Messages

congratulations on building your next time sink :)
For configuration - the site documentation https://github.com/AdguardTeam/AdguardHome/wiki/Getting-Started
For which blocklists to use - there are many. I suggest to start with the Steven Black list https://github.com/StevenBlack/hosts
Be ready to start allow-listing to fine tune to your requirements.

ja - - - time sink - - - first it was information then it was puters then its all the facets inside of that - - - - where will it end?
(likely won't - - - lol)

OK - - am trying to learn - - - that last sentence  "Be ready to start allow-listing to fine tune to your requirements." - - - what does that mean?

TIA

Well - - - I gambled on understanding what you meant in your last sentence.

So I uninstalled adguardhome then re-installed it and was successful in connecting to the ports suggested
that is ip:3000 to access and ip:53 for DNS server listening.

Thank you very much for your assistance!!!!!!!!!!!!!!!!!

Now - - - how do I find a good configuration/setup chart for adguardhome?

Please?

TIA

p.s from your screenshot (re-added here for reference), the interface is called vtnet1. Is this a virtualised setup? If so, can you please provide the complete setup with all interfaces, assignments, etc. all is relevant.

What was added for reference was actually taken from the document that I was using for setup and configuration.

This was NOT from my machine - - - I am not using any kind of virtualised setup.
(Was cured of that idea a few years ago investigating LXD, on snapd - - - don't need that kind of mess again!)

Sorry for the not accurate info - - - the machine that I'm doing this on is a mini-pc and I'm using a laptop for its control and modification. This all is on a separate network with its own ip address so getting a screenshot - - - dunno how I'd even do it as the laptop does not connect with the other network.

Thanking you for your consideration and assistance!

So now OPN GUI is listening on port 82 and AdGH on 80 it seems.

"Still cannot load into either of 192.168.1.1:80 or 192.168.1.1:3000  for AdGuardHome setup."

What happens? Whether you can not reach it or you can but errors, different solutions.
The AdGH config can be modified manually but it is no good if you can't reach it.
Please tell where you are trying to reach it from, the same network, or a different one?
I can't assume because of your previous setup with machines on different ports on the firewall.

I am using the browser to reach http://192.168.1.1:80 or :3000 - - - the browser just sends a timed out message.
This is from a machine with the address 192.168.1.100 (so I think that's the same network - - yes?)

Sorry - - - at this point I am totally lost so I get to wait until you offer some kind of solution to try.

TIA

System > Settings > Administration.
The UI has the ability to change the port the GUI is listening on. Many of us change it from the default for a variety of reasons. No need to worry about changing it here, is not a hack, and it survives updates and upgrades.
That said, in general, the advice is sound.

(Greatly appreciating the patience of those assisting!!)

OK - - - now - - sockstat -4l says
root      AdGuardHom  22252  13  tcp4   192.168.1.1:80         *:*
and
root      ligthtpd            44161  7    tcp4   *:82                           *:*

( had set the web gui protocol to https (following HomeNetworkGuy so re-set to http with a restart)

Firefox was barfing at using http so changed the setting for network security to false

Still cannot load into either of 192.168.1.1:80 or 192.168.1.1:3000  for AdGuardHome setup.

Suggestions - - - please?

TIA

Unbound is my current DNS server
snip
Please check what processes have listeners open, like this:

Code Select Expand

$ sudo sockstat -4l
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS     
unbound  unbound    58332 5  udp4   *:5353                *:*
snip
root     AdGuardHom 348   115 udp46 *:53                  *:*
root     AdGuardHom 348   116 tcp4  192.168.5.1:8080      *:*
root     AdGuardHom 348   117 tcp46 *:53                  *:*
root     crowdsec   96744 18 tcp4   192.168.5.1:8081      *:*
root     crowdsec   96744 190 tcp4  127.0.0.1:6060        *:*
root     openvpn    84396 8  udp4   92.28.XXX.163:1193    *:*
root     sshd       70841 4  tcp4   *:22                  *:*
?        ?          ?     ?  udp4   *:51820               *:*
I've masked a part of my WAN ip but you can see I have AdG listening on port 53 and Unbound on 5353 so they don't clash. AdG ui on 8080. Unbound on all interfaces.

AdG settings:
- DHCP service is disabled. I don't want AdG to provide dhcp. OPN is doing that.
- Upstream DNS servers: 192.168.5.1:5353 - I am telling AdG to use Unbound as its upstream DNS server.
- Bootstrap DNS servers: 192.168.5.1:5353 - I am telling AdG to use Unbound as its upstream DNS server.
- Private reverse DNS servers: 192.168.5.1:5353 - I am telling AdG to use Unbound as its reverse DNS server.
- Encryption settings: Only plain DNS is enabled. If you want to change this, I suggest to do it later, once the basic is working. For me there is no need. The encryption is done by from Unbound out.
snip
Please check against this and we'll take it from there.
You did have an unorthodox setup before, with a pc you only switched on from time to time and plugged directly in a port of the firewall, that triggered a reconfiguration of interfaces and services every time. Even if that's changed, it would be good to tell us what the setup is, they might give clues. For now let's just see it as a service that you want to setup for the first time

Very interesting - -
you have quite a few more lines in the output of sockstat than I have (grin)  - - - lines that include AdGuardHome look like this:

root    AdGuardHom 90822 13 tcp4    192.168.1.1:80           *:*
root    AdGuardHom 90822 15 udp4   127.0.0.1:53               *:*
root    AdGuardHom 90822 22 tcp4    127.0.0.1:53               *:*

Cannot do any AdG settings - - - cannot log into that 192.168.1.1:3000 address to set up my instance.

Suggestions on how I might be able to change the configuration file for AdG ?

TIA

You can post the LAN rules here in a screenshot - assuming that is where you'd be connecting from to the FW for AGH management.

In the creation of a rule you can specify either a source IP such as 192.168.2.34/32 which effectively gives access to that machine to whatever you specify as IPdestination/port, or you can go broader wherever appropiate and say LAN NET as source which effectively allows all the machines in that (v)lan to access the resource.

For example, if your LAN is 192.168.1.0/24 (or subnet mask 255.255.255.0) then the machines in the 1920168.1.2-254 range would be allowed to connect to the destination.

In OPNsense you'll find these networks (wherever there are more vlans) in the rule drop down menu as <vlan_name net>

@cookiemonster suggested that if I made unBound able to listen on all ports that I may be able to not need to use firewall rules.
Did that change - - - - still not successful.

Now quite lost!

Thanks for your assistance.

Don't get too concerned with having the latest version of AdGH. It doesn't need to be on latest to work.
Just post your setup and where it is failing and we'll try to figure out what is the problem.

screen 2/5 (when one logs into 192.168.x.x:3000) needs 2 ports set.

I cannot set either of them.

TIA

Sorry don't remember what that screen asks for, can you post a screenshot or describe what it says?
AdG needs to know what DNS servers to use upstream, it might be related to that but want to be sure.
Also, please add your complete setup of what is your current DNS servers for the network. Is it Unbound and what port is Unbound using. Also confirm Unbound is set to listen on all interfaces (recommended).
Firewall rules are not normally needed when using defaults. That is because the allow all default rule will permit the LAN clients to reach the firewall on any port.
For other interfaces and networks in the firewall, yes, rules are needed.

(tried to attach a .png file - - - (using copy and paste - - unsuccessful instead used attach (was unseccessful as image was some 450k so cropped the image as much as possible - - - hope it works for you! )
Did not see all of the third part (static ip address).
Unbound is my current DNS server and port 5353 is the listed port. I had Unbound listening only to LAN but changed that to all (recommended). (I would prefer that my DNS server not really listen to outside stuff but if that's what is required I will acquiesce.)

Was unable to test the AdGuardHome setup as I seem to no longer get to it.

Previously I was able to unselect the service, reboot the machine. then re-select the service, again reboot the machine and at that point I was able to try the 192.168.x.x:3000 successfully - - - but not today.

Dunno - - - I'm wondering if the whole setup has become less responsive - - - becoming quite unsure of what to do going forward - - - starting to think that this is another instance of 'it works for someone else but NOT here' - - - I hope not!

Appreciate your continuing assistance - - really don't want to have to run another mini-pc that would make another point of failure - - - imo - - - I think I have too many already!
Regards

AGH can be upgraded once you're past the initial setup.



In more restrictive setups you'll need two FW rules as follows:

1) Allow TCP -- source (v)lan net or IP -- destination <FW IP interface> destination port 3000   ### This is only used for the initial setup

2) Allow TCP -- source (v)lan net or IP -- destination <FW IP interface> destination port <port number you chose during the initial setup>

Apologies (but I'm a firewall 'me don't understand') all I've ever used was ufw.
You're suggesting that I write firewall rules like you have suggested - - yes?

(understand that 'IP interface' would be replaced with my system url, is there any similar in the 'source lan net or IP' ?)

TIA

Don't get too concerned with having the latest version of AdGH. It doesn't need to be on latest to work.
Just post your setup and where it is failing and we'll try to figure out what is the problem.

That's the issue in a nutshell - - - I can't do the initial setup.

screen 2/5 (when one logs into 192.168.x.x:3000) needs 2 ports set.

I cannot set either of them.
Read some chatter that it might be related to not using static urls but that's not the case (ASAIK at least).
Or it might be related to the release notes for 0.107.50.

I dunno and have no real way of figuring out what the issue is.

Any ideas - - - - I'm a listening!!!

TIA

Did a lot of looking.

paging  @mimugmail

Greetings

I am having sever problems (unable to complete) initial setup for AdGuardHome.
Your repository has version 1.12 as being AdGuardHome 0.107.45 .

AdGuardHome version update 0.107.50 seems to be related to my difficulties.

Would you be able to update the repository - - - perhaps to 0.107.52?

(I have no clue of what I'm doing (can you tell) or I'd offer to help out with this!)

TIA

Greetings

Have had a bunch of interesting learning experiences getting OPNsense up =- - - but it is.

Now trying to configure it =- - - wow!

Stumbling right now on AdGuard - - - specifically at the point of initial setup.

Is this the right place to ask questions - - - it is a community plugin and not official so me not knowing am asking.

Where might I get assistance?

TIA

You can pick the mirror and perform the update right in the UI. System > Firmware > Settings.

So using the gui I went to system: firmware and chase as mirror :ServerBase AG, type: community, subscription: blank

ask for a system update

"Fetching changelog information, please wait . . . fetch" https://pkg.opnsense.org/FreeBSD:13:amd64/23.7/sets/changelog.txz:
Authentication error   
lots more info including the line:
pkg: Repository OPNsense cannot be opened. 'pkg update' required


so changing the mirror from 'default' to a specific mirror really didn't achieve anything.
(Changed mirror, saved, rebooted and then reconnected as for process)

Whyy aren't you using one of the mirrors that host the firmwares, and without a proxy in between (if any)? They have the correct certificates to allow the TLS session to be established. That is the reason it is failing as was explained earlier.
By the way, the messages on screen (a console) also get written to file. But why would you use a screen+keyboard to a console to the system, when you can reach it by ssh and by a UI ?
Back to it though. Are you able to connect via the UI and select a mirror?

In Debian I can edit /etc/usr/sources.list and then I can specify a mirror if I so desire.
Absolutely CANNOT find a way to do that here on opensense.
Why would I use a console - - - I'm comfortable using a non-gui updating system - - - definitely no expert but can work my way through most what I need to do and I can most often find some recipe to get to what/where I want.
Tried using # ssh root@192.168.1.1 and - - - well - - nothing happens!

When I go look into /usr/local/etc/pkg/repos I do find  OPNsense.conf - - - which reads:

OPNsense: {
   fingerprints: "usr/local/etc/pkg/fingerprints/OPNsense",
   url: "pkg+https://pkg.opnsense.org/${ABI}/23.7/latest",
   signature_tgype: "fingerprints",
   mirror_type: "srv",
   priority: 11,
   enabled: yes
}


That information is as installed where I changed nothing (added nor removed anything only added ip addresses!).

So from what you're saying I'm supposed to be able to choose a mirror - - - where/how?

TIA

I think you hit a proxy or defunct IPv6, whichever comes first.

Or maybe the time of the box is off. There's a reason why posting full logs (like the update log) can help pinpoint this instead of stabbing in the dark. The connectivity audit can reveal problems with IPv6.


Cheers,
Franco

Checked time with the 'date' command - - - system seems to be running about 30 some seconds behind ntp.

I would love to give you the complete update log except I would bet that me typing it from one screen to another is going to add a bunch of errors besides taking about and hour - - - then there are the 10 or so lines that have disappeared as the text scrolled by which I would have no way of copying.

I'm not trying to use ipv6 I'm on ipv4.

So it seems that you're politely saying that I'm sol regarding getting an update to work.
Will admit that this is not overwhelmingly reassuring.