AdGuard Home setup guide

[yeraycito]

Wireguard ( os-wireguard ) + Adguard:

https://homenetworkguy.com/how-to/configure-wireguard-opnsense/

[yeraycito]

NextDNS + QUIC + Adguard:

Adguardhome - Settings - DNS settings:

Upstream DNS servers: quic://xxxxxx.dns.nextdns.io          ( xxxxxxx is nextdns ID )

Bootstrap DNS servers:

45.90.28.167
45.90.30.167

Private reverse DNS servers: quic://xxxxxx.dns.nextdns.io          ( xxxxxxx is nextdns ID )

[dumbo]

Opnsense 23.1 Install:

1 - Activate mimugmail's community repository:

SSH Opnsense: fetch -o /usr/local/etc/pkg/repos/mimugmail.conf https://www.routerperformance.net/mimugmail.conf

2 - Install AdGuardHome from System --> Firmware --> Plugins

3 - Opnsense - System - Settings -General

      DNS Servers: empty

      Untick: Do not use the local DNS service as a nameserver for this system

      Untick: Allow DNS server list to be overridden by DHCP/PPP on WAN

4 - Services – DHCPv4 – [LAN] : DNS Servers all empty

5 – Opnsense – Services - Unbound DNS – General

       Tick: Enable Unbound ( Listen Port: 5353 )

     ....

Don't use port 5353 as it's used by mDNS service!!!

[bbchucks]

thanks for the guide! for some reason when i Untick: Do not use the local DNS service as a nameserver for this system.  If i'm on opnsense box shell, i can't resolve any dns.  once i change resolv.conf from localhost to opnsense's 192.168.1.1 address then dns works.

does anyone know why i can't use 127.0.0.1 but can use the actual ip of opnsense?

[cookiemonster]

thanks for the guide! for some reason when i Untick: Do not use the local DNS service as a nameserver for this system.  If i'm on opnsense box shell, i can't resolve any dns.  once i change resolv.conf from localhost to opnsense's 192.168.1.1 address then dns works.

does anyone know why i can't use 127.0.0.1 but can use the actual ip of opnsense?

Assuming the question in the context of this guide, the tick is to not use the dns server(s) there and assumes you will setup another way for the system to do dns. So something has to resolve names and be available on an interface/ip designation

[plikmuny]

I am very happy that after following the Guide posted here i could able to setup AGH and Unbound successfully.

I have Internet now and the page loading time is insane. i amreally liking it.

But i have one problem, after setting AGH and Unbound as only Resolver i am not able to update the Package... once i click the update it keeps on waiing for the update... What is wrong with my Opnsense ? why cant i update my packages ? i also intend to install other Packages, but without updating how will i do it ? why only the firmware update function is not working but Internet is Working ???

i am clueless, pls help me to solve this problem... Thanks

[b00gyman]

I am very happy that after following the Guide posted here i could able to setup AGH and Unbound successfully.

I have Internet now and the page loading time is insane. i amreally liking it.

But i have one problem, after setting AGH and Unbound as only Resolver i am not able to update the Package... once i click the update it keeps on waiing for the update... What is wrong with my Opnsense ? why cant i update my packages ? i also intend to install other Packages, but without updating how will i do it ? why only the firmware update function is not working but Internet is Working ???

i am clueless, pls help me to solve this problem... Thanks

Hey there, I'm a n00b at OPNsense (actually came here to try and research a question) but I had a similar problem as you with updates.

Once I change the server location to get updates, mine worked. I picked one that was close to me regionally and then my updates went through with no problem.
(Sorry not on my network right now so I can't get screenshots) I'll try later if you would like.

Not sure if it's the same problem you are having but may be worth a try

Let me know if it works for ya

Sent from my SM-N950U using Tapatalk

[jerknerkel]

I've successfully gotten Adguard home working following the steps posted above.
One of the steps however says to clear the DNS settings for each gateway in the System>Settings>General in doing so I believe this has caused conflict with my multiple gateway and failover group setup.

Would there be a work around for this step in multi wan? "Go to System ‣ Settings ‣ General and make sure each gateway has its own DNS setup"

I'm not sure how to make this work with Adguard home, having all of them cleared for AGH seems to do weird things with DNS when it failsover.

Any help would be much appreciated.

edit: I've thrown in the towel on this one, decided benefit of adguardhome was not worth the complication in my setup or to have issues with vlan or failover DNS (I'm new to opnsense).

[depc80]

Hi,

I just finished installing Adguard. Work like a charm. Please don't mind if I ask, is there a guide to add multiple networks to Adguard?
For example, I have a separate interface for AP, I changed rule of AP interface: Destination: AP address  to Destination: LAN address and added 192.168.1.1 as DNS in its DHCP. It seems to work and I start seeing Adguard picking up IP from mobile devices. However, I wonder if it would cause any issue.

Cheers

Edit: Found the answer in page 14

Yup, i actually Found Matt's website on how to do this : https://0x2142.com/how-to-set-up-adguard-on-opnsense/

Very Bottom.

Example how to add more networks is, Example Default with no additional networks :

In there, you'll see a section like this:
dns:
   bind_hosts:
       - 192.168.1.1

And one with more :

dns:
   bind_hosts:
       - 192.168.1.1
       - 192.168.10.1
       - 192.168.100.1

Thanks jlab

Edit: Faced a slow loading dashboard, failed to update. Turns out the solution is just need to change bind_host and dns:bind_host to 0.0.0.0. Also was un-abled to update till I hit a couple more times, thing just went through.

Thanks everyone, I just need to read the whole thread :D

One question tho, in some screenshots, I see Unbound: Register DHCP leases & Register DHCP static mappings are unticked. Others said they ticked those. I tried both and had no issue with internet connection. Kinda confused. Sorry, I'm a noob. My excuse is I just start using Opnsense a couple months ago.

Edit: Upgraded to the latest Opnsense today and Connection drop after reboot. Router can connect to internet but Adguard does not resolve DNS. Disabled Adguard and change Unbound back to 53 fix the issue. # Adguard plugin needs update. Solution: opnsense-revert -r 23.1.5 opnsense

[bigverm23]

Opnsense 23.1 Install:

1 - Activate mimugmail's community repository:

SSH Opnsense: fetch -o /usr/local/etc/pkg/repos/mimugmail.conf https://www.routerperformance.net/mimugmail.conf

2 - Install AdGuardHome from System --> Firmware --> Plugins

3 - Opnsense - System - Settings -General

      DNS Servers: empty

      Untick: Do not use the local DNS service as a nameserver for this system

      Untick: Allow DNS server list to be overridden by DHCP/PPP on WAN

4 - Services – DHCPv4 – [LAN] : DNS Servers all empty

5 – Opnsense – Services - Unbound DNS – General

       Tick: Enable Unbound ( Listen Port: 5353 )

       Tick: Enable DNSSEC Support
       
       Network Interfaces: All

6 - Opnsense - Services - Unbound - Dns Over Tls

      Server IP: 1.1.1.1

      Server Port: 853

      Verify CN: cloudflare-dns.com

7 - Activate and start AdGuardHome from Services --> AdGuardHome

8 - Navigate to http://Opnsense ip:3000/ ( 192.168.1.1:3000 ) to complete the setup Adguard

9 - Adguard Home - DNS Configuration - Upstream Servers:

      Add Opnsense ip:5353  ( 192.168.1.1:5353 ) Delete those that exist

10 – Adguard Home – DNS Configuration – Bootstrap DNS servers

      Add Opnsense ip:5353  ( 192.168.1.1:5353 ) Delete those that exist
     
11 - Adguard Home - DNS Configuration - Private reverse DNS servers:

           192.168.1.1:5353

for some reason when I followed these steps, it seemingly brought down my WAN permanently...as in, it did not recover and I had to reverse everything, including Unbound to get the WAN UP again....anybody else?

[mr.sarge]

Will do.

I also find the documentation/video from the original source:

https://www.max-it.de/adguard-dns-blocker-neues-opnsense-plugin/

He is showing it in an other way.
Going with an other port for AGH and leaving port from Unbound at 53.
Then making a NAT Port Forward to (in this video) 5310.

Why not choosing this way? Is there any downside?

The advantage would be, that the Firewall itself does not need to go through AGH and other networks, which I don't want to can also be Unbound only.

Hi! I started with this configuration a few days ago and at the moment it workes (OPNSense 23.1.7). I'm using another VLAN-Interface that I would like to remain untouched from ADGuard.

I'm looking for the right configuration for DoT, DoH, upstream, bootstrap DNS.

The goal would be:
- filtering rules for children (consideration of DoT, DoH)
- exceptions for Adults (ip addressess)
- additional VLAN interface untouched

any help or suggestions would be greatly appreciated!

kind regards,

Sarge

[tommiy]

Hi, i had a working configuration of opnsense on 22.7 following these guides. I updated to 23.1.7. A result of this was that adguard was also updated to now be 107.29. Post this my Lan clients no longer receive a DNS address at all. If I disable adguard and change unbound back to dns port 53 the lan clients again recieve a DNS server. Appears that there are some issues regarding adguard now running with opnsense. A google found a similar issues lodged with adguard home on github .

https://github.com/AdguardTeam/AdGuardHome/issues/5827

Appears that you will now need to specify the DNS server in your Services->DHCP->DNS Servers for adguard to work. Without this the clients never get a DNS server.

EDIT/UPDATE: Confirmed with wireshark that opnsense is now only providing a default system dns entry to the LAN when unbound is running on port 53. If unbound is running on any other port then opnsense does not supply a default dns address to the lan dhcp request. This obviously breaks the listed settings for getting adguard home to work and does not appears to be an adguard issue but an opnsense issue. For example, with unbound set to listen on port 53 and the Services->DHCP->DNS servers blank a DHCP request has a return option 6 of the default LAN interface address. If I change unbound to listen on port 54 the a DHCP Request has no option6 (Domain Name Server) returned. Previously it used to return Option 6 regardless.

[ChrisChros]

Your described Problem is already fixt by mimugmail. He updated the plugin a few week ago, now you should have the check box "Primary DNS" under SERVICES: ADGUARDHOME: GENERAL, which you have to activate.
https://forum.opnsense.org/index.php?topic=33661.0

https://github.com/opnsense/core/issues/6513#issuecomment-1518684956

[emmitt]

Hej,

I used yeraycito's guide to use Adguard as a plugin. Thanks for this!
Now I wonder if DNSSEC does not also need to be enabled in the DNS settings under Adguard!?
Could someone please explain this to me?

Opnsense 23.1 Install:

1 - Activate mimugmail's community repository:

SSH Opnsense: fetch -o /usr/local/etc/pkg/repos/mimugmail.conf https://www.routerperformance.net/mimugmail.conf

2 - Install AdGuardHome from System --> Firmware --> Plugins

3 - Opnsense - System - Settings -General

      DNS Servers: empty

      Untick: Do not use the local DNS service as a nameserver for this system

      Untick: Allow DNS server list to be overridden by DHCP/PPP on WAN

4 - Services – DHCPv4 – [LAN] : DNS Servers all empty

5 – Opnsense – Services - Unbound DNS – General

       Tick: Enable Unbound ( Listen Port: 5353 )

       Tick: Enable DNSSEC Support
       
       Network Interfaces: All

6 - Opnsense - Services - Unbound - Dns Over Tls

      Server IP: 1.1.1.1

      Server Port: 853

      Verify CN: cloudflare-dns.com

7 - Activate and start AdGuardHome from Services --> AdGuardHome

8 - Navigate to http://Opnsense ip:3000/ ( 192.168.1.1:3000 ) to complete the setup Adguard

9 - Adguard Home - DNS Configuration - Upstream Servers:

      Add Opnsense ip:5353  ( 192.168.1.1:5353 ) Delete those that exist

10 – Adguard Home – DNS Configuration – Bootstrap DNS servers

      Add Opnsense ip:5353  ( 192.168.1.1:5353 ) Delete those that exist
     
11 - Adguard Home - DNS Configuration - Private reverse DNS servers:

           192.168.1.1:5353

[steveHomeLab]

I have a similar problem reported by bigverm23. Once I follow the guide by yeraycito, my internet stops working.

OPNsense 23.1.9-amd64
Adguard Home v0.107.31

Opnsense 23.1 Install:

1 - Activate mimugmail's community repository:

SSH Opnsense: fetch -o /usr/local/etc/pkg/repos/mimugmail.conf https://www.routerperformance.net/mimugmail.conf

2 - Install AdGuardHome from System --> Firmware --> Plugins

3 - Opnsense - System - Settings -General

      DNS Servers: empty

      Untick: Do not use the local DNS service as a nameserver for this system

      Untick: Allow DNS server list to be overridden by DHCP/PPP on WAN

4 - Services – DHCPv4 – [LAN] : DNS Servers all empty

5 – Opnsense – Services - Unbound DNS – General

       Tick: Enable Unbound ( Listen Port: 5353 )

       Tick: Enable DNSSEC Support
       
       Network Interfaces: All

6 - Opnsense - Services - Unbound - Dns Over Tls

      Server IP: 1.1.1.1

      Server Port: 853

      Verify CN: cloudflare-dns.com

7 - Activate and start AdGuardHome from Services --> AdGuardHome

8 - Navigate to http://Opnsense ip:3000/ ( 192.168.1.1:3000 ) to complete the setup Adguard

9 - Adguard Home - DNS Configuration - Upstream Servers:

      Add Opnsense ip:5353  ( 192.168.1.1:5353 ) Delete those that exist

10 – Adguard Home – DNS Configuration – Bootstrap DNS servers

      Add Opnsense ip:5353  ( 192.168.1.1:5353 ) Delete those that exist
     
11 - Adguard Home - DNS Configuration - Private reverse DNS servers:

           192.168.1.1:5353

for some reason when I followed these steps, it seemingly brought down my WAN permanently...as in, it did not recover and I had to reverse everything, including Unbound to get the WAN UP again....anybody else?