Messages

As others have said, use opnsense dhcp for static mappings instead of on the devices themselves. Also I would recommend using additional dhcp pools for devices you want outside of the main pool range.

AdGuard won't work how you want it to having the Deco in router mode. You already have a router (OPNsense). Put your main Deco into AP mode. All the mesh functions will still work. I can verify because that is how my system is setup.

fiber -> opnsense (router with AdGuard) -> main deco (ap mode) -> two deco satellites

Are you putting /dns-query at the end of your url?

Code Select Expand

https://adguard.example.com/dns-query

Also don't forget to add your opnsense ip to the list of trusted proxies in AdGuardHome.yaml. If your domain is registerd through cloudflare you need to add their list of IPs to that list as well.

If you are using a reverse proxy you have to set

Code Select Expand

force_https: false and

Code Select Expand

allow_unencrypted_doh: true in AdGuardHome.yaml

Edit: Didn't realize this post was a month old. Sorry about the necro bump

What exactly is the source set to in that rule?

Since I am going to go to sleep now:

1. duplicate the rule
2. set source to "your phone" in the duplicate
3. tick the "No RDR" checkbox in the duplicate
4. make sure the duplicate is above the general redirect rule for all devices in the list

That should do it.

Source is set to any. I did not realize I had to hit the "Advanced" button to see the input box for source. I will try what you said. Thank you.

I'm not following. I used the exact setup that's listed in the OP. I accidentally had LAN Net set for Destination. I changed that to LAN Address. I just need to know how to allow a device to bypass this rule.

Interface: LAN
Protocol: TCP/UDP
Destination / Invert: Checked
Destination: LAN address
Destination Port: DNS
Redirect target IP: 127.0.0.1
Redirect target port: DNS
NAT reflection: Disable

What did you set as source, why are you using source invert, why is the rule disabled?

Please show your current working DNS redirect rule and then I can help you to exempt your phone. OTOH as I alsow wrote the AdGuard home UI allows disabling filtering for individual clients - why not use that?

I used this tutorial which is exactly what's posted in the OP of this thread.
https://homenetworkguy.com/how-to/redirect-all-dns-requests-to-local-dns-resolver/

The rule is disabled until I can figure how how to allow specific devices to bypass it. Why does that matter anyway? I showed you the full config of the rule. Works fine except that I need to be able to allow a device to bypass that rule. Should I have it setup differently?

AdGuard home UI allows disabling filtering for individual clients - why not use that?

Because that does not solve the issue that I am having. I want to force all devices on LAN to use AGH. That's why I need the rule. But I don't want my phone to be forced to use AGH.

Show your DNS redirect rule, please.

Attached a screenshot

If you have a port forward rule in place to direct your devices to AGH, then place one rule above that one, source "your phone", flag "do not redirect" set.

Or use the AGH UI  ;)

Could you be slightly more specific please? I'm new to OpnSense coming from Asuswrt-Merlin and most of the options and descriptions are still foreign to me.

How do I allow a single device to bypass the DNS redirect? I have AdGuard installed on my phone (192.168.68.118) and use a different set of lists than I do on my local AdGuard Home setup.