AdGuardHome [RELEASE] Asuswrt-Merlin-AdGuardHome-Installer (AMAGHI)

[unknownz]

Here is how you tell if your traffic is going by way of encrytion, Hover your mose over the ? mark next to the processed query. (not the question mark by the IP address).

View attachment 39105

Thumbs up for this great tip!

 

[SomeWhereOverTheRainBow]

Thumbs up for this great tip!

Release v1.1.3

Changes:

• fixed a lot annoying quirks in regards to the installer stalling after updating adguardhome
• added support for detecting new versions of beta when on the beta branch

Changelog:

Comparing v1.1.2...v1.1.3 · jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer

The Official Installer of AdGuardHome for Asuswrt-Merlin - Comparing v1.1.2...v1.1.3 · jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer

github.com

 

[Guillermo Gomez]

I have a strange situation with AdGuard on my AX88U router.

I have my ISP router connected to my Ax88U router, my ISP router has WiFi disabled.

When I install AdGuard, using AMTM or the script in post 1, it start working, but in a couple of hours my Wifi gets "there's no Internet" error.

I have a Aimesh node with an AX56U. Both running 386.4 firmware.

I have performed factory reset on both routers and setting everything again, I have the same issue, after a couple of hours I got "Internet disconnected" error.

I have Skynet, YazFi installed. The weird thing is, if I restart my Asus routers problem persist. If I restart ISP router, problem is fixed for a couple of hours.

If I unistall AdGuard from my AX88U, I don't have any issues.

I have put NTP ip address on router instead of name, but problem persist.

Any advise on how to solve this or what is happening is welcome.

 

[SomeWhereOverTheRainBow]

I have a strange situation with AdGuard on my AX88U router.

I have my ISP router connected to my Ax88U router, my ISP router has WiFi disabled.

When I install AdGuard, using AMTM or the script in post 1, it start working, but in a couple of hours my Wifi gets "there's no Internet" error.

I have a Aimesh node with an AX56U. Both running 386.4 firmware.

I have performed factory reset on both routers and setting everything again, I have the same issue, after a couple of hours I got "Internet disconnected" error.

I have Skynet, YazFi installed. The weird thing is, if I restart my Asus routers problem persist. If I restart ISP router, problem is fixed for a couple of hours.

If I unistall AdGuard from my AX88U, I don't have any issues.

I have put NTP ip address on router instead of name, but problem persist.

Any advise on how to solve this or what is happening is welcome.

Put your ISP router in bridge mode.
Another option is DMZ, below is some specifics.
It appears alot of people are having issues behind double nat. Unfortunately, I don't use the same type of environment. So i have no real way to troubleshoot this issue for you. Not in away that would be effective as I don't have an ISP router. But I will tell you, It has nothing to do with how the installer sets things up, more so, your environment might not be stable trying to use such a sophisticated freeware such as adguardhome behind a double nat situation. It is hard to tell what kind of connection requirements it would require. If you are able to set your Asus router inside the DMZ of your ISP router, then it may solve some issues, but I am not sure. Welcome to the world of hypothetical, if you feel like trying different things then just report back what you find that works.

Some of the AX routers are still fairly new to RMerlin, and there is no telling if Asus has worked out abit of the bugs on some of them as well. If your RT-AX88U does the job, then I would recommend using it. I have only tested on the RT-AC5300, RTAC3100, RTAC68U, RTAX88U and GTAX11000. The two AX routers I tested with worked, so I figured no other Merlin supported AX models would have issues, but I cannot eliminate the new models from the possible culprits.

One of the recommended things to do when taking a new router from ASUS to Asus-Merlin is to perform a full factory reset and a manual reconfiguration of settings. This could eliminate a bad change over from being the culprit.

 

[Guillermo Gomez]

Unfortunately I can't put my ISP router on bridge mode, the don't allow it unless I pay for a fixed IP, which they don't have any available.

I willbhave to go back to Diversion. Thanks.

 

[SomeWhereOverTheRainBow]

Unfortunately I can't put my ISP router on bridge mode, the don't allow it unless I pay for a fixed IP, which they don't have any available.

I willbhave to go back to Diversion. Thanks.

Diversion is a great product. Best wishes.

 

[chongnt]

...snipped...
Just realized there are some logs seems regarding hosts file. Even before the update there are such logs.

Jan 25 10:10:39 RT-AC86U-DBA8 AdGuardHome[6318]: 2022/01/25 10:10:39.631037 [error] hosts container: host "My_Computer.lan" is invalid, ignoring
Jan 25 10:10:39 RT-AC86U-DBA8 AdGuardHome[6318]: 2022/01/25 10:10:39.631271 [error] hosts container: host "My_Computer" is invalid, ignoring

I am able to get rid of such error now. In Asus GUI, LAN -> DHCP Server -> Manually Assigned IP around the DHCP List, the Host Name (Optional) field can take alphanumeric, underscore and dash symbol. It seems AdGuard Home does not like underscore in hostname and say the host is invalid. After change the hostname to dash, there is no more error in AGH. With the hostname resolved, I have disable private reverse DNS servers option in AGH.

 

[SomeWhereOverTheRainBow]

I am able to get rid of such error now. In Asus GUI, LAN -> DHCP Server -> Manually Assigned IP around the DHCP List, the Host Name (Optional) field can take alphanumeric, underscore and dash symbol. It seems AdGuard Home does not like underscore in hostname and say the host is invalid. After change the hostname to dash, there is no more error in AGH. With the hostname resolved, I have disable private reverse DNS servers option in AGH.

Yea you can always use /etc/h o s ts to setup identification of clients. While this method would generally work for some, others may have hundreds of clients making disabling reverse private dns not feasible.

 

[GShlomi]

Hi.
Any chance of making use of AdGuard on guest networks without YazFi?
After factory-resetting my AX88u (with the whole aimesh network), guest network (with intranet access disabled) work great (DNS received from DHCP is 192.168.101.1).
Installing AdGuard (using amtm) - guests no longer able to access the internet, no DNS server available at same IP as above.

Thanks

 

[SomeWhereOverTheRainBow]

Hi.
Any chance of making use of AdGuard on guest networks without YazFi?
After factory-resetting my AX88u (with the whole aimesh network), guest network (with intranet access disabled) work great (DNS received from DHCP is 192.168.101.1).
Installing AdGuard (using amtm) - guests no longer able to access the internet, no DNS server available at same IP as above.

Thanks

The only way to do it is if you force dns of guest networks using iptables. It isn't the direction of this installer to configure or control users special cases. Without yazfi, you are left footing all the extra requirements on your own. You can do such using dnsmasq.postconf or dnsmasq.conf.add, it would require you to modify the advertised dns address of each guest network. You would specify that dnsmasq advertise the first address associated with that guest network as the one providing dns on that guest network interface. You may then have to add a firewall rule that punches that dns connection out to the internet, also a rule to enforce it. iptable rules would be added with firewall-start

Here is an example of what Yazfi does inside DNSMASQ for guest networks.

### Start of script-generated configuration for interface wl0.1 ###
interface=wl0.1
dhcp-range=wl0.1,192.168.2.2,192.168.2.254,255.255.255.0,infinite
dhcp-option=wl0.1,3,192.168.2.1
dhcp-option=wl0.1,6,192.168.2.1,192.168.2.1
dhcp-option=wl0.1,44,192.168.1.1
dhcp-option=wl0.1,42,192.168.1.1
### End of script-generated configuration for interface wl0.1 ###

### Start of script-generated configuration for interface wl0.2 ###
interface=wl0.2
dhcp-range=wl0.2,192.168.3.2,192.168.3.254,255.255.255.0,infinite
dhcp-option=wl0.2,3,192.168.3.1
dhcp-option=wl0.2,6,192.168.3.1,192.168.3.1
dhcp-option=wl0.2,44,192.168.1.1
dhcp-option=wl0.2,42,192.168.1.1
### End of script-generated configuration for interface wl0.2 ###

the line

dhcp-option=wl0.1,6,192.168.2.1,192.168.2.1

controls what dns is advertised to the device connected to the guest network. Obviously you would adjust the address to the correct one the guest network range uses, and you would adjust the wl0.1 to reflect the correct interface the guest network is on.

The iptable rule would look something like this

iptables -t nat -A PREROUTING -p tcp -m tcp --dport 53 -i wl0.1 -j DNAT --to-destination 192.168.2.1
iptables -t nat -A PREROUTING -p udp -m udp --dport 53 -i wl0.1 -j DNAT --to-destination 192.168.2.1

Again you would change 192.168.2.1 and wl0.1 to reflect the correct address and interface associated with the network.

an example of some of the addresses for guestnetworks done by the router

dhcp-range=br1,192.168.101.2,192.168.101.254,255.255.255.0
dhcp-option=br1,3,192.168.101.1
interface=br2
dhcp-range=br2,192.168.102.2,192.168.102.254,255.255.255.0
dhcp-option=br2,3,192.168.102.1

What you need:

dhcp-option=br1,6,192.168.101.1,192.168.101.1

dhcp-option=br2,6,192.168.102.1,192.168.102.1

would be the lines you would need to add to dnsmasq.conf.add

DNS enforcement would look like this

iptables -t nat -A PREROUTING -p tcp -m tcp --dport 53 -i br1 -j DNAT --to-destination 192.168.101.1
iptables -t nat -A PREROUTING -p udp -m udp --dport 53 -i br1 -j DNAT --to-destination 192.168.101.1
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 53 -i br2 -j DNAT --to-destination 192.168.102.1
iptables -t nat -A PREROUTING -p udp -m udp --dport 53 -i br2 -j DNAT --to-destination 192.168.102.1

 

[SomeWhereOverTheRainBow]

@GShlomi

I have added the instructions for Guestnetwork setup to the third post of this thread:

AdGuardHome - [RELEASE] Asuswrt-Merlin-AdGuardHome-Installer (AMAGHI)

Asuswrt-Merlin-AdGuardHome-Installer The Official Installer of AdGuardHome for Asuswrt-Merlin Requirements: ARM based ASUS routers (not bridges or access points) that use Asuswrt-Merlin Firmware JFFS support and enabled REQUIRES ENTWARE(!) for package management, and a separate USB drive for...

www.snbforums.com

 

[SomeWhereOverTheRainBow]

For anyone else setting this up, this is the setting on the VPN Client page: "Accept DNS Configuration" needs to be Disabled
View attachment 39047

I also added this to post three along side the yazfi instructions for those using yazfi to traverse VPN server along side adguardhome.

AdGuardHome - [RELEASE] Asuswrt-Merlin-AdGuardHome-Installer (AMAGHI)

Asuswrt-Merlin-AdGuardHome-Installer The Official Installer of AdGuardHome for Asuswrt-Merlin Requirements: ARM based ASUS routers (not bridges or access points) that use Asuswrt-Merlin Firmware JFFS support and enabled REQUIRES ENTWARE(!) for package management, and a separate USB drive for...

www.snbforums.com

 

[GShlomi]

@SomeWhereOverTheRainBow Thanks a lot for your support & explainations.
May I ask what's the difference between YazFi & the default behavior regarding DNS rules?
By default, enabling Guest network advertises 192.168.101.1 as it's DNS (when using 192.168.101.0/24), it being the IP of the router/gateway for the guest network.
So by default, a rule does exist somewhere to enable DNS queries to the router even if Intranet access is disabled.
Also, installing AdGuard without first installing YazFi, I've noticed that 192.168.101.1 is one of the address to which AdGuard binds.
So why does using YazFi is required for using AdGuard on a guest network? what am I missing?

 

[SomeWhereOverTheRainBow]

@SomeWhereOverTheRainBow Thanks a lot for your support & explainations.
May I ask what's the difference between YazFi & the default behavior regarding DNS rules?
By default, enabling Guest network advertises 192.168.101.1 as it's DNS (when using 192.168.101.0/24), it being the IP of the router/gateway for the guest network.
So by default, a rule does exist somewhere to enable DNS queries to the router even if Intranet access is disabled.
Also, installing AdGuard without first installing YazFi, I've noticed that 192.168.101.1 is one of the address to which AdGuard binds.
So why does using YazFi is required for using AdGuard on a guest network? what am I missing?

Normal Behavior (default behavior):
The local routers guest network setup does not specify the dns options in dnsmasq.conf since dnsmasq on asuswrt is assumed to always run on port 53. When dnsmasq is not running on port 53 it no longer defaultly hands out itself on all addresses it listens on for dns, it must be told to do such by adding the lines to dnsmasq.

Big part you are missing:
By changing the port from 53 (dnsmasq default listening port), to port 553, dnsmasq no longer hands out its default dns addresses, for each interface, to the networks it listens on. Adguardhome is not acting as dhcp the way it is setup but is providing dns for all addresses it listens on. We create a conundrum without advertising the addresses inside dnsmasq. So the lines must be added to dnsmasq so it knows to serve the port 53 dns addresses it is no longer master of.

With yazfi you can specify the dns addresses from the gui. With asus-merlin default, you don't have the ability to do such. You have to use your knowledge of editing custom scripts; otherwise the router will fallback to using the "Normal behavior" where Dnsmasq tries to hand itself out for DNS to clients, but since it is not listening on port 53 for DNS it skips this process. Without adding the lines via dnsmasq.conf.add or dnsmasq.postconf your clients on each guestnetwork respond to null DNS since nothing is being advertised.

The other option is, well what if you decide to turn AdGuardHome DHCP for one of these networks.

To Be honest, I don't know what this might break plus it might be limited to just one network. And as mentioned by the AdGuardHome dev team, the DHCP of AdGuardHome has not quite matured to the point that it is ready to manage dhcp on router or vlan setup environments.

 

[SomeWhereOverTheRainBow]

@SomeWhereOverTheRainBow Thanks a lot for your support & explainations.
May I ask what's the difference between YazFi & the default behavior regarding DNS rules?
By default, enabling Guest network advertises 192.168.101.1 as it's DNS (when using 192.168.101.0/24), it being the IP of the router/gateway for the guest network.
So by default, a rule does exist somewhere to enable DNS queries to the router even if Intranet access is disabled.
Also, installing AdGuard without first installing YazFi, I've noticed that 192.168.101.1 is one of the address to which AdGuard binds.
So why does using YazFi is required for using AdGuard on a guest network? what am I missing?

Release v1.1.5

Whats changed:

• Added support for Asuswrt-Merlin Native Guest Network. (This will only support Native Guest networks that use 192.168.101.XYZ ranges; Methods for use with YazFi will remain the same.)
• Moved DNSMASQ configuration to one file in /jffs/addons.

Changelog:

Comparing v1.1.3...v1.1.5 · jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer

The Official Installer of AdGuardHome for Asuswrt-Merlin - Comparing v1.1.3...v1.1.5 · jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer

github.com

 

[SomeWhereOverTheRainBow]

I am not sure if it is just me, however, it seems that every 20-30 mins, Adguard crashes (gets unloaded) and I no longer have any Ads being bocked. I cannot even access the admin page. I need to ssh into my router, go into AMTM, and type "ag" which will do it's check and reload everything. I need to do this ever 30mins....

How big of a block list are you using?

 

[SomeWhereOverTheRainBow]

I have 4 block files.. I am not infront of my router right now, but 1 of them has over 1 million hosts.

I am using a swap file of 2gb as well and this is running on a AC5300 router.

Try consolidating your block list, see if behaviors change. It is hard to tell if it is the cause, but if the router is strained for reasources, then anything is possible.

 

[SomeWhereOverTheRainBow]

So, it is not the amount of block file I have. It seems that if I ssh in to the router, and go to the "ag" page in ATMT, everything works. However, if I quit this page, then it kills the adguard process right away and stops my dns.

This seems to happen almost 4 out 5 times.

There are times that after I quit the page, Adguard stays up for about 30 mins and then it dies again. However, it does seem that AG is taking up quite a bit of mem and CPU....

I guess there is no reliable way for me to run this on my current router :-(

I will have to do some testing, when you exit the installer menu are you just using q to quit? How are you Exiting? Also, there could be some indication that there may be flash memory corruption, but to find out it would require you to try another flash storage. It very well could be the size of your blocklist, you can disable sections of the blocklist and reboot adguardhome see if that helps.

 

[soerenderfor]

@TheMorpN - How many blocks do you have in all?

 

[soerenderfor]

I have for 4 blocks in total.

Yeah, but you reported that just 1 of your list has 1 millions hosts.. So maybe the 4 files in total is over 2 millions? Maybe try to disable the list with the 1 million hosts, and see what happens..