So far htop is showing the router doing just fine with AGH. I finally got it installed and here are the steps I took:
- Install an SD card in the SD card slot. I’m using SanDisk 64Gb extreme (~$10 on Amazon)
- The card will auto mount. You should
umount /dev/mmcblk0 - Format the card
mke2fs -t ext4 /dev/mmcblk0 - In luci, system —> mount points, then add the new disk as an overlay then save and apply the updated config
- Add swap through ssh:
a.dd if=/dev/zero of=/mnt/mmcblk0/myswap.swp bs=1k count=1048576## I set the swap file to 1G which is a bit more than recommended for this router. Normally we want it to be 2X ram. Good news is swappiness is set to 60 so no adjustments necessary there.
b.mkswap /mnt/mmcblk0/myswap.swp
c.swapon /mnt/mmcblk0/myswap.swp - Back in luci we need to enable swap to turn on during boot. Go to system —> startup —> local startup. Add this as the first line after the comments
/usr/sbin/swapon /mnt/mmcblk0/myswap.swp - While we are in luci, let’s go ahead and force dhcp to send the router IP address as the DNS server. To do this, we can go to network —> interfaces —> lan —> edit —> dhcp server —> advanced and under dhcp options add
6,192.168.8.1. Save your settings - Either through ssh & opkg or from the admin webgui install adguard home package
opkg list |grep -i adguardthenokpg installthe adguard package - Ssh —>
/etc/init.d/dnsmasq stop(this will stop all dns and dhcp temporarily) - Adguardhome’s default working directory is /tmp/adguardhome. The advantage is that this is very quick memory. The disadvantages are that once your router reboots, you’ll lose all history. There is also a danger of running out of space and filling /tmp completely. Let’s change that so we don’t have to worry.
a.mkdir /mnt/mmcblk0/etc/adguardhome
b.chmod 755 /mnt/mmcblk0/etc/adguardhome
c.vi /etc/config/adguardhomeor use your favorite editor
d. comment out the working directory line with a#in front
e. add the following new lineoption workdir /mnt/mmcblk0/etc/adguardhome
f. finally we can restart adguardhome with/mnt/mmcblk0/upper/etc/rc.d/K89adguardhome restart -
http://192.168.8.1:3000. For me I changed the default admin port to 14711 which is the same used as part of asus-merlin, amtm, agh install - Set DNS to 53 and complete the install
- At this point you should see adguard home running on port 53. You can check by running
netstat -naulp | grep :53 - Next we’ll move dnsmasq to 553 (easy to remember) by
echo "port=553" >> /etc/dnsmasq.conffrom ssh prompt - We can now restart dnsmasq with ssh —>
/etc/init.d/dnsmasq restart - Check that dnsmasq is running on the right port with running
netstat -naulp | grep :553 - Adguard config. Go to
http://192.168.8.1:14711 - For upstream servers I have this code:
[/console.gl-inet.com/][::]:553
[/use-application-dns.net/][::]:553
[/dns.resolver.arpa/][::]:553
[/lan/][::]:553
[//][::]:553
# Cloudfare
tls://1.1.1.1:853
tls://1.0.0.1:853
# Google
#tls://8.8.8.8:853
#tls://8.8.4.4:853
# Quad 9
tls://9.9.9.9:853
tls://149.112.112.112:853
# NextDNS
tls://dns.nextdns.io:853
- Save your config after each section
- Set to be parallel request
- For bootstrap I use
9.9.9.9
1.1.1.1
- For Private reverse DNS servers
[::]:553
[/10.in-addr.arpa/][::]:553
[/168.192.in-addr.arpa/][::]:553
- Set to enable DNSSEC
- Flip over to the DNS Blocklists and set to adguard, adaway, and oisd basic
This will get you pretty good protection without overloading the router. You can test by going here. You should get in the high 90’s for blocking ads and trackers. To make sure everything is working, reboot your router, use free to check that swap is on, netstat -naulp | grep :53 to check AGH is working correctly, and htop (separate opkg package) to check performance. With AGH and the resolvers above, you should see good performance.
Also, don’t forget on ios devices to disable private wifi address so your clients show up in the query and dashboard logs
edit - I’ve updated the instructions to account for tmpfs limited space and changing the working directory from /tmp/adguardhome to /mnt/mmcblk0/etc/adguardhome