Here is how you tell if your traffic is going by way of encrytion, Hover your mose over the ? mark next to the processed query. (not the question mark by the IP address).
View attachment 39105
Thumbs up for this great tip!
Here is how you tell if your traffic is going by way of encrytion, Hover your mose over the ? mark next to the processed query. (not the question mark by the IP address).
View attachment 39105
Release v1.1.3Thumbs up for this great tip!
Put your ISP router in bridge mode.I have a strange situation with AdGuard on my AX88U router.
I have my ISP router connected to my Ax88U router, my ISP router has WiFi disabled.
When I install AdGuard, using AMTM or the script in post 1, it start working, but in a couple of hours my Wifi gets "there's no Internet" error.
I have a Aimesh node with an AX56U. Both running 386.4 firmware.
I have performed factory reset on both routers and setting everything again, I have the same issue, after a couple of hours I got "Internet disconnected" error.
I have Skynet, YazFi installed. The weird thing is, if I restart my Asus routers problem persist. If I restart ISP router, problem is fixed for a couple of hours.
If I unistall AdGuard from my AX88U, I don't have any issues.
I have put NTP ip address on router instead of name, but problem persist.
Any advise on how to solve this or what is happening is welcome.
Diversion is a great product. Best wishes.Unfortunately I can't put my ISP router on bridge mode, the don't allow it unless I pay for a fixed IP, which they don't have any available.
I willbhave to go back to Diversion. Thanks.
I am able to get rid of such error now. In Asus GUI, LAN -> DHCP Server -> Manually Assigned IP around the DHCP List, the Host Name (Optional) field can take alphanumeric, underscore and dash symbol. It seems AdGuard Home does not like underscore in hostname and say the host is invalid. After change the hostname to dash, there is no more error in AGH. With the hostname resolved, I have disable private reverse DNS servers option in AGH....snipped...
Just realized there are some logs seems regarding hosts file. Even before the update there are such logs.
Code:Jan 25 10:10:39 RT-AC86U-DBA8 AdGuardHome[6318]: 2022/01/25 10:10:39.631037 [error] hosts container: host "My_Computer.lan" is invalid, ignoring Jan 25 10:10:39 RT-AC86U-DBA8 AdGuardHome[6318]: 2022/01/25 10:10:39.631271 [error] hosts container: host "My_Computer" is invalid, ignoring
I am able to get rid of such error now. In Asus GUI, LAN -> DHCP Server -> Manually Assigned IP around the DHCP List, the Host Name (Optional) field can take alphanumeric, underscore and dash symbol. It seems AdGuard Home does not like underscore in hostname and say the host is invalid. After change the hostname to dash, there is no more error in AGH. With the hostname resolved, I have disable private reverse DNS servers option in AGH.
The only way to do it is if you force dns of guest networks using iptables. It isn't the direction of this installer to configure or control users special cases. Without yazfi, you are left footing all the extra requirements on your own. You can do such using dnsmasq.postconf or dnsmasq.conf.add, it would require you to modify the advertised dns address of each guest network. You would specify that dnsmasq advertise the first address associated with that guest network as the one providing dns on that guest network interface. You may then have to add a firewall rule that punches that dns connection out to the internet, also a rule to enforce it. iptable rules would be added with firewall-startHi.
Any chance of making use of AdGuard on guest networks without YazFi?
After factory-resetting my AX88u (with the whole aimesh network), guest network (with intranet access disabled) work great (DNS received from DHCP is 192.168.101.1).
Installing AdGuard (using amtm) - guests no longer able to access the internet, no DNS server available at same IP as above.
Thanks
### Start of script-generated configuration for interface wl0.1 ###
interface=wl0.1
dhcp-range=wl0.1,192.168.2.2,192.168.2.254,255.255.255.0,infinite
dhcp-option=wl0.1,3,192.168.2.1
dhcp-option=wl0.1,6,192.168.2.1,192.168.2.1
dhcp-option=wl0.1,44,192.168.1.1
dhcp-option=wl0.1,42,192.168.1.1
### End of script-generated configuration for interface wl0.1 ###
### Start of script-generated configuration for interface wl0.2 ###
interface=wl0.2
dhcp-range=wl0.2,192.168.3.2,192.168.3.254,255.255.255.0,infinite
dhcp-option=wl0.2,3,192.168.3.1
dhcp-option=wl0.2,6,192.168.3.1,192.168.3.1
dhcp-option=wl0.2,44,192.168.1.1
dhcp-option=wl0.2,42,192.168.1.1
### End of script-generated configuration for interface wl0.2 ###
dhcp-option=wl0.1,6,192.168.2.1,192.168.2.1
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 53 -i wl0.1 -j DNAT --to-destination 192.168.2.1
iptables -t nat -A PREROUTING -p udp -m udp --dport 53 -i wl0.1 -j DNAT --to-destination 192.168.2.1
dhcp-range=br1,192.168.101.2,192.168.101.254,255.255.255.0
dhcp-option=br1,3,192.168.101.1
interface=br2
dhcp-range=br2,192.168.102.2,192.168.102.254,255.255.255.0
dhcp-option=br2,3,192.168.102.1
dhcp-option=br1,6,192.168.101.1,192.168.101.1
dhcp-option=br2,6,192.168.102.1,192.168.102.1
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 53 -i br1 -j DNAT --to-destination 192.168.101.1
iptables -t nat -A PREROUTING -p udp -m udp --dport 53 -i br1 -j DNAT --to-destination 192.168.101.1
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 53 -i br2 -j DNAT --to-destination 192.168.102.1
iptables -t nat -A PREROUTING -p udp -m udp --dport 53 -i br2 -j DNAT --to-destination 192.168.102.1
I also added this to post three along side the yazfi instructions for those using yazfi to traverse VPN server along side adguardhome.For anyone else setting this up, this is the setting on the VPN Client page: "Accept DNS Configuration" needs to be Disabled
View attachment 39047
@SomeWhereOverTheRainBow Thanks a lot for your support & explainations.
May I ask what's the difference between YazFi & the default behavior regarding DNS rules?
By default, enabling Guest network advertises 192.168.101.1 as it's DNS (when using 192.168.101.0/24), it being the IP of the router/gateway for the guest network.
So by default, a rule does exist somewhere to enable DNS queries to the router even if Intranet access is disabled.
Also, installing AdGuard without first installing YazFi, I've noticed that 192.168.101.1 is one of the address to which AdGuard binds.
So why does using YazFi is required for using AdGuard on a guest network? what am I missing?
Release v1.1.5@SomeWhereOverTheRainBow Thanks a lot for your support & explainations.
May I ask what's the difference between YazFi & the default behavior regarding DNS rules?
By default, enabling Guest network advertises 192.168.101.1 as it's DNS (when using 192.168.101.0/24), it being the IP of the router/gateway for the guest network.
So by default, a rule does exist somewhere to enable DNS queries to the router even if Intranet access is disabled.
Also, installing AdGuard without first installing YazFi, I've noticed that 192.168.101.1 is one of the address to which AdGuard binds.
So why does using YazFi is required for using AdGuard on a guest network? what am I missing?
How big of a block list are you using?I am not sure if it is just me, however, it seems that every 20-30 mins, Adguard crashes (gets unloaded) and I no longer have any Ads being bocked. I cannot even access the admin page. I need to ssh into my router, go into AMTM, and type "ag" which will do it's check and reload everything. I need to do this ever 30mins....
Try consolidating your block list, see if behaviors change. It is hard to tell if it is the cause, but if the router is strained for reasources, then anything is possible.I have 4 block files.. I am not infront of my router right now, but 1 of them has over 1 million hosts.
I am using a swap file of 2gb as well and this is running on a AC5300 router.
I will have to do some testing, when you exit the installer menu are you just using q to quit? How are you Exiting? Also, there could be some indication that there may be flash memory corruption, but to find out it would require you to try another flash storage. It very well could be the size of your blocklist, you can disable sections of the blocklist and reboot adguardhome see if that helps.So, it is not the amount of block file I have. It seems that if I ssh in to the router, and go to the "ag" page in ATMT, everything works. However, if I quit this page, then it kills the adguard process right away and stops my dns.
This seems to happen almost 4 out 5 times.
There are times that after I quit the page, Adguard stays up for about 30 mins and then it dies again. However, it does seem that AG is taking up quite a bit of mem and CPU....
I guess there is no reliable way for me to run this on my current router :-(
Yeah, but you reported that just 1 of your list has 1 millions hosts.. So maybe the 4 files in total is over 2 millions? Maybe try to disable the list with the 1 million hosts, and see what happens..I have for 4 blocks in total.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!