DNS-over-HTTPS (DoH) Help for Mr Dim but possible nice

Cold someone please help, how do I enable DNS-over-HTTPS, I was told to enable this in AdGuard in Encryption and but you can’t enable Encryption because of the HTTPS port 443 a Red error box appears, but I was not helped with what to do about getting round the error, the reason originally was I have VPN DNS leaks if I disable AdGuard home no leaks.
Sorry if I’m being thick but we can’t all be clever.
Much appreciated.

You can configure it on the following page:

Hello thank you this is where I got to last time done both stages including the DNS settings, but in AdGuard you get a red box pop up and then unable to save settings.
So what do I do next.

This is due to a port conflict.
You need to change the HTTPS Port to a value other than 443, or change the port of the GL Admin Panel.
Change the default https port for access and block http access - Technical Support for Routers - GL.iNet (gl-inet.com)

Hi thanks after I’ve updated the firmware I will give it a try, is there a recommended port or just change it to say 444.

TCP 8443 is commonly used as an alternative to TCP 443.

TCP 444 is a standard port for SNPP (Simple Network Paging Protocol).

I do not work for and I do not have formal association with GL.iNet

So is it better to use TCP 8443 or change the the dl.conf port, I tried altering the TCP port in AdGuard but it won’t save only reset, I did tick the box, thanks

TCP 4443 is another alternative that I have seen used.

I tested changing the port also and could not save the Encryption Settings either. You can try editing the AdguardHome config.yaml file directly.

I am not sure how enabling DoH in the Encryption Settings will fix the VPN DNS leaks. Are your ISP DNS servers showing up when you do a leak test? Do you have DoH servers set up as your Upstream DNS servers?

Well I’m glad it’s not just me it won’t save even disarming AdGuard (within AdGuard) I’m using & Upstream DNS servers, I have tried a few different Upstream servers does very little if you want to see what happens you need to use pronto VPN free service (Holland) it also happens with Cyberghost (pictured below)
both openVPN.
No trouble with SurfShark but it’s very hard to get a connection with openVPN, WireGuard no leaks and connects perfectly.

I tried editing the AdguardHome config.yaml file which was successful but you still cant enable Encryption.
so still stuck

You need to scroll down the page and enter the credentials, then click “Save Configuration”.
It looks like this

You can use your own certificate or the one built into the device.

So the (Certificate chain is invalid) is ok is that correct, I tried an alternative HTTPS port 4001 what happened then I could not get back into AdGuard at all, and then when I restated the router when I entered AdGuard home it took me to the home page of FireFox with a security warning to continue or go back.
Could you simply tell me what went wrong.
I restored AdGuard by replacing my back up of config.yaml now all back to normal.
Below is actual screenshots before hitting save settings.

OK final got it to work, but it stops the graphics on the AdGuard is t page but not on the settings page but it makes no difference to DNS leaks.

I do not see how enabling DoH in the Encryption Settings will fix the VPN DNS leaks. The encryption would only encrypt the DNS requests from client devices to AdGuardHome on your LAN and the DNS requests from AdGuardHome to the Internet on your WAN would still go out to the upstream servers.

The dnsleaktest.com output shows Cloudflare because you have and as upstream servers. I use DoH on Cloudflare as upstream servers via https://dns.cloudflare.com/dns-query. For my activities, I am not worried about Cloudflare privacy, but if you do, I think you can use DoH on Quad9 via https://dns10.quad9.net/dns-query because they do not retain any logs and is governed by Swiss privacy law.

“DNS leaks” normally refers to your ISP and/or sites traversed seeing your DNS requests, which DoH or DoT on upstream servers should prevent.

The security warning is normal, the certificate built into the router is not issued by a root certificate issuer and they do not issue certificates for intranet IPs.
Just ignore the security warning and continue accessing.

Many thanks for the help, that’s what I’ve done in the past is change the upstream servers, so that’s obviously the way to go, one big question which remains a mystery to me why isn’t WireGuard affected by leaks only openVPN on saying that if the routers VPN is deactivated and I use a windows app or even an iOS app no leaks at all from OpenVPN or AsGuard.
I was told to use Encryption Settings to fix the VPN DNS leaks by a GL.iNet staff member.
Thank you as well yuxin.zhou to ignore the security warnings.

I did try https://dns.cloudflare.com/dns-query as my upstream server but that did give me two leaks, that’s with no AdGuard Encryption Settings eg default.
Using SurfShark WireGurad
I just tried openVPN with CyberGhost and that is only 2 better then 5

When running OpenVPN and WireGuard, can you confirm for both that “Services from GL.iNet Use VPN” has been turned on in Global Options settings (Firmware 4), or “Use VPN for all processes on the router” has been turned on in VPN Policies settings (Firmware 3)?

I’m on 4.2.3 and Services from GL.iNet Use VPN are off (unticked)

With “Services from GL.iNet Use VPN” turned off, I think AdGuardHome upstream DNS servers will not go through and not be encrypted by the VPN.

With devices connected to the LAN behind the GL.iNet router, I suspect that DNS requests will go to the GL.iNet router dnsmasq, which forwards to the GL.iNet router AdGuardHome and then go out to the upstream DNS servers without encryption. When you disable AdGuardHome, the DNS requests will still go to the GLiNet router dnsmasq, then go out through the VPN tunnel to the VPN provider’s DNS servers with encryption.