AdGuard Home setup guide

[emmitt]

Hej,
unfortunately, I only have an apu2 board in the OPNsense and I have the feeling that the OPNsense is somewhat overwhelmed with AdGuard and the following lists. The response time is getting worse and worse - especially at heise.de the page load feels slow.
I use: HaGeZi's Pro Blocklist, uBlock₀ filters – Badware risks and Perflyst and Dandelion Sprout's Smart TV Blocklist.

Would it make more sense to set up a Raspberry Pi with Adguard or could there be other reasons for the drop in performance?

[cbothma]

Hi,

I am running The Adguard Home Plugin, however i am running it on port 82.

Adguard Sync cannot connect to it neither can Homeassistant, does anyone know how to allow connection to it?

regards

[cheleby]

Hi all. I have a problem to Force redirect DNS to AdGuard. Clients take 10.0.0.1 (opnsense ip adress) with dhcp and use dns 10.0.0.1 to connect internet. But when I add manual 1.1.1.1 dns address to my client cannot use 10.0.0.1. I add firewall rules but not working. Can you help me ?

Code Select Expand

C:\Users\IT>nslookup google.com
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
Name:    google.com
Addresses:  2001:4860:4802:32::78
          216.239.38.120

[dmopn]

Opnsense 22.7.4 Install:

1 - Activate mimugmail's community repository

2 - Install AdGuardHome from System --> Firmware --> Plugins

3 - Opnsense - System - Settings -General

      DNS Servers: empty

      Untick: Do not use the local DNS service as a nameserver for this system

      Untick: Allow DNS server list to be overridden by DHCP/PPP on WAN

4 - Services – DHCPv4 – [LAN] : DNS Servers all empty

5 – Opnsense – Services - Unbound DNS – General

      Tick: Enable Unbound ( Listen Port: 5353 )

      Tick: Enable DNSSEC Support
     
      Network Interfaces: All

6 - Opnsense - Services - Unbound - Dns Over Tls

      Server IP: 1.1.1.1

      Server Port: 853

      Verify CN: cloudflare-dns.com

7 - Activate and start AdGuardHome from Services --> AdGuardHome

8 - Navigate to http://Opnsense ip:3000/ ( 192.168.1.1:3000 ) to complete the setup Adguard

9 - Adguard Home - DNS Configuration - Upstream Servers:

      Add Opnsense ip:5353  ( 192.168.1.1:5353 ) Delete those that exist

10 – Adguard Home – DNS Configuration – Bootstrap DNS servers

      Add Opnsense ip:5353  ( 192.168.1.1:5353 ) Delete those that exist
     
11 - Adguard Home - DNS Configuration - Private reverse DNS servers:

          192.168.1.1:5353

         
Extra Wireguard: If we have created a wireguard network in Opnsense, for example, 10.0.0.1/24 we have to set the dns 10.0.0.1 in the wireguard clients. In Wireguard Opnsense it is not necessary to configure anything.

This mostly worked for me for my main LAN (10.10.18.1), except under Services – DHCPv4 – [LAN1] I had to set the DNS server to 10.10.18.1 otherwise the clients don't get any DNS server address, but my clients on my secondary LAN (10.10.21.1) weren't working until I set the DNS server for LAN2 to 10.10.21.1 rather than 10.10.18.1. When I had Adguard running externally on 10.10.18.200 I was able to use that for both LANs but apparently OPNsense is a bit fussy about routing traffic across interfaces to itself.

This meant that I also had to create separate NAT-Port Forward "Force DNS traffic that is NOT addressed to my Adguard server" rules for LAN1 and LAN2, so I've got four rules in total, to cover port 53 and port 853 on both LANs.