English Forums > Documentation and Translation
AdGuard Home setup guide
mr.sarge:
--- Quote from: dumbo on January 19, 2023, 03:44:28 pm ---Will do.
I also find the documentation/video from the original source:
https://www.max-it.de/adguard-dns-blocker-neues-opnsense-plugin/
He is showing it in an other way.
Going with an other port for AGH and leaving port from Unbound at 53.
Then making a NAT Port Forward to (in this video) 5310.
Why not choosing this way? Is there any downside?
The advantage would be, that the Firewall itself does not need to go through AGH and other networks, which I don't want to can also be Unbound only.
--- End quote ---
Hi! I started with this configuration a few days ago and at the moment it workes (OPNSense 23.1.7). I'm using another VLAN-Interface that I would like to remain untouched from ADGuard.
I'm looking for the right configuration for DoT, DoH, upstream, bootstrap DNS.
The goal would be:
- filtering rules for children (consideration of DoT, DoH)
- exceptions for Adults (ip addressess)
- additional VLAN interface untouched
any help or suggestions would be greatly appreciated!
kind regards,
Sarge
tommiy:
Hi, i had a working configuration of opnsense on 22.7 following these guides. I updated to 23.1.7. A result of this was that adguard was also updated to now be 107.29. Post this my Lan clients no longer receive a DNS address at all. If I disable adguard and change unbound back to dns port 53 the lan clients again recieve a DNS server. Appears that there are some issues regarding adguard now running with opnsense. A google found a similar issues lodged with adguard home on github .
https://github.com/AdguardTeam/AdGuardHome/issues/5827
Appears that you will now need to specify the DNS server in your Services->DHCP->DNS Servers for adguard to work. Without this the clients never get a DNS server.
EDIT/UPDATE: Confirmed with wireshark that opnsense is now only providing a default system dns entry to the LAN when unbound is running on port 53. If unbound is running on any other port then opnsense does not supply a default dns address to the lan dhcp request. This obviously breaks the listed settings for getting adguard home to work and does not appears to be an adguard issue but an opnsense issue. For example, with unbound set to listen on port 53 and the Services->DHCP->DNS servers blank a DHCP request has a return option 6 of the default LAN interface address. If I change unbound to listen on port 54 the a DHCP Request has no option6 (Domain Name Server) returned. Previously it used to return Option 6 regardless.
ChrisChros:
Your described Problem is already fixt by mimugmail. He updated the plugin a few week ago, now you should have the check box "Primary DNS" under SERVICES: ADGUARDHOME: GENERAL, which you have to activate.
https://forum.opnsense.org/index.php?topic=33661.0
https://github.com/opnsense/core/issues/6513#issuecomment-1518684956
emmitt:
Hej,
I used yeraycito's guide to use Adguard as a plugin. Thanks for this!
Now I wonder if DNSSEC does not also need to be enabled in the DNS settings under Adguard!?
Could someone please explain this to me?
--- Quote from: yeraycito on January 28, 2023, 01:35:39 am ---Opnsense 23.1 Install:
1 - Activate mimugmail's community repository:
SSH Opnsense: fetch -o /usr/local/etc/pkg/repos/mimugmail.conf https://www.routerperformance.net/mimugmail.conf
2 - Install AdGuardHome from System --> Firmware --> Plugins
3 - Opnsense - System - Settings -General
DNS Servers: empty
Untick: Do not use the local DNS service as a nameserver for this system
Untick: Allow DNS server list to be overridden by DHCP/PPP on WAN
4 - Services – DHCPv4 – [LAN] : DNS Servers all empty
5 – Opnsense – Services - Unbound DNS – General
Tick: Enable Unbound ( Listen Port: 5353 )
Tick: Enable DNSSEC Support
Network Interfaces: All
6 - Opnsense - Services - Unbound - Dns Over Tls
Server IP: 1.1.1.1
Server Port: 853
Verify CN: cloudflare-dns.com
7 - Activate and start AdGuardHome from Services --> AdGuardHome
8 - Navigate to http://Opnsense ip:3000/ ( 192.168.1.1:3000 ) to complete the setup Adguard
9 - Adguard Home - DNS Configuration - Upstream Servers:
Add Opnsense ip:5353 ( 192.168.1.1:5353 ) Delete those that exist
10 – Adguard Home – DNS Configuration – Bootstrap DNS servers
Add Opnsense ip:5353 ( 192.168.1.1:5353 ) Delete those that exist
11 - Adguard Home - DNS Configuration - Private reverse DNS servers:
192.168.1.1:5353
--- End quote ---
steveHomeLab:
I have a similar problem reported by bigverm23. Once I follow the guide by yeraycito, my internet stops working.
OPNsense 23.1.9-amd64
Adguard Home v0.107.31
--- Quote from: bigverm23 on May 16, 2023, 05:21:45 pm ---
--- Quote from: yeraycito on January 28, 2023, 01:35:39 am ---Opnsense 23.1 Install:
1 - Activate mimugmail's community repository:
SSH Opnsense: fetch -o /usr/local/etc/pkg/repos/mimugmail.conf https://www.routerperformance.net/mimugmail.conf
2 - Install AdGuardHome from System --> Firmware --> Plugins
3 - Opnsense - System - Settings -General
DNS Servers: empty
Untick: Do not use the local DNS service as a nameserver for this system
Untick: Allow DNS server list to be overridden by DHCP/PPP on WAN
4 - Services – DHCPv4 – [LAN] : DNS Servers all empty
5 – Opnsense – Services - Unbound DNS – General
Tick: Enable Unbound ( Listen Port: 5353 )
Tick: Enable DNSSEC Support
Network Interfaces: All
6 - Opnsense - Services - Unbound - Dns Over Tls
Server IP: 1.1.1.1
Server Port: 853
Verify CN: cloudflare-dns.com
7 - Activate and start AdGuardHome from Services --> AdGuardHome
8 - Navigate to http://Opnsense ip:3000/ ( 192.168.1.1:3000 ) to complete the setup Adguard
9 - Adguard Home - DNS Configuration - Upstream Servers:
Add Opnsense ip:5353 ( 192.168.1.1:5353 ) Delete those that exist
10 – Adguard Home – DNS Configuration – Bootstrap DNS servers
Add Opnsense ip:5353 ( 192.168.1.1:5353 ) Delete those that exist
11 - Adguard Home - DNS Configuration - Private reverse DNS servers:
192.168.1.1:5353
--- End quote ---
for some reason when I followed these steps, it seemingly brought down my WAN permanently...as in, it did not recover and I had to reverse everything, including Unbound to get the WAN UP again....anybody else?
--- End quote ---
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version