Wireguard+adblock-fast on openwrt router

I have a router with openwrt which I uses as a wireguard server, So all of traffic going through wireguard. Now I want to use adblock-fast service on my router to block ads. But, I see that it's not blocking any ads. I think that's because of my wireguard. Since, I'm very new to openwrt I don't have any idea to make it work. Can you guys help me to make it work?

Can you login to your router via SSH and post the content of your /etc/config/dhcp file?


config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'
        option serversfile '/var/run/adblock-fast/dnsmasq.servers'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

Is there anything to change in the config?

Sorry, should have asked earlier, what's the content of /etc/config/adblock-fast ?

ahh, it's okay
here it is

config adblock-fast 'config'
        option enabled '0'
        list allowed_domain 'cdn.jsdelivr.net'
        option allow_non_ascii '0'
        option canary_domains_icloud '0'
        option canary_domains_mozilla '0'
        option compressed_cache '0'
        option compressed_cache_dir '/etc'
        option config_update_enabled '0'
        option config_update_url 'https://cdn.jsdelivr.net/gh/openwrt/packages/net/adblock-fast/files/adblock-fast.config.update'        
        option curl_max_file_size '30000000'
        option curl_retry '3'
        option debug '0'
        option dns 'dnsmasq.servers'
        list dnsmasq_instance '*'
        option download_timeout '10'
        option force_dns '1'
        list force_dns_port '53'
        list force_dns_port '853'
        option parallel_downloads '1'
        option pause_timeout '20'
        option procd_trigger_wan6 '0'
        option procd_boot_delay '0'
        option procd_boot_wan_timeout '60'
        option verbosity '2'

config file_url
        option url 'https://cdn.jsdelivr.net/gh/StevenBlack/hosts/hosts'
        option size '6770929'
        option action 'block'
config file_url
        option url 'https://big.oisd.nl/'
        option size '6163363'
        option action 'block'
        option enabled '0'

config file_url
        option url 'https://cdn.jsdelivr.net/gh/bongochong/CombinedPrivacyBlockLists/NoFormatting/cpbl-ctld.txt'
        option size '2608152'
        option action 'block'
        option enabled '0'

config file_url
        option url 'http://sysctl.org/cameleon/hosts'
        option size '638545'
        option action 'block'
        option enabled '0'

config file_url
        option url 'https://cdn.jsdelivr.net/gh/kboghdady/youTube_ads_4_pi-hole/black.list'
        option size '553006'
        option action 'block'

config file_url
        option url 'https://raw.githubusercontent.com/AdguardTeam/cname-trackers/master/data/combined_disguised_clickthr
        option size '362170'
        option action 'block' 
config file_url
        option url 'https://someonewhocares.org/hosts/hosts'
        option size '347410'
        option action 'block'

config file_url
        option url 'https://winhelp2002.mvps.org/hosts.txt'
        option size '334861'
        option action 'block'

config file_url
        option url 'https://adaway.org/hosts.txt'
        option size '243454'
        option action 'block'

According to the file you posted, the adblock-fast is disabled.

Yeah, since it was not working I disabled it for now,
Is there anything to do with wireguard?

Is your problem that the adblock does not work for the WG clients or does adblock does not work at all so also not for your regular LAN clients?

1 Like

Since all the traffic is going through the WG tunnel in my router, all the clients are WG clients. So the adblock is not working for any client. And additionally I'm using WG DNS in the wan interface to prevent DNS leaks as well.

You mention you use WireGuard as a WG server.
What you describe is a WG client setup?

Please connect to your OpenWRT device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact keys, passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall
ip route show
wg show

If you disable WireGuard is adblock working then?

Please reboot first with WireGuard enabled.

If Adblock does not work please just restart adblock and see if that helps.

If that does not help add to the firewall for testing:

config forwarding
        option src 'lan'
        option dest 'wan'

You do have a WG client setup and not a server and it looks fine :+1:

Thank you for your support!
I tried all those things but still it didn't work.
Can this be due to the fact that I'm using WG DNS instead of local DNS?

What do you mean you are using local DNS?

As far as I can tell you let DNSMasq use these DNS servers

BTW it is redundant to specify these DNS servers on the WG interface as those are already set on WAN and WAN6 interface.
DNS servers added to the interfaces are all treated the same and just added to
'/tmp/resolv.conf.d/resolv.conf.auto' and used as upstream resolvers for DNSMasq

As far as I can tell your local LAN clients are using the router as DNS servers (

I do not use Adblock fast so cannot help you with the specific settings, it looks like it has forced DNS redirection settings not sure what those do but in general it will make sure all local LAN clients are indeed using as DNS server.

Ahh then it must be something else not an DNS issue. I'll try look into other matters which effects the adblock-fast.
By the way, Thank you for your support and the knowledge.

1 Like

Hey, Do you have any suggestion to make this work?

Yes, I would enable adblock-fast and from CLI try:

service adblock-fast start
service adblock-fast dl

And post the output.

This output is inconsistent with the dns option shown in an earlier config file.

Either way it seems to be working just fine, what seems to be the problem?

Ahh, yes, sorry for that, I tried to change the dns option to whether that helps.
But, still it's not working. I tried to check the ad blocking using https://d3ward.github.io/toolz/adblock. but only got 5%.

Do I need to change any settings in WG, to make adblock work?

First two tests fail because that type of blocking cannot be accomplished reasonably well at the router level, you need a browser extension for that.


  1. Use more lists from the default config or add your own lists
  2. Whatever domains are displayed in red -- add them to blocked domains, either one by one or by creating a list of them

PS. You could easily get 90-ish% reported blocked on that page, your online experience may suffer tho.