"
Spent the day yesterday researching and then installing while documenting. I am getting 96 out of 100 on https://adblock-tester.com/
On Adguards own site it shows all 3 as Not running which is strange unless they are only looking at the PC itself?
For anyone that wants to run Adguardhome and Unbound on OPNsense at the same time (and future me for when I forget how as I am 62) here is what I documented:
Run AdGuard Home and Unbound DNS simultaneously in OPNsense
Step-by-Step Configuration
1. Install AdGuard Home (Frontend):
◦ Enable SSH: Go to System > Settings > Administration and enable Secure Shell.
◦ Add Repo via Terminal: Log in to your OPNsense shell via SSH and run the following command to add the repository:
◦ fetch -o /tmp/mimugmail.conf https://www.routerperformance.net/mimugmail.conf
mv /tmp/mimugmail.conf /usr/local/etc/pkg/repos/
◦ Update Package List: Run the following command to refresh the repository:
◦ pkg update
◦ Install Plugin: Go to System > Firmware > Plugins in the WebGUI, search for os-adguardhome-maxit, and click the + button to install
◦ Go to Services > AdGuardHome > General, enable the service.
2. Prepare Unbound DNS (Backend):
◦ Go to Services > Unbound DNS > General.
◦ Change the Listen Port from 53 to 5353.
◦ Save and Apply.
3. Configure AdGuard Home Upstream:
◦ Access the AdGuard Home web GUI (usually http://<opnsense-ip>:3000 initially, then port 8080/443 after setup).
◦ During Adguard setup at step one change the Listen interface to Port 8080 since port 80 is most likely already in use, and leave DNS server set all 53. Both should be set on All interfaces.
◦ Navigate to Settings > DNS Settings.
◦ Set Upstream DNS servers to 127.0.0.1:5353.
◦ Set Private reverse DNS servers to 127.0.0.1:5353.
4. Configure OPNsense System DNS:
◦ Go to System > Settings > General.
◦ Under Networking section Set DNS servers to 127.0.0.1 (AdGuard).
◦ Uncheck Allow DNS server list to be overridden by DHCP on WAN.
◦ Check Do not use the local DNS server as a name server for this system (if you want to force all traffic through AdGuard).
5. Configure DHCP (Clients):
◦ Go to Services->Dnsmasq & DHCP->DHCP options Add a new entry; under "Option" pick dns-server [6] and put your OPNsense ip in the "Value" section (usually 192.168.1.1); select the interface you want it to apply to (usually LAN) then save and apply, restart Dnsmasq.
Notes:
Alternative Port: Some users prefer high ports like 65353 for Unbound to avoid conflicts with mDNS.
Conflicts: If AdGuard Home fails to start, it is likely a port conflict (another service using port 53). Ensure Unbound has moved to 5353.
• Alternative: Instead of using AdGuard + Unbound, you can use Services > Unbound DNS > Blocklist to use DNSBL lists directly within Unbound for similar, albeit less feature-rich, ad-blocking.
On Adguards own site it shows all 3 as Not running which is strange unless they are only looking at the PC itself?
For anyone that wants to run Adguardhome and Unbound on OPNsense at the same time (and future me for when I forget how as I am 62) here is what I documented:
Run AdGuard Home and Unbound DNS simultaneously in OPNsense
Step-by-Step Configuration
1. Install AdGuard Home (Frontend):
◦ Enable SSH: Go to System > Settings > Administration and enable Secure Shell.
◦ Add Repo via Terminal: Log in to your OPNsense shell via SSH and run the following command to add the repository:
◦ fetch -o /tmp/mimugmail.conf https://www.routerperformance.net/mimugmail.conf
mv /tmp/mimugmail.conf /usr/local/etc/pkg/repos/
◦ Update Package List: Run the following command to refresh the repository:
◦ pkg update
◦ Install Plugin: Go to System > Firmware > Plugins in the WebGUI, search for os-adguardhome-maxit, and click the + button to install
◦ Go to Services > AdGuardHome > General, enable the service.
2. Prepare Unbound DNS (Backend):
◦ Go to Services > Unbound DNS > General.
◦ Change the Listen Port from 53 to 5353.
◦ Save and Apply.
3. Configure AdGuard Home Upstream:
◦ Access the AdGuard Home web GUI (usually http://<opnsense-ip>:3000 initially, then port 8080/443 after setup).
◦ During Adguard setup at step one change the Listen interface to Port 8080 since port 80 is most likely already in use, and leave DNS server set all 53. Both should be set on All interfaces.
◦ Navigate to Settings > DNS Settings.
◦ Set Upstream DNS servers to 127.0.0.1:5353.
◦ Set Private reverse DNS servers to 127.0.0.1:5353.
4. Configure OPNsense System DNS:
◦ Go to System > Settings > General.
◦ Under Networking section Set DNS servers to 127.0.0.1 (AdGuard).
◦ Uncheck Allow DNS server list to be overridden by DHCP on WAN.
◦ Check Do not use the local DNS server as a name server for this system (if you want to force all traffic through AdGuard).
5. Configure DHCP (Clients):
◦ Go to Services->Dnsmasq & DHCP->DHCP options Add a new entry; under "Option" pick dns-server [6] and put your OPNsense ip in the "Value" section (usually 192.168.1.1); select the interface you want it to apply to (usually LAN) then save and apply, restart Dnsmasq.
Notes:
Alternative Port: Some users prefer high ports like 65353 for Unbound to avoid conflicts with mDNS.
Conflicts: If AdGuard Home fails to start, it is likely a port conflict (another service using port 53). Ensure Unbound has moved to 5353.
• Alternative: Instead of using AdGuard + Unbound, you can use Services > Unbound DNS > Blocklist to use DNSBL lists directly within Unbound for similar, albeit less feature-rich, ad-blocking.
