What's new

AdGuardHome [RELEASE] Asuswrt-Merlin-AdGuardHome-Installer (AMAGHI)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

open up that port over tcp on the firewall.

Code:
iptables -t nat -I PREROUTING -d $(nvram get wan_ipaddr)/32 -p tcp -m tcp --dport 14711 -j DNAT --to-destination $(nvram get lan_ipaddr):14711
iptables -I INPUT -d $(nvram get lan_ipaddr)/32 -p tcp -m conntrack --ctstate DNAT -m tcp --dport 14711 -j ACCEPT

while simple

Code:
iptables -I INPUT -p tcp -m tcp --dport 14711 -j ACCEPT

would open the whole 14711 port.

If you prefer HTTPS, the turn on HTTPS option on adguardhome, but first make sure you have nothing using port 443 (or port 8443 if you want 8443). And point adguardhome to the location of your letsencrypt certificates in /jffs/.le

adjust the firewall rules to the https port chosen.

The better option would be to remotely access your router from its built in VPN site tunnel.

With all this being said, I would encourage anyone to use the Openvpn server provided by the asusrouter, before attempting to set up remote access like this. Also, I would encourage using the openvpn server over setting up a remotely accessible DNS server. OpenVPN is far more safer and more encrypted.

Thanks for the quick response... and the multiple methods.

I will set this up by enabling encryption, using lets Encrypt certificates and accessing it via https (443). My router DDNS access was already on a different custom port.
 
@SomeWhereOverTheRainBow

Another quick query:

Is there any way/ option to make all the queries from the router itself (127.0.0.1) to not go through AGH but through the normal WAN DNS?

- I only realised this as my router firmware update check (through Router GUI) was being blocked.
- Looking at the query log; found out that fwupdate.asuswrt-merlin.net was being blocked by a faulty regex rule that I had in my DNS block lists.
- I have removed the erroneous rule and now all is working....

... but this got me thinking if there is any way to have queries from 127.0.0.1 just bypass the AGH totally?
- This ensures that all router operations will work; regardless of AGH settings.

- This will also resolve the issue of dns.msftncsi.com clogging up the query logs and statistics.
 
@SomeWhereOverTheRainBow

Another quick query:

Is there any way/ option to make all the queries from the router itself (127.0.0.1) to not go through AGH but through the normal WAN DNS?

- I only realised this as my router firmware update check (through Router GUI) was being blocked.
- Looking at the query log; found out that fwupdate.asuswrt-merlin.net was being blocked by a faulty regex rule that I had in my DNS block lists.
- I have removed the erroneous rule and now all is working....

... but this got me thinking if there is any way to have queries from 127.0.0.1 just bypass the AGH totally?
- This ensures that all router operations will work; regardless of AGH settings.

- This will also resolve the issue of dns.msftncsi.com clogging up the query logs and statistics.
As users pointed out above, you can filter the log by domain or client which makes the dns.msftncsi.com negligible and the answer to your question is no, if you did your router would be leaking traffic.

I suggest for users wanting to eliminate the calls to dns.msftncsi.com need to use one of the methods devised by other users on the forum. I have no intentions of changing or manipulating the default router behaviors. The best solution would be asking AdGuardHome Devs to incorporate a log exlcusion policy for specific clients or domains.

It couldn't be that hard for them to do since there already is a way to control policies for individual clients in regards to what DNS servers and blocklist they use.
 
Last edited:
@gspannu

I opened a feature request. if you want to chime in with any more details you think would be relevant to this feature you are welcome to.

Thanks, I am adding comments to the Github issue.
 
If I mis-posted this my apologies. I have AdGuardian Home installed on an Asus 68U. The only other thing on it is Skynet. If I go to an ad blocking test site (canyoublockit.com) the stats always show 7 blocked items however every test ad is not blocked. Right out of the box should it be able to block these ads?

thanks
 
Issues updating to 1.3.3 relative to Time Zone. The installer asks for time zone again and does not have choices for America, etc.. Maybe something to do with /opt/share/zoneinfo/zone.tab not found error that pops up? AX86U.
 
Last edited:
If I mis-posted this my apologies. I have AdGuardian Home installed on an Asus 68U. The only other thing on it is Skynet. If I go to an ad blocking test site (canyoublockit.com) the stats always show 7 blocked items however every test ad is not blocked. Right out of the box should it be able to block these ads?

thanks
It would if you were using a list or filter that does not block them, The default list used by AGH is actually pretty light compared to other list out there. Is intended to only block a select amount of ads. Also make sure you not using your browsers DNS over the routers.
 
Issues updating to 1.3.3 relative to Time Zone. The installer asks for time zone again and does not have choices for America, etc.. Maybe something to do with /opt/share/zoneinfo/zone.tab not found? AX86U.
Yea i am not experiencing this issue. I will take a look later, but I think maybe you need to reinstall the zonefiles. Sounds like you are missing a file that is installed by them.
 
It would if you were using a list or filter that does, The default list used by AGH is actually pretty light compared to other list out there. Is intended to only block a select amount of ads.

Thanks for the reply. I have a few ad blocking lists, TGC, Easy List, and a couple more. I figured this should block it. I am not there just yet.

thanks
 
Well, I'm not the only one...
Run this command in terminal

opkg reinstall "$(opkg list zoneinfo* | printf "%s\n" "$(awk '{printf $1" "}')")" && opkg install "$(opkg list zoneinfo* | printf "%s\n" "$(awk '{printf $1" "}')")"

Tell me what the output of running


ls /opt/share/zoneinfo/zone.tab
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top