Messages

196

Documentation and Translation / Re: AdGuard Home setup guide

« on: April 13, 2021, 07:38:09 pm »

My settings:

System/Settings/General:
 - DNS Servers: all empty
 - Do not use the local DNS service as a nameserver for this system:   cheked

Services/Unbound DNS/General:
 - port: 5353
 - DNSSEC: enabled
 - DHCP Registration: disabled
 - DHCP Static Mappings: disabled
 - Local Zone Type: transparent

Unbound DNS - Miscellaneous - DNS over TLS Servers:  1.1.1.1@853      1.0.0.1@853

In Adguard Home - DNS Configuration - Upstream Servers: 192.168.1.1:5353

In Adguard Home - DNS Configuration - Bootstrap DNS servers: 192.168.1.1:5353

In Adguard Home - configuration - clients configuration - add client:  Add ip and hostname
 

197

Documentation and Translation / Re: AdGuard Home setup guide

« on: April 13, 2021, 07:36:06 pm »

Hello, for the dns not to be those of your isp you have to put one in unbound. To resolve the hostnames you can add them better in the Adguard configuration.

198

Virtual private networks / Re: Wireguard+Adguard

« on: April 13, 2021, 06:19:20 pm »

Hello, the problem is not solved. If you activate the dns in the wireguard configuration with adguard activated there is no internet connection. However, if you do not activate the dns in the wireguard configuration there is an internet connection without problems but no records appear in adguard.

199

Documentation and Translation / Re: AdGuard Home setup guide

« on: April 05, 2021, 01:11:31 am »

Many of the lists I have posted block most of Google's telemetry and spying but not all of it. More can be done.

Adguard - Filters - Custom filtering rules - add:

||dnsotls-ds.metric.gstatic.com^ 
||encrypted-tbn0.gstatic.com^
||encrypted-tbn2.gstatic.com^
||mtalk.google.com^
||metric.gstatic.com^
||chart.apis.google.com^
||cse.google.com^
||encrypted-tbn1.gstatic.com^
||www.gstatic.com^
||fonts.gstatic.com^
||ogs.google.com^
||ssl.gstatic.com^
||aa.google.com^
||encrypted-tbn3.gstatic.com^
||pki-goog.l.google.com^
||signaler-pa.clients6.google.com^
||addons-pa.clients6.google.com^
||apis.google.com^
||0.client-channel.google.com^
||clients2.google.com^

Result after applying the rules:

 - Google searches: OK

 - Gmail: OK

 - Youtube: OK

 - Instagram: OK

 - Android: OK

 - Playstore: OK

200

Documentation and Translation / Re: AdGuard Home setup guide

« on: April 04, 2021, 11:48:34 pm »

Unlike the ones Adguard comes with, these are much more complete. Each of them includes many other lists. They are the most complete I have found. If you put these in, you don't need any more.

201

Documentation and Translation / Re: AdGuard Home setup guide

« on: April 04, 2021, 10:34:51 pm »

Recommended DNS blocklists: 1Hosts (Pro) - Goodbye Ads - Energized Ultimate - Lightswitch05 - Steven Black - oisd

Installation in Adguard: Filters - DNS blocklist - Add blocking list - Add custom list

 - https://hosts.netlify.app/Pro/adblock.txt

 - https://raw.githubusercontent.com/jerryn70/GoodbyeAds/master/Hosts/GoodbyeAds.txt

 - https://block.energized.pro/ultimate/formats/hosts.txt

 - https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt

 - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts

 - https://hosts.oisd.nl/

Extra. in Adguard: Filters - DNS blocklist - Add blocking list  - Choose from the list:

 - Perflyst's Smart-TV Blocklist

202

Documentation and Translation / Re: AdGuard Home setup guide

« on: April 04, 2021, 08:16:42 pm »

Opnsense 21.1.4 Installation:

1 - Activate mimugmail's community repository

2 - Install AdGuardHome from System --> Firmware --> Plugins

3 - Activate and start AdGuardHome from Services --> AdGuardHome

4 - Navigate to http://your.opnsense:3000/ to complete the setup

5 - In Adguard Home - DNS Configuration - Upstream Servers:   Set the desired servers ( 1.1.1.1,   8.8.8.8     etc )

6 - In Opnsense disable Unbound. In case you want to use it leave it activated by changing the port to 5353 and in Adguard Home - DNS Configuration - Upstream Servers  add router_ip:5353

 - It is not necessary to activate the internal opnsense dns ( 127.0.0.1 ) in Opnsense in System-Settings-General

 - No need to make port forward rules to forward all DNS (Port 53) traffic to AdGuard

 - No need to set dns servers to DHCP

DNS over HTTPS - DNS over TLS:

Option 1:

 - In Opnsense - Unbound - Miscellaneous   set the desired dns servers 1.1.1.1@853     8.8.8.8@853

 - Active Unbound in port 5353

 - In Adguard Home - DNS Configuration - Upstream Servers add router_ip:5353

Option 2 ( Unbound disabled ): https://github.com/AdguardTeam/AdGuardHome/wiki/Encryption

203

Virtual private networks / Wireguard+Adguard

« on: April 01, 2021, 03:27:21 pm »

1 - I have installed wireguard following this tutorial https://homenetworkguy.com/how-to/configure-wireguard-opnsense/  without putting any dns server in the Local section of the wireguard configuration.

2 - I have installed the Adguard plugin according to this tutorial https://forum.opnsense.org/index.php?topic=22162.msg85979;boardseen#new

3 - I use Nextdns

4 - On an Android phone I install wireguard

Problems:

 - Without setting dns servers in the wireguard server/client configuration the connection is perfect but looking at the Adguard logs I do NOT see the mobile connection. If I enter NextDNS via the web (not Adguard), these records do appear.

 - If in the wireguard server/client configuration I set the dns servers 192.168.1.1 when I look at the logs of the Adguard plugin, the mobile connection does appear. However, although the connection is perfect, I don't have internet on my mobile.
If I remove the dns from the wireguard configuration I have internet on my mobile but the records do NOT appear in the Adguard plugin, they DO appear on the NextDNS website.

204

Intrusion Detection and Prevention / Re: Policy Suricata not working

« on: January 29, 2021, 04:22:59 pm »

Last image

205

Intrusion Detection and Prevention / Re: Policy Suricata not working

« on: January 29, 2021, 04:22:15 pm »

More screens

206

Intrusion Detection and Prevention / Re: Policy Suricata not working

« on: January 29, 2021, 04:21:19 pm »

One last test with another configuration. It still does not work. The rule shown in the image as DROP is manually activated.

207

Intrusion Detection and Prevention / Re: Policy Suricata not working

« on: January 29, 2021, 04:05:17 pm »

More screens

208

Intrusion Detection and Prevention / Re: Policy Suricata not working

« on: January 29, 2021, 04:03:43 pm »

I just tried another test with a different configuration and it still doesn't work.

209

Intrusion Detection and Prevention / Re: Policy Suricata not working

« on: January 29, 2021, 03:07:45 pm »

Yes. If I activate the lock setting in the Policy tab according to the following screenshot it does not work.

210

Intrusion Detection and Prevention / Re: Policy Suricata not working

« on: January 29, 2021, 03:51:41 am »

Nothing works. In the Rulesets section which states that if nothing is selected it applies to everything does not work. And if you select everything it doesn't work either. There is no way to select the rules in blocking. It worked so well before blocking the categories of rules in the Download section, why do you change it?