AdGuardHome on GL routers

Here I found a the solution to the problem; Source of DNS queries not seen in adguard of alternative dns server like Pi-hole - #8 by wcs2228

I successfully disabled DNS functionality in dnsmasq and enabled AdGuardHome as DNS server.

Stop dnsmasq and AdGuardHome:

/etc/init.d/dnsmasq stop
/etc/init.d/AdGuardHome stop

In /etc/config/dhcp, replace the following lines:

option noresolv ‘1’
list server ‘127.0.0.1#3053’

with:

option localuse ‘0’
option port ‘0’

In /etc/AdGuardHome/config.yaml, replace:

port: 3053

with:

port: 53

Start dnsmasq and AdGuardHome:

/etc/init.d/dnsmasq start
/etc/init.d/AdGuardHome start

Back up the 2 files before starting changes and restore the 2 backup files to reverse changes.

EDIT: Configure DHCP server to give DNS as the router’s IP address via LuCI → Network → Interfaces → LAN → Edit → DHCP Server → Advanced Settings → DHCP-Options. Enter the following and click Save, then click Save & Apply:

6,192.168.8.1

If you have changed the router’s IP address from the default 192.168.8, then enter the new IP address preceded by “6,”

EDIT: Here is the OpenWRT reference:

I do not work for and I do not have formal association with GL.iNet

4 Likes

Thanks. I did something similar with dnsmasq but through Luci and it left DHCP was broken. I should have edited the config files directly.

Newbie question, where can I execute the command? I accessed LUCI but no idea in how to procedure from there.

The editing of files under /etc is to be done by logging into SSH on the router. The remaining steps can be done in LuCI.

Pls learn ssh and winscp

Thank you for sharing!

Thank you! Worked. The only issue I am having now (not sure if it is the cause) is my VPN when connected does not respect the rule of VPN Policy Base on the Target Domain or IP

Hi, I just updated the AdGuardHome version in my Gli-Net M3000 router to version 0.1.07.24
I used the GitHub version AdGuardHome_linux_armv7.tar.gz.
It came to my attention that the AdGuardHome version from the router I flashed yesterday is much bigger than the version from GitHub. Do you know why?

AdGuardHome_bu is the version from the beta4 firmware.
image

Gli-Net M3000 router’s current AdGuardhome version is v0.107.8 AdGuardHome_linux_arm64
Need to check changelog about size/optimization.

I was using the 32bit version instead of 64bit. However, that doesn’t change the size of the file much.
Question here: Why is the original file on the router 12 MB bigger than the newer one in the GitHub repository?

That’s Adguardhome v0.107.24 has size optimzation on older version v0.107.8.

1 Like

I got this error message when i wanted to install AdguardHome plug-in. I only just had the router just over a year.

Collected errors: * verify_pkg_installable: Only have 5984kb available on filesystem /overlay, pkg AdGuardHome needs 10442 * opkg_install_cmd: Cannot install package AdGuardHome.

my current firmware - 3.216

This error indicates that the storage space is insufficient to install adguardhome.

what can i do to create space, please?

Pls check exroot

I tried to install on Beryl MT-1300 running 4.3.1b1 and after installation, I don’t see adguard in the applications but going to 192.168.8.1:3000 to run the setup, I get a warning about DNS already in use. See attached photo:

1 Like

It doesn’t make sense to install AdGuard on a Beryl. It’s not powerful enough.

So far htop is showing the router doing just fine with AGH. I finally got it installed and here are the steps I took:

  1. Install an SD card in the SD card slot. I’m using SanDisk 64Gb extreme (~$10 on Amazon)
  2. The card will auto mount. You should umount /dev/mmcblk0
  3. Format the card mke2fs -t ext4 /dev/mmcblk0
  4. In luci, system —> mount points, then add the new disk as an overlay then save and apply the updated config
  5. Add swap through ssh:
    a. dd if=/dev/zero of=/mnt/mmcblk0/myswap.swp bs=1k count=1048576 ## I set the swap file to 1G which is a bit more than recommended for this router. Normally we want it to be 2X ram. Good news is swappiness is set to 60 so no adjustments necessary there.
    b. mkswap /mnt/mmcblk0/myswap.swp
    c. swapon /mnt/mmcblk0/myswap.swp
  6. Back in luci we need to enable swap to turn on during boot. Go to system —> startup —> local startup. Add this as the first line after the comments
    /usr/sbin/swapon /mnt/mmcblk0/myswap.swp
  7. While we are in luci, let’s go ahead and force dhcp to send the router IP address as the DNS server. To do this, we can go to network —> interfaces —> lan —> edit —> dhcp server —> advanced and under dhcp options add 6,192.168.8.1. Save your settings
  8. Either through ssh & opkg or from the admin webgui install adguard home package opkg list |grep -i adguard then okpg install the adguard package
  9. Ssh —> /etc/init.d/dnsmasq stop (this will stop all dns and dhcp temporarily)
  10. Adguardhome’s default working directory is /tmp/adguardhome. The advantage is that this is very quick memory. The disadvantages are that once your router reboots, you’ll lose all history. There is also a danger of running out of space and filling /tmp completely. Let’s change that so we don’t have to worry.
    a. mkdir /mnt/mmcblk0/etc/adguardhome
    b. chmod 755 /mnt/mmcblk0/etc/adguardhome
    c. vi /etc/config/adguardhome or use your favorite editor
    d. comment out the working directory line with a # in front
    e. add the following new line option workdir /mnt/mmcblk0/etc/adguardhome
    f. finally we can restart adguardhome with /mnt/mmcblk0/upper/etc/rc.d/K89adguardhome restart
  11. http://192.168.8.1:3000. For me I changed the default admin port to 14711 which is the same used as part of asus-merlin, amtm, agh install
  12. Set DNS to 53 and complete the install
  13. At this point you should see adguard home running on port 53. You can check by running netstat -naulp | grep :53
  14. Next we’ll move dnsmasq to 553 (easy to remember) by echo "port=553" >> /etc/dnsmasq.conf from ssh prompt
  15. We can now restart dnsmasq with ssh —> /etc/init.d/dnsmasq restart
  16. Check that dnsmasq is running on the right port with running netstat -naulp | grep :553
  17. Adguard config. Go to http://192.168.8.1:14711
  18. For upstream servers I have this code:
[/console.gl-inet.com/][::]:553
[/use-application-dns.net/][::]:553
[/dns.resolver.arpa/][::]:553
[/lan/][::]:553
[//][::]:553
# Cloudfare
tls://1.1.1.1:853
tls://1.0.0.1:853
# Google
#tls://8.8.8.8:853
#tls://8.8.4.4:853
# Quad 9
tls://9.9.9.9:853
tls://149.112.112.112:853
# NextDNS
tls://dns.nextdns.io:853
  1. Save your config after each section
  2. Set to be parallel request
  3. For bootstrap I use
9.9.9.9
1.1.1.1
  1. For Private reverse DNS servers
[::]:553
[/10.in-addr.arpa/][::]:553
[/168.192.in-addr.arpa/][::]:553
  1. Set to enable DNSSEC
  2. Flip over to the DNS Blocklists and set to adguard, adaway, and oisd basic

This will get you pretty good protection without overloading the router. You can test by going here. You should get in the high 90’s for blocking ads and trackers. To make sure everything is working, reboot your router, use free to check that swap is on, netstat -naulp | grep :53 to check AGH is working correctly, and htop (separate opkg package) to check performance. With AGH and the resolvers above, you should see good performance.

Also, don’t forget on ios devices to disable private wifi address so your clients show up in the query and dashboard logs

edit - I’ve updated the instructions to account for tmpfs limited space and changing the working directory from /tmp/adguardhome to /mnt/mmcblk0/etc/adguardhome

4 Likes

I wanted to add a follow-on post on how to update to the latest release of AGH, assuming you followed the steps above. For me, by default I had a 6+ month old version of Adguard in opkg and with opkg having update issues on the latest Beryl beta I decided to just update Adguard directly.

  1. The first thing you will want to do is determine which version you need by ssh into your router. Download opkg install file then file /usr/bin/AdGuardHome

For Beryl I got an output like this:

/usr/bin/AdGuardHome: ELF 32-bit LSB executable, MIPS, MIPS32 version 1 (SYSV), statically linked, Go BuildID=c0WtXHe74ItLRoOBOXFY/hmNPOIn3NRWjsIgoE2Ht/150uHHOGLVCtPkdknURS/eCewiXB9pIkOW5-aCcNy, stripped
  1. Next head over to AGH github page for releases and identify your platform. Note that for Beryl, choose the 32-bit MIPS LE. Keep this page handy. We’ll come back to it in a minute
  2. First we need to create a backup in case something goes haywire. Keep in mind that when you stop AGH, DNS resolution will also stop :slight_smile:
    a. cp /usr/bin/AdGuardHome /usr/bin/AdGuardHome.old
    b. cp /etc/adguardhome.yaml /etc/adguardhome.yaml.backup
  3. Next create some temp space to download the latest AGH mkdir /overlay/tmp
  4. Now it’s time to go back and copy the download link into your clipboard/buffer for the version of AGH you want. Then paste it into your ssh terminal after wget This example is for Beryl beta version. Choose your own version appropriately:
    a. cd /overlay/tmp
    b. wget https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_mipsle_softfloat.tar.gz
  5. Next we need to extract the new binary tar -xzvf ./AdGuardHome_linux_mipsle_softfloat.tar.gz
  6. This will create a new directory cd AdGuardHome
  7. Check that the file matches the same arch as your current binary file ./AdGuardHome
  8. Now it’s time to do the switcharo. First thing is to shutdown AGH /mnt/mmcblk0/upper/etc/rc.d/K89adguardhome stop
  9. cp ./AdGuardHome /usr/bin/
  10. Last thing is to restart AGH /mnt/mmcblk0/upper/etc/rc.d/S21adguardhome start
  11. ps | grep -i adguardhome — should show AGH running
  12. Go to http://192.168.8.1:14711/ and enjoy the new release

*note: the above sometimes uses relative paths. Be sure you are in the expected directory before executing any commands with relative paths