Messages

1

Tutorials and FAQs / Re: DNS for LAN devices outside of the DHCP pool have to be set manually.

« on: August 29, 2024, 01:59:36 am »

As others have said, use opnsense dhcp for static mappings instead of on the devices themselves. Also I would recommend using additional dhcp pools for devices you want outside of the main pool range.

2

Tutorials and FAQs / Re: Set up AdGuard on Opnsense, but how do I expose TPLink Deco mesh clients?

« on: August 29, 2024, 01:47:55 am »

AdGuard won't work how you want it to having the Deco in router mode. You already have a router (OPNsense). Put your main Deco into AP mode. All the mesh functions will still work. I can verify because that is how my system is setup.

fiber -> opnsense (router with AdGuard) -> main deco (ap mode) -> two deco satellites

3

Documentation and Translation / Re: Adguard Home - DNS over HTTPS and DNS over TLS

« on: August 07, 2024, 03:48:05 am »

Are you putting /dns-query at the end of your url?

Code: [Select]

https://adguard.example.com/dns-query
Also don't forget to add your opnsense ip to the list of trusted proxies in AdGuardHome.yaml. If your domain is registerd through cloudflare you need to add their list of IPs to that list as well.

If you are using a reverse proxy you have to set

Code: [Select]

force_https: false and

Code: [Select]

allow_unencrypted_doh: true in AdGuardHome.yaml

Edit: Didn't realize this post was a month old. Sorry about the necro bump

4

Tutorials and FAQs / Re: HOWTO - Redirect all DNS Requests to Opnsense

« on: July 28, 2024, 11:11:13 pm »

What exactly is the source set to in that rule?

Since I am going to go to sleep now:

1. duplicate the rule
2. set source to "your phone" in the duplicate
3. tick the "No RDR" checkbox in the duplicate
4. make sure the duplicate is above the general redirect rule for all devices in the list

That should do it.

Source is set to any. I did not realize I had to hit the "Advanced" button to see the input box for source. I will try what you said. Thank you.

5

Tutorials and FAQs / Re: HOWTO - Redirect all DNS Requests to Opnsense

« on: July 28, 2024, 10:57:50 pm »

I'm not following. I used the exact setup that's listed in the OP. I accidentally had LAN Net set for Destination. I changed that to LAN Address. I just need to know how to allow a device to bypass this rule.

Interface: LAN
Protocol: TCP/UDP
Destination / Invert: Checked
Destination: LAN address
Destination Port: DNS
Redirect target IP: 127.0.0.1
Redirect target port: DNS
NAT reflection: Disable

6

Tutorials and FAQs / Re: HOWTO - Redirect all DNS Requests to Opnsense

« on: July 28, 2024, 10:51:30 pm »

What did you set as source, why are you using source invert, why is the rule disabled?

Please show your current working DNS redirect rule and then I can help you to exempt your phone. OTOH as I alsow wrote the AdGuard home UI allows disabling filtering for individual clients - why not use that?

I used this tutorial which is exactly what's posted in the OP of this thread.
https://homenetworkguy.com/how-to/redirect-all-dns-requests-to-local-dns-resolver/

The rule is disabled until I can figure how how to allow specific devices to bypass it. Why does that matter anyway? I showed you the full config of the rule. Works fine except that I need to be able to allow a device to bypass that rule. Should I have it setup differently?

AdGuard home UI allows disabling filtering for individual clients - why not use that?

Because that does not solve the issue that I am having. I want to force all devices on LAN to use AGH. That's why I need the rule. But I don't want my phone to be forced to use AGH.

7

Tutorials and FAQs / Re: HOWTO - Redirect all DNS Requests to Opnsense

« on: July 28, 2024, 10:35:08 pm »

Show your DNS redirect rule, please.

Attached a screenshot

8

Tutorials and FAQs / Re: HOWTO - Redirect all DNS Requests to Opnsense

« on: July 28, 2024, 10:17:28 pm »

If you have a port forward rule in place to direct your devices to AGH, then place one rule above that one, source "your phone", flag "do not redirect" set.

Or use the AGH UI 

Could you be slightly more specific please? I'm new to OpnSense coming from Asuswrt-Merlin and most of the options and descriptions are still foreign to me.

9

Tutorials and FAQs / Re: HOWTO - Redirect all DNS Requests to Opnsense

« on: July 28, 2024, 05:55:04 pm »

How do I allow a single device to bypass the DNS redirect? I have AdGuard installed on my phone (192.168.68.118) and use a different set of lists than I do on my local AdGuard Home setup.