Messages

1

Documentation and Translation / Re: AdGuard Home setup guide

« on: December 08, 2023, 12:31:35 am »

Thank you very much, I have tried it and it works.

Opnsense 22.1 Clean Install - Installation:

It is very important to follow the order explained

1 - Activate mimugmail's community repository

2 - Install AdGuardHome from System --> Firmware --> Plugins

3 - Activate and start AdGuardHome from Services --> AdGuardHome

4 - Opnsense - System - Settings -General

      Untick: Do not use the local DNS service as a nameserver for this system
      Untick: Allow DNS server list to be overridden by DHCP/PPP on WAN

5 - Opnsense - Services - Unbound - Dns Over Tls

      Set the desired dns servers, ej, Cloudflare:
      Server IP: 1.1.1.1
      Server Port: 853
      Verify CN: cloudflare-dns.com

6 - Opnsense - Services - Unbound - General
 
     Listen Port: 5353

7 - Navigate to http://your.opnsense:3000/ ( 192.168.1.1:3000 ) to complete the setup Adguard

8 - Adguard Home - DNS Configuration - Upstream Servers: Add router_ip:5353  ( 192.168.1.1:5353 ) Delete those that exist

Security Extra: https://www.sunnyvalley.io/docs/network-security-tutorials/how-to-configure-opnsense-firewall-rules#1-allowing-only-specific-dns-servers

I wanted to add this here, as I spent hours trying to figure out what I was missing.

I would follow the above steps and get everything working for maybe a few minutes, but eventually none of my devices would have internet access. Both AdGuard Home and Unbound showed that they were receiving DNS traffic, but clearly something was wrong.

The problem was that I had previously configured DNS overrides in Unbound. Disabling/deleting my previously configured Unbound DNS overrides solved my issue. I then created those same overrides in AdGuard under Filters -> DNS rewrites.

Could you share an example of what the overwrite looks like? I believe I'm having similar issues.

EDIT: Somehow I figured it out and am no longer having issues. I think there could be a potential issue with leaving the DHCPv4 LAN DNS servers as all empty as it may not be able to resolve your localhost (I'm still a networking newb so I could be totally wrong). I added 192.168.1.1 to my DNS servers for DHCP and now everything seems to be working. Could be some firewall rule changes I made, but not totally sure. I went ahead and added a similar DNS src * dst * LAN address rule for 5335 just in case.

2

Documentation and Translation / Re: AdGuard Home setup guide

« on: December 08, 2023, 12:28:00 am »

Opnsense 23.1 Install:

1 - Activate mimugmail's community repository:

SSH Opnsense: fetch -o /usr/local/etc/pkg/repos/mimugmail.conf https://www.routerperformance.net/mimugmail.conf

2 - Install AdGuardHome from System --> Firmware --> Plugins

3 - Opnsense - System - Settings -General

      DNS Servers: empty

      Untick: Do not use the local DNS service as a nameserver for this system

      Untick: Allow DNS server list to be overridden by DHCP/PPP on WAN

4 - Services – DHCPv4 – [LAN] : DNS Servers all empty

5 – Opnsense – Services - Unbound DNS – General

       Tick: Enable Unbound ( Listen Port: 5353 )

       Tick: Enable DNSSEC Support
       
       Network Interfaces: All

6 - Opnsense - Services - Unbound - Dns Over Tls

      Server IP: 1.1.1.1

      Server Port: 853

      Verify CN: cloudflare-dns.com

7 - Activate and start AdGuardHome from Services --> AdGuardHome

8 - Navigate to http://Opnsense ip:3000/ ( 192.168.1.1:3000 ) to complete the setup Adguard

9 - Adguard Home - DNS Configuration - Upstream Servers:

      Add Opnsense ip:5353  ( 192.168.1.1:5353 ) Delete those that exist

10 – Adguard Home – DNS Configuration – Bootstrap DNS servers

      Add Opnsense ip:5353  ( 192.168.1.1:5353 ) Delete those that exist
     
11 - Adguard Home - DNS Configuration - Private reverse DNS servers:

           192.168.1.1:5353

This worked temporarily for me, but for some reason roughly 30 minutes later, Unbound no longer gets any requests from AdGuard (or at least in logging, it makes 0 requests when trying to hit a website). Not quite sure what's going on. Had everything on the Unbound side of things running at 5335, but otherwise followed everything else. Immediately starts resolving hostnames obviously as soon as I bring Unbound back to 53. Is there any way to run this configuration so that Unbound is the first entry point and can run on 53 instead? Not sure if that would rectify the issue though.