SSH and adguard not reachable

Started by guliver235, May 21, 2025, 07:58:24 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 21, 2025, 07:58:24 PM
SSH and adguard are not reachable, but they are running I am sure I used SSH long time ago, as for aguard I installed the plugin some time ago but never tried to set it up in OPSense IP:3000, but today I decided to use both services but no joy?
May 21, 2025, 11:10:06 PM #1
To "reach" ssh: $ssh {ip address}
which ip address? The one where it has been told to listen. Normally that would be the LAN ip i.e. the same one you reach the UI from.
It is in System > Settings > Administration. "Secure Shell" section. Listen interfaces should be "all". Default firewall rules will ensure traffic reaches it.
As for AdGuardHome, what happens when you attempt to connect (presumably you mean its UI) on OPN lan ip:3000 ?
May 22, 2025, 06:17:48 AM #2
Answer to your question is in the first pic.SSH is not working, not even a prompt, just wondering if the fire wall rules is preventing to use it and dnsmaq on or off make no difference?
May 22, 2025, 11:19:01 AM #3
but your UI is 192.168.50.1 whereas your ssh connection seems directed to 192.168.50.51 , is that correct?
May 22, 2025, 04:49:15 PM #4
Oh my god!! How stupid I am SSH is resolved TKS, but not Adguard 192.168.1:3000 or 192.168.51:3000, no connection!
May 22, 2025, 11:19:20 PM #5
Both are missing a digit... http://192.168.50.1:3000
May 22, 2025, 11:32:28 PM #6
OP one of your screenshots showed that the connection via browser to 192.168.50.1:3000 timed out. If not a typo:
Now with ssh solved you can more easily diagnose. You could through a console (via ssh) see if AdGH is listening and where:
Code Select
$ sudo sockstat -4lIt might not be listening on 3000 and you forgot what you set it to :)
May 22, 2025, 11:39:29 PM #7
Isn't 3000 the default for the initial setup, then configuration is done via yet another port?
May 22, 2025, 11:41:23 PM #8
I believe it is. The idea is to cover that before moving to the rules that might be in play. Is better to cover the basics first, no?
Today at 01:00:16 AM #9
Sure, I was merely saying that if AGH had not been setup at all (just enabled), it was very likely at 3000.
I don't remember if the port I'm using for day-to-day operation is default or not. IIRC 3000 is used by some other plug-in.
Code Select
sockstat -4l | grep AdGuardshould only produce a few lines. Beyond the DNS ports (53 by default), the remaining line will indicate the GUI port.
Today at 01:24:52 AM #10 Last Edit: Today at 02:08:25 AM by guliver235
Thank you guys I think it solved at least this part I feel like a little child whos grownup took my hand and helmed me for my first steps.

I am ashamed to confess the AdGuard icon with address http://192.168.50.1:81/ was in front of my eyes all along in "Heimdall" in my bookmarks I probably tried to configure it long time ago, forgot about it since then!

I used to have pihole for years but since the last update it has been a major headache and decided to go with AdGuard this is why I finally decided to use it

Now Just to have to figure why query stays at 0 since in sevices-dhcp-dns I put 192.168.50.1 I know it make no sense since is the same IP as opnsense but when I was using pihole it was easy since it was coming from a raspberry so a different IP address?
Today at 01:41:56 AM #11
DNS is using port 53...
53530 is sometimes used for a secondary DNS.

You have 2 choices:
1. update the service currently listening at 53 (likely Unbound) and set AGH as upstream server (in query forwarding).
2. make AGH the primary DNS (at 53), switch your private DNS (unbound or dnsmasq) to 53530 and configure AGH to use that private server for your private domain (in AGH DNS settings).
Today at 06:30:04 AM #12
I understand the principle, but I am not able to apply it, this why I tried to configure it years ago, and then I gave up, but this time I want to make it work, but I need a little bit more detailed explanation in regard to my micro-brain!
 I just tried to implement this tutorial https://windgate.net/setup-adguard-home-opnsense-adblocker/, but I was just able to get my home without internet!
Today at 02:06:05 PM #13
I even try to follow this post https://forum.opnsense.org/index.php?topic=22162.msg146626#msg146626 very similar to the other one, same no internet, so I am pretty sure at this point the problem come from the firewall rules.
Today at 02:36:15 PM #14
The setup is looking a bit messy. And please unless is UIs, put commands and command results in code brackets here instead of screenshots.
First note: if your clients are being given port 53 for DNS, then in AdGuard UI you need to tick "Primary DNS", the only other option below "Enable". But you can only have one service running on the same port, so if you have this ticked, you must have any other DNS service like Unbound on a different port.
What DNS services do you have enabled? Post the results in code brackets of sockcat I gave you.
Second: firewall rules. One of your screenshots has one labelled "redirect DNS to local". If you have a DNS rule, you must make sure is right for what you want.

Quick glance at that windgate looks right although for what is doing but there are subtleties. Are you using IPv6 ? If not, don't enable it.

You seem to have multiple networks. If you want them to also have AdG, that is something to look into if needed after doing the LAN first.
Print
Go Up Pages1
User actions