[SOLVED] Adguard Home broken in 24.7

[abulafia]

Updated to 24.7 r.2 yesterday morning. All went well and working from home was fine.

This morning, DNS resolution was broken - Adguard Home was not resolving (I think - might have also been Unbound as I am running Adguard Home -> Unbound as resolver).

A reboot did NOT help. (Re-)Starting Adguard Home manually from the CLI errores out due to a service "yy" blocking the port (?).

Rolling back (via bectl) to 24.1.10_3 helped instantly - II am up an running without problems.

Apologies for lack of detail - cant dig deeper / replay the erroneous config right now, so just a word of caution and not a full bug report.

Doesn't seem to be the kernel issue, as I am running virtualized in ESXi.

(Edit: fixed title)

[wbennett]

Not an answer but just wondering how you updated to RC2? Thanks!

[abulafia]

It is not RC2. 

It was 24.7-something-something-2.  I remembered it as "r2" but may be wrong. It was the most recent update following the instructions on https://forum.opnsense.org/index.php?topic=41580.0 (upgrade from beta to RC1).

[julsssark]

I installed the AdGuard plugin on RC2 running in a Proxmox VM for testing. The AdGuard service appears to be running but I cannot login to the AdGuard console. I tried restarting the service but I still can't connect to port 3000.

[l0g1ks]

Thanks for the reports. Save me from updating quite yet. I'm assuming mimugmail needs to do some updates first.

[Patrick M. Hausen]

AGH from mimugmail repo is running perfectly fine in 24.7.

[newsense]

I had to recover two FWs so far where AGH would simply not run anymore post upgrade. Was always pressed for time and since I didn't find anything in the logs the fastest way out was to copy the yaml config file and to remove/reinstall.

So yes, AGH runs fine on 24.7 just as it did on 24.1, but there can be some weird issues post upgrade that I don't have a good explanation for without seeing why it doesn't start. There weren't any errors during the upgrade to look at either.

[UberPlex]

I believe I am having the same issues.  AdGuard is running, but I am getting random DNS that cannot resolve errors.  I thought maybe it was issues with sending to upstream external DNS so I did the same thing as the OP with the Adguard --> Unbound --> Internet ( wanted to do it anyway for another reason) but I am still having the random DNS dropouts.

Nothing in the logs show details that could cause it, no services restarting etc..

[xPliZit_xs]

Hi,

Just a head's up, i am seeing the same issue.
After the update completed the symptom is no DNS resolution.

I had not have time to investigate more deeply yet... and rolled back to 24.1.10_8
My DNS settings that i am running on my system (pretty sure this has something to do with the issue, below works with 24.1.10)

1. No DNS entries under System/Settings/General
2. Unbound disabled
3. Adguard Home set as Primary DNS and is enabled, yaml set to listen on port: 53

I am assuming that after the upgrade the system is missing the DNS entries due to above setup maybe...

Regards

[julsssark]

I am running 24.7_9 with AdGuard Home and DNS is resolving fine. I am using Unbound (client->AdGuard->Unbound).

[abulafia]

OP here.

No problems since updating to the release version of 24.7 (currently on 24.7_9).

Note that as part of the upgrade process, mimugmail's Adguard Home plugin was updated as well.

[abulafia]

OP here.

Here we go again: One reboot later, Adguard fails to start (and thus does CrowdSec). 

I can't seem to find proper logs, but trying to start Adguard manually (via sudo) throws the following "fatal" error:

Code: [Select]

% sudo ./AdGuardHome
2024/08/01 23:44:03.973473 [info] AdGuard Home, version v0.107.45
2024/08/01 23:44:03.977454 [info] tls: using default ciphers
2024/08/01 23:44:03.978383 [info] safesearch default: disabled
2024/08/01 23:44:03.981912 [info] Initializing auth module: /usr/local/AdGuardHome/data/sessions.db
2024/08/01 23:44:03.981975 [info] auth: initialized.  users:1  sessions:0
2024/08/01 23:44:03.982085 [info] tls: number of certs: 2
2024/08/01 23:44:03.982098 [info] tls: got an intermediate cert
2024/08/01 23:44:04.004956 [info] web: initializing
2024/08/01 23:44:04.005215 [fatal] filtering: filtering: unknown blocked-service "yy"
Also, the "opnsense-revert" patch to bring back the telemetry widget did not survice the reboot. (!)

Looks very much like a repeat of this 2023 problem: https://forum.opnsense.org/index.php?topic=35251.0

Yep.

SOLUTION: edit your AdGuardHome.yaml and remove the offensive service - in my case "yy", see above.

Location: /usr/local/AdGuardHome/AdGuardHome.yaml

Code: [Select]

% sudo nano /usr/local/AdGuardHome/AdGuardHome.yaml


[OzziGoblin]

Thanks, I had the same issue this morning after a subsequent reboot and the solution below worked for me

OP here.

Here we go again: One reboot later, Adguard fails to start (and thus does CrowdSec). 

I can't seem to find proper logs, but trying to start Adguard manually (via sudo) throws the following "fatal" error:

Code: [Select]

% sudo ./AdGuardHome
2024/08/01 23:44:03.973473 [info] AdGuard Home, version v0.107.45
2024/08/01 23:44:03.977454 [info] tls: using default ciphers
2024/08/01 23:44:03.978383 [info] safesearch default: disabled
2024/08/01 23:44:03.981912 [info] Initializing auth module: /usr/local/AdGuardHome/data/sessions.db
2024/08/01 23:44:03.981975 [info] auth: initialized.  users:1  sessions:0
2024/08/01 23:44:03.982085 [info] tls: number of certs: 2
2024/08/01 23:44:03.982098 [info] tls: got an intermediate cert
2024/08/01 23:44:04.004956 [info] web: initializing
2024/08/01 23:44:04.005215 [fatal] filtering: filtering: unknown blocked-service "yy"
Also, the "opnsense-revert" patch to bring back the telemetry widget did not survice the reboot. (!)

Looks very much like a repeat of this 2023 problem: https://forum.opnsense.org/index.php?topic=35251.0

Yep.

SOLUTION: edit your AdGuardHome.yaml and remove the offensive service - in my case "yy", see above.

Location: /usr/local/AdGuardHome/AdGuardHome.yaml

Code: [Select]

% sudo nano /usr/local/AdGuardHome/AdGuardHome.yaml


[jarodmerle]

I had a similar, but slightly different issue with my update to 24.7.2, so i thought I'd add my experience for anyone else who might run into this or similar issues. 

AdGuardHome was not starting for me just like the others.  Unfortunately though, I could not get any output executing ./AdGuardHome as shown above to identify a specific blocked service that was problematic.  So, I decided to try just removing yy as was the OP's problem, but that didn't work either.  I then decided to remove all blocked services, and after doing so it started right up.  Afterwards, I see none of the services I had blocked actually unavailable, and I've re-enabled everything I had blocked previously without issue.

[max-e-moose]

Just experienced this issue after an upgrade from 24.1.10 to 24.7.6. Was using AdGuardHome (53) -> Unbound(53530) before the upgrade.

The upgrade seemed to go well but AdGuard silently failed to start. No errors in any logs to point the way. This thread helped a lot. Thanks all.

Solution was similar to what others have noted: Fix errors in

Code: [Select]

/usr/local/AdGuardHome/AdGuardHome.yaml
That YAML had been really messed up during the upgrade. There were duplicate/triplicates of some values spread around the file.

To regain DNS I disabled AdGuard then moved Unbound back to port 53.
 
I copied the YAML from the router to my PC, then deleted AdGuard from the router. Then re-installed a fresh instance of AdGuard and placed the original values back into the YAML file. There was still an issue with one of the DNS blocklist values so I excluded them from the YAML then AdGuard started up without issue. Manually re-added them via the AdGuard GUI.

Then changed the ports back so that AdGuard was the primary DNS server and Unbound was secondary. Crisis averted.