AdGuard Home setup guide

beclar2 · April 25, 2021, 10:32:13 AM

Hi folks,

has anyone tried to set up Adguard WebGUI using https with the same cert that OPNsense´s WebGUI uses?

Thank you very much
Beclar

yeraycito · April 25, 2021, 06:45:38 PM

Adguard + wireguard in Opnsense ( solved ):

https://forum.opnsense.org/index.php?topic=22409.0

N0_Klu3 · April 26, 2021, 11:14:20 AM

Quote from: yeraycito on April 13, 2021, 07:38:09 PM
My settings:

System/Settings/General:
- DNS Servers: all empty
- Do not use the local DNS service as a nameserver for this system: cheked

Services/Unbound DNS/General:
- port: 5353
- DNSSEC: enabled
- DHCP Registration: disabled
- DHCP Static Mappings: disabled
- Local Zone Type: transparent

Unbound DNS - Miscellaneous - DNS over TLS Servers: 1.1.1.1@853 1.0.0.1@853

In Adguard Home - DNS Configuration - Upstream Servers: 192.168.1.1:5353

In Adguard Home - DNS Configuration - Bootstrap DNS servers: 192.168.1.1:5353

In Adguard Home - configuration - clients configuration - add client: Add ip and hostname

With this way, if you have multiple VLAN's or different IP's do you need to include all the IP's into upstream and bootstrap DNS servers?

IE: 192.168.1.1:5353
192.168.200.1:5353

And so on?

yeraycito · April 26, 2021, 02:25:58 PM

It is not necessary, just set the opnsense ip. Adguard listens for dns connections on all opnsense interfaces. It then passes them to the opnsense ip. Unbound is listening there.

N0_Klu3 · April 26, 2021, 03:52:46 PM

Ok cheers will mess with it this week and update the main page with some updates.
Thanks for your efforts.

yeraycito · April 26, 2021, 08:33:16 PM

In this post I previously put up some blocking lists for Adguard. There are two of them that are very complete: 1Host (Pro ) and Energized Ultimate. They are so comprehensive that in some cases they block too much. If this is the case I recommend you to change them for 1Host (lite) and Energized Basic. These two lists are still very comprehensive.There are also smaller versions of these two lists, these are the intermediate ones.

- https://badmojr.github.io/1Hosts/Lite/adblock.txt

- https://block.energized.pro/basic/formats/hosts.txt

N0_Klu3 · April 28, 2021, 09:23:19 AM

Yup I already use Energized Pro list and only that list myself :)

Superduke · May 03, 2021, 02:52:14 PM

I'm sorry for my ignorance, but is this setup using the DNS over TLS function in Unbound? It appears yes.

If it is, why use that when you can use Unbound by itself for DNS resolving? I thought the point of using Unbound was to not have to worry about DNS lookups from companies like Cloudflare??

Thanks in advance!

Quote from: yeraycito on April 04, 2021, 08:16:42 PM
Opnsense 21.1.4 Installation:

1 - Activate mimugmail's community repository

2 - Install AdGuardHome from System --> Firmware --> Plugins

3 - Activate and start AdGuardHome from Services --> AdGuardHome

4 - Navigate to http://your.opnsense:3000/ to complete the setup

5 - In Adguard Home - DNS Configuration - Upstream Servers: Set the desired servers ( 1.1.1.1, 8.8.8.8 etc )

6 - In Opnsense disable Unbound. In case you want to use it leave it activated by changing the port to 5353 and in Adguard Home - DNS Configuration - Upstream Servers add router_ip:5353

- It is not necessary to activate the internal opnsense dns ( 127.0.0.1 ) in Opnsense in System-Settings-General

- No need to make port forward rules to forward all DNS (Port 53) traffic to AdGuard

- No need to set dns servers to DHCP

DNS over HTTPS - DNS over TLS:

Option 1:

- In Opnsense - Unbound - Miscellaneous set the desired dns servers 1.1.1.1@853 8.8.8.8@853

- Active Unbound in port 5353

- In Adguard Home - DNS Configuration - Upstream Servers add router_ip:5353

Option 2 ( Unbound disabled ): https://github.com/AdguardTeam/AdGuardHome/wiki/Encryption

yodaphone · May 05, 2021, 03:13:32 PM

Quote from: yeraycito on April 13, 2021, 09:04:18 PM

- Follow the tutorial explained above for Adguard.

Do we need both? Can one not configure just NextDNS without AdGurad?

yeraycito · May 05, 2021, 03:27:49 PM

If you want to use only NextDNS:

- Unbound - General - Custom Options: add ( XXXXXX is a custom ID in NextDns )

server:
tls-cert-bundle: "/etc/ssl/cert.pem"
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 45.90.28.0#XXXXXX.dns1.nextdns.io
forward-addr: 2a07:a8c0::#XXXXXX.dns1.nextdns.io
forward-addr: 45.90.30.0#XXXXXX.dns2.nextdns.io
forward-addr: 2a07:a8c1::#XXXXSS.dns2.nextdns.io

zer0k · May 05, 2021, 10:58:00 PM

Great instructions! Thank you :)

The only issue I'm facing is getting the firewall redirect rule for dns just won't work for me.
I've tried using the "LAN address" object, and also specifying my LAN IP address and my VirtualIP's, but it just doesn't seem to want to redirect the dns traffic :(

I did notice when setting up Adguard it chose my Virtual IP, instead of my LAN address.

I feel like I'm missing something really simple, but I'm not sure what?

Interface: LAN
Protocol: TCP/UDP
Destination / Invert: Ticked
Destination: LAN address
Destination port range: From: DNS - To: DNS
Redirect target IP: 127.0.0.1
Redirect target port: DNS
Description: Forward DNS to AdGuard
NAT Reflection: Disable

Patrick M. Hausen · May 05, 2021, 11:15:48 PM

Possibly related to this?

https://github.com/AdguardTeam/AdGuardHome/issues/3015

meazz1 · May 06, 2021, 12:08:34 AM

I have a LAN that I want to use AdGuard for DNS using any family shield service. And a VLAN to use 8.8.8.8.
Is that possible and how?

NV43 · May 06, 2021, 08:08:13 AM

Should we be setting DNS cache size in Adguard to 0 to allow Unbound to handle caching?

yeraycito · May 06, 2021, 06:38:00 PM

Quote from: zer0k on May 05, 2021, 10:58:00 PM
Great instructions! Thank you :)

The only issue I'm facing is getting the firewall redirect rule for dns just won't work for me.
I've tried using the "LAN address" object, and also specifying my LAN IP address and my VirtualIP's, but it just doesn't seem to want to redirect the dns traffic :(

I did notice when setting up Adguard it chose my Virtual IP, instead of my LAN address.

I feel like I'm missing something really simple, but I'm not sure what?

Interface: LAN
Protocol: TCP/UDP
Destination / Invert: Ticked
Destination: LAN address
Destination port range: From: DNS - To: DNS
Redirect target IP: 127.0.0.1
Redirect target port: DNS
Description: Forward DNS to AdGuard
NAT Reflection: Disable

- It is not necessary to activate the internal opnsense dns ( 127.0.0.1 ) in Opnsense in System-Settings-General

- No need to make port forward rules to forward all DNS (Port 53) traffic to AdGuard

Adguard listens on all default interfaces in Opnsense. This can be seen in the Adguard - Configuration Guide.

AdGuard Home setup guide

beclar2

April 25, 2021, 10:32:13 AM #30

yeraycito

April 25, 2021, 06:45:38 PM #31

N0_Klu3

April 26, 2021, 11:14:20 AM #32

yeraycito

April 26, 2021, 02:25:58 PM #33

N0_Klu3

April 26, 2021, 03:52:46 PM #34

yeraycito

April 26, 2021, 08:33:16 PM #35 Last Edit: April 26, 2021, 08:53:57 PM by yeraycito

N0_Klu3

April 28, 2021, 09:23:19 AM #36

Superduke

May 03, 2021, 02:52:14 PM #37

yodaphone

May 05, 2021, 03:13:32 PM #38

yeraycito

May 05, 2021, 03:27:49 PM #39 Last Edit: May 05, 2021, 03:29:44 PM by yeraycito

zer0k

May 05, 2021, 10:58:00 PM #40

Patrick M. Hausen

May 05, 2021, 11:15:48 PM #41

meazz1

May 06, 2021, 12:08:34 AM #42

NV43

May 06, 2021, 08:08:13 AM #43

yeraycito

May 06, 2021, 06:38:00 PM #44 Last Edit: May 06, 2021, 07:05:13 PM by yeraycito