Yeah, I do this as a hobby.
Just reduce the amount of blocklists and your AGH should run smoothly. Do an update as stated before as well - complaining will not fix your issues, but following the advices might do.
Hello,
If ADG enables more large Filter rules, it will occupy a lot of system resources, affecting system stability, and ADG itself will not worry about memory usage, causing if the longer the ADG runs, the greater the resources it will occupy.
If possible, try adding a memory limit:
Add the procd_set_param env GOMEMLIMIT=100MiB GOGC=40 , on this configuration /etc/init.d/adguardhome.
4 Likes
Can you add a condtion to avoid this issue?
For example, when you click to apply for the new blocklist:
If GOMEMLIMIT variable is more than 85% of the current free memory, then show a message "list is too big for the current memory available. Release more memory or use an smaller blocklist"
It is 3rd party , Adguard home is not company with GL-inet.
Anyway GL-inet moded Adguard home config for default parameters.
2 Likes
I understand this is a separate project, but it is marketed as a feature of the router. Any instability it introduces to the underlying router should be addressed, ideally in a way that doesn't rely on complex troubleshooting or expert intervention. Preventing configuration errors is essential for any commercial product, as it reduces support costs. This is why the default GUI is designed to be simple, minimizing the risk of users unintentionally misconfiguring settings in LuCI.
What would be an appropriate memory limit config for the SlateAX AXT1800 in this case? @bruce
Can you elaborate what GOMEMLIMIT means and what GOGC means please?
Surely that should be in the stock firmware though?
My Spitz Plus should not be crashing because I have enabled AGH and I have only the default settings that GL have provided.
AGH is 3rd party. You can configure it to break your router easily.
Nothing you can do about it.
The firmware should be robust enough to avoid users to break the router.
People from ADH don't don't know the limits of the hardware.
Developers that have added ADH in their firmware know exactly the limits of the router.
3 Likes
Anyone with this issue could try zram-swap to give the router "more" ram. Setup is pretty easy, log in using ssh and run these commands:
opkg update && opkg install zram-swap
uci set system.@system[0].zram_size_mb='64'
uci set system.@system[0].zram_comp_algo='lz4'
uci commit && reboot
The first command will update the package lists and install two packages (kmod-zram + zram-swap).
The next two commands set the size and compression method. For available compression methods we can check /sys/block/zram0/comp_algorithm I only have lz* and no zsdt or other methods in my Opal, but on others this could be different and make a big difference. Select zsdt if available.
# cat /sys/block/zram0/comp_algorithm
lzo [lz4] deflate
The final command applies the settings and reboots. You can verify if it works by running htop which should show an active swap of whatever the size is you set. Recommended is using 50-60% of ram, that would be 64 for my Opal router.
What we now have is a swap that stores data compressed in ram of the router. This should help a lot when having big blocklists as they're mainly text which compresses pretty well. This might give you the extra space you needed to have a lot of lists.
Please let me know how if it helped you!
And yes you've essentially downloaded more ram, a thing some people claim is impossible!
PS: I am pretty certain compression is handled by a cpu instruction because it doesn't seem to cause any increase in cpu usage in my testing. Related to that; if you run a VPN make sure to select an encryption method the cpu supports, it will greatly improve performance by reducing cpu load.
2 Likes
Sadly this killed my config on my Flint 2 - DHCP and internal networking worked but all outbound traffic seemed to be stopped. Had to do a firmware flash and overwrite settings.
That’s pretty weird. Zram is not something new and I have it enabled on all my routers without issue. It’s also recommended on the OpenWrt wiki. No clue why your router didn’t like it. Any errors or logs?
I enabled all the default lists available in the version we get for the Opal, not sure if the same number of block lists are used by default over all firmware versions but it seems to chug along nicely here.
Disclaimer: I am a Pihole user so only set this up as a test to see if I would get any problems from using zram, doesn't seem to be the case. If your router has more ram I would advice to run Pihole either in docker or lxc. It behaves much better in "restricted" environments. Like my very old RPi Zero with 1 core and 256mb can block over 2 million IPs and not even break a sweat and still respond within 50ms to dns queries.
I did a little investigating and it seems the adguard package does a lot more than simply running ad guard. I saw changes in the firewall and such too. So I think this is not to blame to zram or adguard but on whatever these extra things do.
There is no need to do any of that but it seems rules are added to intercept all dns traffic. While all it would have to do is run and then we can set the dns on clients using a dhcp option or the dhcp server in adguard ourselves.
Very weird to add all these extra rules. Making it complex when there's no need. But I guess this is done for 1 click installs or something. They did the same for some other dns stuff on my Opal firmware which ended up being a bug that is now fixed. Maybe on your Flint 2 this is the same? I have no idea to be honest. But at I am pretty confident the issue you saw were due to Gl-Inet adding all these extras.
These dns ad blockers are very simple things. All they need to do is just run and update block lists and answers dns queries. We the network "admins" can decide which dns server computers on our network use.
The solution here might be to modify the package before installing it on the router, strip out all the rules and extra and just make it run on port 3000 for admin/configuration and 53 for dns. Disable builtin dns using Luci.
scary find to me all those extra rules to intercept dns.. If a staff care to clarify why ? gl is going in a weird direction lately with their cloud service I don't like all this added complexity
Intercepting is needed because AdGuard Home wouldn't work without it.
You can enable / disable it in the settings. Nothing scary here.
1 Like
Intercepting is needed because AdGuard Home wouldn't work without it.
That's not true. It will work perfectly fine without it. All this type of ad blocking needs to work is for for clients using it as dns server (resolver). The latter can be accomplished in a few ways, one of them intercepting. But the most common method by far is by setting the adblocker ip as dns server on clients using dhcp.
Incorrect.
The intercepting is needed because of the VPN policies. If you talk to AGH directly, the VPN policies don't work.
All in all the intercepting is totally OK.
Nothing I said was incorrect. Interception is only needed when using a VPN in all other cases interception just increases the system load, wasting resources and energy. I'm sure VPN usage is an edge case and not the default. Plus interception could only be applied when a VPN is active.
It's needed on the GL router because these functions are one of the main ones.
You are right about AGH in general, but not in combination of GL router firmware. 