AdGuardHome on GL routers

Pls check exroot

I tried to install on Beryl MT-1300 running 4.3.1b1 and after installation, I don’t see adguard in the applications but going to 192.168.8.1:3000 to run the setup, I get a warning about DNS already in use. See attached photo:

IMG_01541972×1696 249 KB

It doesn’t make sense to install AdGuard on a Beryl. It’s not powerful enough.

So far htop is showing the router doing just fine with AGH. I finally got it installed and here are the steps I took:

1. Install an SD card in the SD card slot. I’m using SanDisk 64Gb extreme (~$10 on Amazon)
2. The card will auto mount. You should umount /dev/mmcblk0
3. Format the card mke2fs -t ext4 /dev/mmcblk0
4. In luci, system —> mount points, then add the new disk as an overlay then save and apply the updated config
5. Add swap through ssh:
   a. dd if=/dev/zero of=/mnt/mmcblk0/myswap.swp bs=1k count=1048576 ## I set the swap file to 1G which is a bit more than recommended for this router. Normally we want it to be 2X ram. Good news is swappiness is set to 60 so no adjustments necessary there.
   b. mkswap /mnt/mmcblk0/myswap.swp
   c. swapon /mnt/mmcblk0/myswap.swp
6. Back in luci we need to enable swap to turn on during boot. Go to system —> startup —> local startup. Add this as the first line after the comments
   /usr/sbin/swapon /mnt/mmcblk0/myswap.swp
7. While we are in luci, let’s go ahead and force dhcp to send the router IP address as the DNS server. To do this, we can go to network —> interfaces —> lan —> edit —> dhcp server —> advanced and under dhcp options add 6,192.168.8.1. Save your settings
8. Either through ssh & opkg or from the admin webgui install adguard home package opkg list |grep -i adguard then okpg install the adguard package
9. Ssh —> /etc/init.d/dnsmasq stop (this will stop all dns and dhcp temporarily)
10. Adguardhome’s default working directory is /tmp/adguardhome. The advantage is that this is very quick memory. The disadvantages are that once your router reboots, you’ll lose all history. There is also a danger of running out of space and filling /tmp completely. Let’s change that so we don’t have to worry.
    a. mkdir /mnt/mmcblk0/etc/adguardhome
    b. chmod 755 /mnt/mmcblk0/etc/adguardhome
    c. vi /etc/config/adguardhome or use your favorite editor
    d. comment out the working directory line with a # in front
    e. add the following new line option workdir /mnt/mmcblk0/etc/adguardhome
    f. finally we can restart adguardhome with /mnt/mmcblk0/upper/etc/rc.d/K89adguardhome restart
11. http://192.168.8.1:3000. For me I changed the default admin port to 14711 which is the same used as part of asus-merlin, amtm, agh install
12. Set DNS to 53 and complete the install
13. At this point you should see adguard home running on port 53. You can check by running netstat -naulp | grep :53
14. Next we’ll move dnsmasq to 553 (easy to remember) by echo "port=553" >> /etc/dnsmasq.conf from ssh prompt
15. We can now restart dnsmasq with ssh —> /etc/init.d/dnsmasq restart
16. Check that dnsmasq is running on the right port with running netstat -naulp | grep :553
17. Adguard config. Go to http://192.168.8.1:14711
18. For upstream servers I have this code:

[/console.gl-inet.com/][::]:553
[/use-application-dns.net/][::]:553
[/dns.resolver.arpa/][::]:553
[/lan/][::]:553
[//][::]:553
# Cloudfare
tls://1.1.1.1:853
tls://1.0.0.1:853
# Google
#tls://8.8.8.8:853
#tls://8.8.4.4:853
# Quad 9
tls://9.9.9.9:853
tls://149.112.112.112:853
# NextDNS
tls://dns.nextdns.io:853

19. Save your config after each section
20. Set to be parallel request
21. For bootstrap I use

9.9.9.9
1.1.1.1

22. For Private reverse DNS servers

[::]:553
[/10.in-addr.arpa/][::]:553
[/168.192.in-addr.arpa/][::]:553

23. Set to enable DNSSEC
24. Flip over to the DNS Blocklists and set to adguard, adaway, and oisd basic

This will get you pretty good protection without overloading the router. You can test by going here. You should get in the high 90’s for blocking ads and trackers. To make sure everything is working, reboot your router, use free to check that swap is on, netstat -naulp | grep :53 to check AGH is working correctly, and htop (separate opkg package) to check performance. With AGH and the resolvers above, you should see good performance.

Also, don’t forget on ios devices to disable private wifi address so your clients show up in the query and dashboard logs

edit - I’ve updated the instructions to account for tmpfs limited space and changing the working directory from /tmp/adguardhome to /mnt/mmcblk0/etc/adguardhome

I wanted to add a follow-on post on how to update to the latest release of AGH, assuming you followed the steps above. For me, by default I had a 6+ month old version of Adguard in opkg and with opkg having update issues on the latest Beryl beta I decided to just update Adguard directly.

1. The first thing you will want to do is determine which version you need by ssh into your router. Download opkg install file then file /usr/bin/AdGuardHome

For Beryl I got an output like this:

/usr/bin/AdGuardHome: ELF 32-bit LSB executable, MIPS, MIPS32 version 1 (SYSV), statically linked, Go BuildID=c0WtXHe74ItLRoOBOXFY/hmNPOIn3NRWjsIgoE2Ht/150uHHOGLVCtPkdknURS/eCewiXB9pIkOW5-aCcNy, stripped

2. Next head over to AGH github page for releases and identify your platform. Note that for Beryl, choose the 32-bit MIPS LE. Keep this page handy. We’ll come back to it in a minute
3. First we need to create a backup in case something goes haywire. Keep in mind that when you stop AGH, DNS resolution will also stop
   a. cp /usr/bin/AdGuardHome /usr/bin/AdGuardHome.old
   b. cp /etc/adguardhome.yaml /etc/adguardhome.yaml.backup
4. Next create some temp space to download the latest AGH mkdir /overlay/tmp
5. Now it’s time to go back and copy the download link into your clipboard/buffer for the version of AGH you want. Then paste it into your ssh terminal after wget This example is for Beryl beta version. Choose your own version appropriately:
   a. cd /overlay/tmp
   b. wget https://static.adguard.com/adguardhome/beta/AdGuardHome_linux_mipsle_softfloat.tar.gz
6. Next we need to extract the new binary tar -xzvf ./AdGuardHome_linux_mipsle_softfloat.tar.gz
7. This will create a new directory cd AdGuardHome
8. Check that the file matches the same arch as your current binary file ./AdGuardHome
9. Now it’s time to do the switcharo. First thing is to shutdown AGH /mnt/mmcblk0/upper/etc/rc.d/K89adguardhome stop
10. cp ./AdGuardHome /usr/bin/
11. Last thing is to restart AGH /mnt/mmcblk0/upper/etc/rc.d/S21adguardhome start
12. ps | grep -i adguardhome — should show AGH running
13. Go to http://192.168.8.1:14711/ and enjoy the new release

*note: the above sometimes uses relative paths. Be sure you are in the expected directory before executing any commands with relative paths

Background - I’m not a programmer but I do have a background in systems so I can (sorta) hack together some scripts. I mostly use the beta version of AGH and it was getting annoying having to follow the process above every time a new release came out so I set out to create a script to automate some functions. Well, that automation grew significantly, to the point that I felt that I’d like to dump my script into github and share with this community, hoping for the best.

Script Features

1. Checks for dependencies:
   a. Free disk space to upgrade
   b. Properly installed and running version of AGH
   c. Checks for the correct model and fails if you aren’t running the correct version (supports MT1300 only right now)
2. Downloads and parses the available beta and release versions of AGH comparing to your current version and presents an output of the same
3. Allows you to switch from beta to release and vice versa or just upgrade to the latest version of your chosen branch (if available)
4. Will fetch the correct go binary based on your model number
5. Extracts the tarball (with a check that it can find the new binary file)
6. Creates a backup of your existing binary and config files
7. Disables your AGH service (temporarily)
8. Copies new AGH binary into place
9. Reloads AGH service
10. Cleans up temp files created
11. Status along the way with error handling and graceful exiting if something fails (e.g. cleanup of temp files)

Asks

1. I’m looking for feedback on other models and their correct go binary. Specifically - cat /proc/gl-hw-info/model along with the associated url to your binary from here. You can check for the correct binary using the process outlined here.
2. As stated, I’m not a programmer and likely broke all sorts of best practices with my code (but it works for me!). If you are interested in helping clean up the code to be more efficient and align with best practices, let me know. I’m sure there are a zillion opportunities here.
3. Be kind in your feedback

The script can be found here: GitHub - phantasm22/AdGuardHome-updater: Shell script to update AdGuardHome on GL.iNet routers

same situation here. i wonder where may i be able to see the adguard dashboard.

Which same situation?
The dashboard is accessible, once you activated the client:
In most cases, it’s this router URL: http://192.168.8.1:3000/

It is accessbile and it’s showing this, but i can’t go past forward this section

image730×1196 37.1 KB

tried this instruction from the link on the page but im unable to browse the systemd folder

It’s because dnsmasq is already using 53. You need to move it to another port or choose AdGuard to run on a different port which isn’t advisable. See my detailed instructions above. You also already have a web server running on 80, so you’ll need a different port for that as well.

got it. i stopped DNSMASQ
/etc/init.d/dnsmasq stop

only remain is how to change the port 80 for the web service. this is on a stock setting (after reset).
update: i just re-assigned the adguard web admin port to 3001

You should enable it afterwards, since it’s needed for VPN policy for example.

80 port is used by the nginx web server which you are using access this page. Why do you want to use 80 port?