AdGuardHome [RELEASE] Asuswrt-Merlin-AdGuardHome-Installer (AMAGHI)

[keef]

I just patched the installer, You are welcome to give it a go. TZdata should be up and going. Now we will control the TZdata. Relatively easy to compile.

great, As soon ad the family heads off to bed I can get the network to work with. I'll let you know.

thanks alot

 

[rlw6534]

I just patched the installer, You are welcome to give it a go. TZdata should be up and going. Now we will control the TZdata. Relatively easy to compile.

Fresh install here. Seems to be OK. TZ selection worked fine.

 

[SomeWhereOverTheRainBow]

great, As soon ad the family heads off to bed I can get the network to work with. I'll let you know.

thanks alot

To troubleshoot your adblock issue, There have been several instances where users reported not blocking.

Here are some of the reasons:

• Browser (-i.e. chrome, or firefox) is using its built in DNS functions to redirect DNS traffic to their own private servers. #This would cause the user to not be using AGH. ( use dnsleaktest.com to test).
• Blocklist is too weak
• Allowlist is too nice
• DNSFilter Global on the router is not pointed to "ROUTER" or client is being forced to a different server.

 

[keef]

I just patched the installer, You are welcome to give it a go. TZdata should be up and going. Now we will control the TZdata. Relatively easy to compile.

Perfect, the TZ selection during install works. I had hoped that would solve my ad blocking problem, no luck. I added EasyList ad blocking file with the same results, no ads are blocked.

 

[SomeWhereOverTheRainBow]

Perfect, the TZ selection during install works. I had hoped that would solve my ad blocking problem, no luck. I added EasyList ad blocking file with the same results, no ads are blocked.

Run
www.dnsleaktest.com

It sounds like your device isn't using adguardhome

 

[keef]

To troubleshoot your adblock issue, There have been several instances where users reported not blocking.

Here are some of the reasons:

• Browser (-i.e. chrome, or firefox) is using its built in DNS functions to redirect DNS traffic to their own private servers. #This would cause the user to not be using AGH. ( use dnsleaktest.com to test).
• Blocklist is too weak
• Allowlist is too nice
• DNSFilter Global on the router is not pointed to "ROUTER" or client is being forced to a different server.

Good call on the browser issue. DNSLeak reports my DNS server are all 74.125.xxx.xxx. Shouldn't the DNS servers be 192.168 something?

 

[SomeWhereOverTheRainBow]

Good call on the browser issue. DNSLeak reports my DNS server are all 74.125.xxx.xxx. Shouldn't the DNS servers be 192.168 something?

Does the dnsleaktest reveal a hostname for the dns provider?

 

[SomeWhereOverTheRainBow]

Perfect, the TZ selection during install works. I had hoped that would solve my ad blocking problem, no luck. I added EasyList ad blocking file with the same results, no ads are blocked.

Also, try this block list

https://abp.oisd.nl/

And this blocklist.

https://raw.githubusercontent.com/jumpsmm7/GeneratedAdblock/master/NoBypass.list

 

[keef]

Does the dnsleaktest reveal a hostname for the dns provider?

Yes, they are all Google, split between Canada and the US. DNS filter does go to router. There is no entry in my router for DNS server or gateway. I am so close now.

 

[keef]

Does the dnsleaktest reveal a hostname for the dns provider?

Too much in a hurray. All the hostnames 'none'.

 

[SomeWhereOverTheRainBow]

Too much in a hurray. All the hostnames 'none'.

Try the list mentioned in previous post

 

[keef]

Also, try this block list

https://abp.oisd.nl/

And this blocklist.

https://raw.githubusercontent.com/jumpsmm7/GeneratedAdblock/master/NoBypass.list

No luck. I tried the ad testing page in FireFox with the same results.

 

[gspannu]

open up that port over tcp on the firewall.

iptables -t nat -I PREROUTING -d $(nvram get wan_ipaddr)/32 -p tcp -m tcp --dport 14711 -j DNAT --to-destination $(nvram get lan_ipaddr):14711
iptables -I INPUT -d $(nvram get lan_ipaddr)/32 -p tcp -m conntrack --ctstate DNAT -m tcp --dport 14711 -j ACCEPT

@SomeWhereOverTheRainBow
Thanks for your suggestion.

I plan to use the https port 433 for this and have applied the (Lets Encrypt) encryption settings in AGH.

Q1: How do I make this persistent to survive after a reboot? Do I put these commands in firewall-start ?
Q2: Wouldn't the wan_ipaddr change (as my ISP provides me a dynamic assigned IP)? Would the access work after my WAN IP has changed?

iptables -t nat -I PREROUTING -d $(nvram get wan_ipaddr)/32 -p tcp -m tcp --dport 443 -j DNAT --to-destination $(nvram get lan_ipaddr):443
iptables -I INPUT -d $(nvram get lan_ipaddr)/32 -p tcp -m conntrack --ctstate DNAT -m tcp --dport 443 -j ACCEPT

 

[keef]

Does the dnsleaktest reveal a hostname for the dns provider?

Getting weirder. Now all the hostnames are 'res100.lga.rrdns.pch.net'

 

[majnu]

Edit /opt/etc/AdGuardHome/AdGuardHome.yaml change that number to the port you want.
Then run the command,
/opt/etc/init.d/61AdGuardHome restart

Hi
I can change the port to 53 and save but there is no restart file. My home page port defaults at 14711
Also is there a video guide I can follow to set this up as I cannot change the DNS servers in Adguard to use 1.1.1.1 and 1.0.0.1 that is in my AC87U routers WAN DNS server 1/2 fields.
Thank you

 

[keef]

Try the list mentioned in previous post

At the box for Prevent Client DOH I get this 'warning'
"Your router's DHCP server is configured to provide a DNS server that's different from your router's IP address. This will prevent clients from using the DNS Privacy servers.
DNSFilter is enabled - anything configured there to something other than No Filtering or Router will bypass DNS Privacy servers." I have the prevent DoH to Y.

In LAN the router IP is set to 192.168.1.1

 

[dave14305]

Getting weirder. Now all the hostnames are 'res100.lga.rrdns.pch.net'

That would suggest Quad9 is being used.

 

[SomeWhereOverTheRainBow]

Hi
I can change the port to 53 and save but there is no restart file. My home page port defaults at 14711
Also is there a video guide I can follow to set this up as I cannot change the DNS servers in Adguard to use 1.1.1.1 and 1.0.0.1 that is in my AC87U routers WAN DNS server 1/2 fields.
Thank you

You need to change the S61 to S99.

That post is old, the file is no longer S61, but S99. This is reflected in the first post.

 

[SomeWhereOverTheRainBow]

At the box for Prevent Client DOH I get this 'warning'
"Your router's DHCP server is configured to provide a DNS server that's different from your router's IP address. This will prevent clients from using the DNS Privacy servers.
DNSFilter is enabled - anything configured there to something other than No Filtering or Router will bypass DNS Privacy servers." I have the prevent DoH to Y.

In LAN the router IP is set to 192.168.1.1

Sounds like you have put a DNS inside your lan dhcp1. And possibly you are trying to use Stubby at the same time. Both of which will circumvent adguardhome. You need to clear your dhcp values and make sure you are not trying to use stubby( the routers DoT).

 

[keef]

That would suggest Quad9 is being used

In Edge and FireFox there is no secondary DNS being used. Digging into Windows Internet setup and utilities I may have d/led in the past Quad9 shows up nowhere. Any idea where I can find it?