTTPS.

129

Certificate? Why do I have to put a certificate?

130

If you want an admin interface on https instead of http. Also if you want to be a DNS overs HTTPs provider.

131

Hi,

AdGuard is just awesome. But how to have client informations (running on port 53 ?) and allow .local domain ?

132

I'm asking why I have to enter a certificate to use DoH or DoT.

133

It's not to use DoH, but to expose a DoH service.

1 Like
134

But if you don't provide DoH port, you can use certificate to have an admin interface in HTTPS.

135

Somebody have experience about 128 MB device ?

136

Can anyone elaborate how to setup these steps mentioned by @erdoukki ?
I couldn't figure out the following instructions:

  1. DNS/MASQ
    Use another port for DNS/MASQ (9153)
    Remove all upstreams DNS from DNS/MASQ
  2. Configure AdGuard Home to replace DNS/MASQ (use port 53)
    Add your local domain to DNS at port 9153
    Add upstreams DNS servers v4 and v6 to DNS config
  3. LAN
    DHCP v4 and v6 force LAN DNS
    Optionnaly add firewall rules to Hijack DNS on your LAN

I am very grateful to everyone in this post for giving solutions to different problems. Thank you @brokenpipe for writing a detailed guide for beginners like me.

137

From this post (thx @luochongjun), there are a list of GL-Inet router compatibles with AGH:

  • AR750S: DDRII 128MB
  • AR300M : DDR2 128MB / FLASH 16MB
  • E750: DDR2 128MB / FLASH 16MB + 128MB
  • MV1000: DDR4 1GB / FLASH 16MB + EMMC 8GB
  • B1300: DDR3L 256MB / FLASH 32MB

With optimization, it seem possible to execute AGH from a 128Mb router...

138

Друзья, подскажите. У меня Redmi AC2100 , 128 Мб. Установлена версия 104.3 В фильтрах подключены черные списки adguard и adway, свободно 13-20Мб.

1
11117×757 80.1 KB
. Это к тому, как работает на устройстве с 128 Мб ОЗУ.
Но у меня следующая проблема, не блокирует порно сайты при использовании семейных днс адгуард(94.140.14.15, tls://dns-family.adguard.com) . Если набрать в поисковике "порно", то почти каждую вторую ссылку пропускает adguard home, даже если при этом включена опция "Родительский контроль". Зато блокирует комментарии в Ютуб. Вот для чего включать безопасный режим в Ютуб? Для чего вы это делаете, порно не блокируете, а комментарии в ютуб блокируете.
Вот семейные днс от яндекс очень хорошо блокируют порно. Подскажите кто знает, как настроить так, чтобы и порно не пропускал, и рекламу блокировал, и комментарии в ютуб оставались, и днс запросы были зашифрованы. А то сейчас мне приходится идти на компромиссы, и в качестве ДНС указывать семейные днс от яндекс, рекламу блокируют фильтры, но не могу использовать DNS-over-TLS , т.е. зашифровать свои запросы. Только функцию блокировки рекламы выполняет у меня AdguardHome. Ни DNS-over-TLS, ни блокировку взрослого контента не получается настроить, чтодбы все работало одновременно.

139

@vgaetera Помогите!

140

Sorry, I don't use AdGuard and I have no idea how to perform conjunctive logical operations to DNS replies from multiple upstream resolvers. :sweat:

1 Like
141

How can I use my VPN provider DNS (bypassing the AGH DNS) when OpenVPN is running?
When I perform a DNS Leak Test I notice that AGH is resolving the DNS queries which implies DNS Leak from the VPN provider standpoint.

142

Can anyone check if I am doing these steps by @erdoukki correctly?

  1. Disabling DNS part of dnsmasq(Source)

Edit the DHCP to disable port 53 for DNS:
Network>DHCP and DNS>DNS Server Port and change it from 53 to 0
Then go to AdguardHome Setup(Example: http://127.0.0.1:3000) and it won't ask you to change the DNS port.

Remove all upstreams DNS from DNS/MASQ

SSH into the router. Then open the dhcp config file by running

nano /etc/config/dhcp

Then under config dnsmasq add noresolv like this(Source):
option noresolv '0'

  1. Configure AdGuard Home to replace DNS/MASQ (use port 53)

Just run the first Setup((Example: http://127.0.0.1:3000))

Add your local domain to DNS at port 9153

Why and how?

Add upstreams DNS servers v4 and v6 to DNS config

How to do this?
Not sure how to do this yet. Can anyone explain this?

  1. LAN
    DHCP v4 and v6 force LAN DNS
    Optionnaly add firewall rules to Hijack DNS on your LAN

Is it talking about this?

I am going to use AdguardHome as my DHCP and it is installed in my main router.

2 Likes