I've got the Addguard plugin, which was working fine until I set up CARP.
I have to set the DNS on windows to the actual IP of the LAN interface. I can't use CARP VIP to resolve hostnames for some reason.
Any ideas what could be the issue?
Yep, thats a known bug in adguard
https://github.com/AdguardTeam/AdGuardHome/issues/3015
Bind AGH to 127.0.0.1 and use NAT port forwarding to make it reachable at the CARP address. That should do it.
Quote from: mimugmail on May 09, 2024, 06:28:38 AM
Yep, thats a known bug in adguard
https://github.com/AdguardTeam/AdGuardHome/issues/3015
Seems that this is the case, yes.
Quote from: Patrick M. Hausen on May 09, 2024, 10:30:39 AM
Bind AGH to 127.0.0.1 and use NAT port forwarding to make it reachable at the CARP address. That should do it.
Actually tried that yesterday. Didn't work unless there's something I'm missing.
VIP 192.168.0.1
(https://i.imgur.com/jZqVRF0.png)
SS from Adguard
(https://i.imgur.com/E1ItNK8.png)
You need TCP/UDP. Did you configure the "Firewall rule association" as "Pass"?
Yeah I have it setup to automatically add the rules.
Changed it to tcp/udp, still didn't work.
But when I forward it to the actual IP of the current master it works
(https://i.imgur.com/OcyOZOX.png)
Also I have to add that my testing is very unscientific, just "ipconfig /flushdns" and try pinging, visiting the website and checking query logs from Adguard
Is AGH listening on port 53?
This is my rule - see screenshot - and it works flawlessly. The port definition is 53530 because I have Unbound running on 53. Also did you configure an upstream server in AGH? AGH cannot do recursive lookups on its own. Here AGH forwards to Unbound.
At first I would try directly on OPNsense:
dig google.com @127.0.0.1
If that works it's the port forwarding rule or similar. If it gives you a SRVFAIL, then AGH is not configured correctly.
Thing is, I just started playing around with HA and CARP. It worked before, no issues, even for WireGuard clients which was a completely different IP range. I just cloned the virtual machines for CARP testing, fixed any duplicate entries and everything worked flawlessly, apart from AGH.
I've now just created an alias for the IPs of the two instances of Opnsense as target. This seems to work, although it takes the first query a bit long, then it's normal and fast.
Will still investigate this further. The issue I'm also facing now is SR-IOV not playing nice with CARP. >:(
EDIT: Using Alias was not a good idea. While windows kinda figures out what to do, every other client on the network is really slow to resolve. I've now for the time being disabled NAT syncing between the two instances and set each to forward to their own network IP.
I think I've got it.
ADH config had bind_hosts set to 0.0.0.0 I guess it didn't like that. I now manually set all the IPs including 127.0.0.1 and I was able to NAT it.
Thx for the feedback:)