Adguard home and vpn policy over domain

i_fin · March 18, 2023, 7:59am

I can’t understand… I’ve been using adgurad so far. At the same time, the vpn policy based on the target DOMAIN used to work, then stopped working. I decided to disable adguard and take a look. vpn policy based on the target DOMAIN has started working again. Then I turned on adguard and it continued to work. After the reboot it stopped working again. Disabled adguard and vpn policy based on the target DOMAIN has started working again.
I can’t use two of the functions of brume at the same time VPNpbotD and AGH

And the second question is whether it is planned to support DNS-over-HTTP/3 and the ability to specify the doh server yourself or ability to edit list of doh resolvers?

K3rn3l_Ku5h · March 18, 2023, 11:32am

Firmware version that it used to work on an the new one it does not work on?

Have you made changes in the Adguardhome settings page (default gateway :3000 Ex 192.168.1.1:3000)

i_fin · March 19, 2023, 7:59am

4.2.0, no changes with default gateway :3000
now I use large pools of ip addresses. For example for yt3.ggpht.com i have to use 142.250.0.0/15

K3rn3l_Ku5h · March 19, 2023, 1:06pm

You are on a 4.2.0 Stable, Beta or Snapshot?
You upgraded from what firmware?
yt3.ggpht.com returns: a Google 400 error Your client has issued a malformed or illegal request.

Adguardhome has a different settings page where custom list are loaded, DoH is setup

i_fin · March 21, 2023, 4:32pm

4.2.0 stable
from every new firmware. last one is 4.2.0 beta 4
yt3.gghpt.com uses for pics in youtube like avatars e t c, but in our net this domain is blocked. But YoutubeFix extention for home unblocked these pics. There is rewrites from yt3.ggpht.com to yt4.ggpht.com in this extention. But i need to unblock these pics for all my local net.

dwyeraidan · June 4, 2025, 1:55am

Im having this same issue. When VPN based on domain is active, a firewall rule redirects dns traffic from port 53 to 1653 - which bypasses adguardgome.

This means any configuration in ADG is ignored, like local hostnames are not resolvable.

Why can't dnsmasq on port 1653 be configured to forward to adguardhome port 3053?

@alzhao @hansome

dwyeraidan · June 4, 2025, 2:34am

I added line

server=127.0.0.1#3053

to /etc/dnsmasq.conf.vpn

then

/etc/init.d restart

VPN policy and adguardhome now co-exist for me.

hansome · June 8, 2025, 4:05am

It should be the same as enabling "Allow Custom DNS to Override VPN DNS"

Adguardhome is a kind of custome DNS.

dwyeraidan · June 8, 2025, 5:25am

You are correct @hansome. I now use this toggle.

I still needed to tweak my /etc/dnsmasq.conf.vpn file as its settings are not exposed in Luci. Only the default dnsmasq is visible.

For instance I need forwarding of empty domain name for my network but the /etc/dnsmasq.conf.vpn was configured not to allow this. It would be nice feature if we can edit this through gui? or perhaps the /etc/dnsmasq.conf.vpn file should be generated using settings first from /etc/dnsmasq.conf and then add vpn lines? That would preserve users base dnsmasq preference as set in luci.

hansome · June 9, 2025, 2:57am

Yes, from firmware 4.8, we have VPN dnsmasq instance managed in the uci.