AdGuard Home setup guide

[mkono87]

Has anyone setup keepalived to sync with this with a second instance on another server for high availability?

Hmm guess not. I guess if I tried this it would be best on something else than the firewall.

[Grumpily6873]

I recently changed my LAN address range from 192.168.x.x to 10.10.x.x based. After the swap I started having problems with DNS resolution in my VLANs. Before the change I did not need any firewall rules or DHCP DNS settings to get resolution on other VLANs, but now I need to set DNS server on VLAN DHCP settings to get any resolution.

This ofcourse is not a huge problem, but I just find it odd and figured that there is maybe something misconfigured in my setup. There is probably some setting that is causing this but I can't find it. Any advice on where to look?

E: I'm using Adguard and routing DNS over TLS with Unbound. The setup is basically the same as in here https://forum.opnsense.org/index.php?topic=22162.msg106715#msg106715

E2: Solved, I forgot to select all VLANs in DNS Listen Interfaces dropdown. Reconfigured and seems to be working as earlier now.

[Steffen123]

I did configure my opnsense like how described in this post and with Option 1

https://forum.opnsense.org/index.php?topic=22162.msg106715#msg106715

But i have some issues. It seems like dns resolving from the opnsense itself isn't working.

When i open a shell on opnsense and use "nslookup google.com" i get the answer:

;; connection timed out; no servers could be reached

Did i something wrong?

[RamSense]

When rebooting opnsense, adguard does not start automatically and I have to start it manually.

is this, see picture I found in a pfsense guide, something I/we should ad? or can this be added to the plugin?
And if added manually, how to do this in opnsense:

Step 6: Making AdGuard Home start on boot:​

Go to Services>shellcmd and click Add

Command: /usr/local/bin/screen -S AdGuardHome_screen -d -m /opt/AdGuardHome/AdGuardHome
Shellcmd Type: shellcmd
Description: AdGuard

as found here: https://broadbandforum.co/threads/installing-adguard-home-on-pfsense.205884/page-2

[gogolathome]

When rebooting opnsense, adguard does not start automatically and I have to start it manually.

is this, see picture I found in a pfsense guide, something I/we should ad? or can this be added to the plugin?
And if added manually, how to do this in opnsense:

Step 6: Making AdGuard Home start on boot:​

Go to Services>shellcmd and click Add

Command: /usr/local/bin/screen -S AdGuardHome_screen -d -m /opt/AdGuardHome/AdGuardHome
Shellcmd Type: shellcmd
Description: AdGuard

as found here: https://broadbandforum.co/threads/installing-adguard-home-on-pfsense.205884/page-2

That is not how it should be done! Adguardhome should be installed as a plugin.
Look at this: https://www.routerperformance.net/opnsense-repo/

[RamSense]

sorry, forgot to mention that I'm running the plugin of adguard home.

N.B. With opnsense 22.1 it is fixed. after the installation the system came up automatically

[bamboozilla]

Hi, I followed this tutorial but having a empty System:Settings:General DNS servers results in this error on the host:

dig google.com

Code Select Expand

Error: error sending query: No (valid) nameservers defined in the resolver
I have also a time out error on OPNsense update check.

Could anyone with a working adguard + unbound configuration share their `/etc/resolv.conf`?

The only way to make it work for me is to set a fallback DNS servers in System:Settings:General DNS servers.

Here is my whole configuration DNS wise if it can help troubleshooting my issue:

System:Settings:General:

Code Select Expand


DNS Server: empty
Do not use the local DNS service as a nameserver for this system: CHECKED


Services:DHCPv4:[LAN]:

Code Select Expand


DNS servers: empty


Unbound DNS:General:

Code Select Expand


Listen Port: 53530
Enable: CHECKED
Enable DNSSEC Support: CHECKED
Register DHCP leases: CHECKED
Register DHCP static mappings: CHECKED
Local Zone Type: transparent


Adguard Home interfaces when initialling config were set to LAN only

Adguard:DNS settings:

Code Select Expand


Upstream DNS servers: 127.0.0.1:53530
Bootstrap DNS servers: 127.0.0.1:53530


[cookiemonster]

I'm not sure you followed this tutorial. The original post, page 1 shows it using an ip in System:Settings:General DNS servers field. Looks like you are trying to do it differently.
I use Unbound and Adguard home. I also have that field setting and my /etc/resolv.conf only has "domain mydomain" in it. As expected.
Where are you issuing your dig command, a client or the firewall device?
Where is adguard running, another machine?
How are your clients being pointed to that_machine:53530 , dhcp?

[yeraycito]

After doing a clean install of Opnsense 22.1 I tried to install Adguard. It installs version 0.107.3 stable. I have encountered several difficulties that have prevented me from getting it up and running. When starting the Adguard configuration it indicates that port 53 is in use (Undbound) and forces you to change it if you want to continue configuring Adguard. I changed the Undbound port to 5353 and continued configuring Adguard normally. The problem is that it does not work and there is no internet connection. I have tried setting other ports in Unbound and the same thing happens, there is no internet connection. I have uninstalled Adguard and tried in Unbound to change the port and try to see if there is connection without Adguard. The result is that if Unbound is not set to port 53 by default there is no internet connection. If you set Unbound to any port other than 53 there is no internet connection even if you have configured the corresponding dns. I have done a second test, I have deactivated Unbound and installed Adguard on port 53. At the beginning and after configuring the dns in Adguard everything worked perfectly, but inexplicably after a short time the lan devices were without internet connection, they were no longer displayed in the Adguard logs. However, 127.0.0.1 continued to display and have a connection in Adguard. In the end I had to uninstall Adguard as I couldn't get it to work.

[bamboozilla]

I'm not sure you followed this tutorial. The original post, page 1 shows it using an ip in System:Settings:General DNS servers field. Looks like you are trying to do it differently.
I use Unbound and Adguard home. I also have that field setting and my /etc/resolv.conf only has "domain mydomain" in it. As expected.
Where are you issuing your dig command, a client or the firewall device?
Where is adguard running, another machine?
How are your clients being pointed to that_machine:53530 , dhcp?

Thanks for your answer.

I did follow the tutorial as it says the following:
On OPNsense:
System -> General Setup
Set '8.8.8.8' as DNS server (Or whatever DNS you would like as a backup, if you only want AdGuard you can remove all DNS servers from this list and leave it blank)
Untick: Do not use the local DNS service as a nameserver for this system
This way by default OPNsense will use itself (127.0.0.1) as the resolver which we want.

For me these instructions result in a nonfonctionning changelog access.

I am doing the drill commands directly from the shell of the OPNsense box
Adguard is running as a plugin of OPNsense
The clients have no issues regarding the local DNS, they are getting their IPSs and DNS through OPNsense DHCP server yes.

In the end of the day, my issue isn't really that bad as it only means that OPNsense itself will use a different DNS.

@yeraycito: I suggest you try to reproduce my config as apart for my small issue everything is working flawlessly (it's a clean install)

[yeraycito]

Thank you very much, I have tried it and it works.

Opnsense 22.1 Clean Install - Installation:

It is very important to follow the order explained

1 - Activate mimugmail's community repository

2 - Install AdGuardHome from System --> Firmware --> Plugins

3 - Activate and start AdGuardHome from Services --> AdGuardHome

4 - Opnsense - System - Settings -General

      Untick: Do not use the local DNS service as a nameserver for this system
      Untick: Allow DNS server list to be overridden by DHCP/PPP on WAN

5 - Opnsense - Services - Unbound - Dns Over Tls

      Set the desired dns servers, ej, Cloudflare:
      Server IP: 1.1.1.1
      Server Port: 853
      Verify CN: cloudflare-dns.com

6 - Opnsense - Services - Unbound - General
 
     Listen Port: 5353

7 - Navigate to http://your.opnsense:3000/ ( 192.168.1.1:3000 ) to complete the setup Adguard

8 - Adguard Home - DNS Configuration - Upstream Servers: Add router_ip:5353  ( 192.168.1.1:5353 ) Delete those that exist

Security Extra: https://www.sunnyvalley.io/docs/network-security-tutorials/how-to-configure-opnsense-firewall-rules#1-allowing-only-specific-dns-servers

[hushcoden]

Decided to try AdGuardHome with Unbound, and are you guys also using the blocklist from Unbound or it's simply redundant ?

Tia.

[yeraycito]

It depends on the lists you put up. In Unbound they are already preconfigured and you can activate the ones you want. Adguard has two basic lists and you can add as many as you want. If you put good lists in Adguard you don't need to activate the ones in Unbound. Some of the lists I have in this post are a set of other lists.

[ChrisChros]

I am running OPNsense 22.1 and installed AdGuard from the mimugmail repo. Unbound is listening on port 5335 on all my Lan's and VLan's. In AdGuard the upstream and bootstrap DNS-Server is set to 192.168.1.1:5335.
Furthermore under Settings - General there is no DNS-Server set (empty). Also in the DHCP settings is no DNS-Server set.

From my LAN Network I am able to resolve addresses but not from my VLan's. Any suggestions how to solve this problem?

As an example I have also added a screenshot from my IoT rules.

Regards Chris

[yeraycito]

Hi, try creating a dns rule and put it at the top. You can see how to do it here:

https://www.sunnyvalley.io/docs/network-security-tutorials/how-to-configure-opnsense-firewall-rules#1-allowing-only-specific-dns-servers