AdGuardHome [RELEASE] Asuswrt-Merlin-AdGuardHome-Installer (AMAGHI)

[gspannu]

open up that port over tcp on the firewall.

iptables -t nat -I PREROUTING -d $(nvram get wan_ipaddr)/32 -p tcp -m tcp --dport 14711 -j DNAT --to-destination $(nvram get lan_ipaddr):14711
iptables -I INPUT -d $(nvram get lan_ipaddr)/32 -p tcp -m conntrack --ctstate DNAT -m tcp --dport 14711 -j ACCEPT

while simple

iptables -I INPUT -p tcp -m tcp --dport 14711 -j ACCEPT

would open the whole 14711 port.

If you prefer HTTPS, the turn on HTTPS option on adguardhome, but first make sure you have nothing using port 443 (or port 8443 if you want 8443). And point adguardhome to the location of your letsencrypt certificates in /jffs/.le

adjust the firewall rules to the https port chosen.

The better option would be to remotely access your router from its built in VPN site tunnel.

With all this being said, I would encourage anyone to use the Openvpn server provided by the asusrouter, before attempting to set up remote access like this. Also, I would encourage using the openvpn server over setting up a remotely accessible DNS server. OpenVPN is far more safer and more encrypted.

Thanks for the quick response... and the multiple methods.

I will set this up by enabling encryption, using lets Encrypt certificates and accessing it via https (443). My router DDNS access was already on a different custom port.

 

[gspannu]

@SomeWhereOverTheRainBow

Another quick query:

Is there any way/ option to make all the queries from the router itself (127.0.0.1) to not go through AGH but through the normal WAN DNS?

- I only realised this as my router firmware update check (through Router GUI) was being blocked.
- Looking at the query log; found out that fwupdate.asuswrt-merlin.net was being blocked by a faulty regex rule that I had in my DNS block lists.
- I have removed the erroneous rule and now all is working....

... but this got me thinking if there is any way to have queries from 127.0.0.1 just bypass the AGH totally?
- This ensures that all router operations will work; regardless of AGH settings.
- This will also resolve the issue of dns.msftncsi.com clogging up the query logs and statistics.

 

[SomeWhereOverTheRainBow]

@SomeWhereOverTheRainBow

Another quick query:

Is there any way/ option to make all the queries from the router itself (127.0.0.1) to not go through AGH but through the normal WAN DNS?

- I only realised this as my router firmware update check (through Router GUI) was being blocked.
- Looking at the query log; found out that fwupdate.asuswrt-merlin.net was being blocked by a faulty regex rule that I had in my DNS block lists.
- I have removed the erroneous rule and now all is working....

... but this got me thinking if there is any way to have queries from 127.0.0.1 just bypass the AGH totally?
- This ensures that all router operations will work; regardless of AGH settings.
- This will also resolve the issue of dns.msftncsi.com clogging up the query logs and statistics.

As users pointed out above, you can filter the log by domain or client which makes the dns.msftncsi.com negligible and the answer to your question is no, if you did your router would be leaking traffic.

I suggest for users wanting to eliminate the calls to dns.msftncsi.com need to use one of the methods devised by other users on the forum. I have no intentions of changing or manipulating the default router behaviors. The best solution would be asking AdGuardHome Devs to incorporate a log exlcusion policy for specific clients or domains.

It couldn't be that hard for them to do since there already is a way to control policies for individual clients in regards to what DNS servers and blocklist they use.

 

[SomeWhereOverTheRainBow]

@gspannu

I opened a feature request. if you want to chime in with any more details you think would be relevant to this feature you are welcome to.

Log ignore policy for Chatty Clients and/or domains · Issue #4299 · AdguardTeam/AdGuardHome

Okay, So I know on the Query page we can filter by both Domain and Client. What I am proposing is to add a policy for ignoring clients in the log and statistics. I came about this suggestion becaus...

github.com

 

[gspannu]

@gspannu

I opened a feature request. if you want to chime in with any more details you think would be relevant to this feature you are welcome to.

Log ignore policy for Chatty Clients and/or domains · Issue #4299 · AdguardTeam/AdGuardHome

Okay, So I know on the Query page we can filter by both Domain and Client. What I am proposing is to add a policy for ignoring clients in the log and statistics. I came about this suggestion becaus...

github.com

Thanks, I am adding comments to the Github issue.

 

[keef]

If I mis-posted this my apologies. I have AdGuardian Home installed on an Asus 68U. The only other thing on it is Skynet. If I go to an ad blocking test site (canyoublockit.com) the stats always show 7 blocked items however every test ad is not blocked. Right out of the box should it be able to block these ads?

thanks

 

[unknownz]

The flood of calls to dns.msftncsi.com doubles for each AiMesh node you have

 

[rlw6534]

Issues updating to 1.3.3 relative to Time Zone. The installer asks for time zone again and does not have choices for America, etc.. Maybe something to do with /opt/share/zoneinfo/zone.tab not found error that pops up? AX86U.

 

[technofox01]

uninstall and reinstall should allow you to reset it up. or simply delete your .yaml with

rm -rf /opt/etc/AdGuardHome/AdGuardHome.yaml

and run the installer option 1 which will make you a new file.

Awesome and will do. Thank you for your advice.

 

[SomeWhereOverTheRainBow]

If I mis-posted this my apologies. I have AdGuardian Home installed on an Asus 68U. The only other thing on it is Skynet. If I go to an ad blocking test site (canyoublockit.com) the stats always show 7 blocked items however every test ad is not blocked. Right out of the box should it be able to block these ads?

thanks

It would if you were using a list or filter that does not block them, The default list used by AGH is actually pretty light compared to other list out there. Is intended to only block a select amount of ads. Also make sure you not using your browsers DNS over the routers.

 

[SomeWhereOverTheRainBow]

Issues updating to 1.3.3 relative to Time Zone. The installer asks for time zone again and does not have choices for America, etc.. Maybe something to do with /opt/share/zoneinfo/zone.tab not found? AX86U.

Yea i am not experiencing this issue. I will take a look later, but I think maybe you need to reinstall the zonefiles. Sounds like you are missing a file that is installed by them.

 

[keef]

It would if you were using a list or filter that does, The default list used by AGH is actually pretty light compared to other list out there. Is intended to only block a select amount of ads.

Thanks for the reply. I have a few ad blocking lists, TGC, Easy List, and a couple more. I figured this should block it. I am not there just yet.

thanks

 

[rlw6534]

Yea i am not experiencing this issue. I will take a look later, but I think maybe you need to reinstall the zonefiles. Sounds like you are missing a file that is installed by them.

Is that part of Entware? My installation is plain vanilla, no advanced settings or scripts.

 

[keef]

Yea i am not experiencing this issue. I will take a look later, but I think maybe you need to reinstall the zonefiles. Sounds like you are missing a file that is installed by them.

Same thing here. I had many options for Asia and Europe only, I am -5 GMT.

 

[SomeWhereOverTheRainBow]

Is that part of Entware? My installation is plain vanilla, no advanced settings or scripts.

Yes entware.

 

[SomeWhereOverTheRainBow]

Same thing here. I had many options for Asia and Europe only, I am -5 GMT.

Yea I see over 600 options when I choose mine.

 

[rlw6534]

Yes entware.

Entware is installed and fully updated according to AMTM. In fact, all I have installed is Entware and AG, other than swap file.

 

[SomeWhereOverTheRainBow]

Is that part of Entware? My installation is plain vanilla, no advanced settings or scripts.

Yes entware. Adguardhome installer requires entware.

 

[rlw6534]

Same thing here. I had many options for Asia and Europe only, I am -5 GMT.

Well, I'm not the only one... Uninstall and reinstall AG doesn't fix it.

 

[SomeWhereOverTheRainBow]

Well, I'm not the only one...

Run this command in terminal

opkg reinstall "$(opkg list zoneinfo* | printf "%s\n" "$(awk '{printf $1" "}')")" && opkg install "$(opkg list zoneinfo* | printf "%s\n" "$(awk '{printf $1" "}')")"

Tell me what the output of running


ls /opt/share/zoneinfo/zone.tab