E750: adblock + wireguard client not working

ipreferpie · 2020-01-21T11:25:00.069Z

I’ve set up adblock and a Wireguard client service to Mullvad that works well individually. I.e. when the Wireguard VPN is off, adblock works. But when I enable VPN, adblock doesn’t work. I’ve tried the following:

set DNS on the Wireguard settings to 127.0.0.1 or local router IP - DNS queries don’t work
enable “force local dns” + “flush dns cache” in adblock settings - doesn’t work
under LUCI DNS server settings, I unchecked “local service only” - doesn’t work

I feel like I’m missing something. Do I need to change firewall settings or change Wireguard “allowed IPs”. Really appreciate any help thanks.

Or is Wireguard bypassing DNSMasq?

ipreferpie · 2020-01-21T14:05:01.460Z

Hi there, thanks so much for the detailed response. I followed the instructions and adblock runs so much faster. In fact, the router web page responds so much faster since it was reloading the lists every time I restarted the adblock service.

Following your instructions, adblock works will while VPN was off. But as soon as I enable the VPN client, it’s not adblocking anymore. Is there something I’m still doing that messed up the config? Likely it can be in the Wireguard client config side, or perhaps the DNS server side. Do you think adblock isn’t acting on the wg0 interface once enabled?

Several notes:

resolve.conf shows “search lan
nameserver 127.0.0.1”
resolve.conf.vpn shows “nameserver 193.138.218.74” (Mullvad’s DNS server)
LUCI/ DHCP and DNS/Server Settings/General Settings/ :
-Domain required on
-Authoritative on
-DNS forwardings none
-Rebind protection off
-Local Service Only off
-Non-wildcard on
-Listen Interfaces none
-Exclude interfaces none

Another thing I was thinking if if I should reroute all DNS queries to 127.0.0.1 on the firewall if that works.

chromebook · 2020-01-21T14:19:10.144Z

I’m really sorry - my experience with wireguard is limited! I’m sure that I tested to see whether it worked with adblock or not and found that it did though - I hope I am not leading you down the wrong path (this was fw 3.025 btw on ar750s).

Anyway, now that adblock isn’t slowing you down, can you try to select wireguard interface instead of ‘WAN’ in the luci adblock settings? I found that openvpn was listed here (and this helped greatly before I worked on making adblock run smoothly) but I don’t have wireguard installed in my current build to check if that would be an option. If not, maybe try another dns option such as unbound? I believe that glinet uses dnsmasq anyway but I don’t know what wireguard is doing wrt to DNS on top of the existing build.

Perhaps you could try a manual wireguard config instead of using the mullvad configuration tool in the gl.inet firmware?

Did you try overiding the DNS with the gl.inet custom DNS option?.. Perhaps try the DNS over TLS option to see if that works/gives any clues.

Honestly though, these suggestions are off the cuff and hopefully someone with under-the-hood wireguard knowledge can help further…

But at least you’re not waiting 10 minutes to load the adblock lists any more

ipreferpie · 2020-01-22T08:06:01.034Z

That’s ok, I felt that you put me on the right track. For the E750, “WAN” isn’t on by default since it uses WWAN for WISP and Modem_xxx for 4G. For some reason, WG0 interface doesn’t exist if I use Wireguard client on GL. Only applies for Wireguard server. I do have an additional problem in that adblock doesn’t start upon boot when I try any interface of timed and must be start manually every time. I’ll have to ask support on a different thread.

I’m manually configured on the GL UI for Mullvad. And as above, no WG0 interface has been created. When I check LUCI.

No matter, much appreciated for your help!

EDIT It works! So for some reason, after starting up adblock (manually since it doesn’t start automatically), and turning WG on and waiting 10mins, all ads are blocked. Perhaps adblock still needs more time. I’ll look into decreasing my list size to see if that helps. Now, if adblock can be auto started, then everything would be solved!

chromebook · 2020-01-22T19:32:04.435Z

Great stuff… please share if you find a solution as I hope to move to wireguard one day.

ipreferpie · 2020-01-25T13:42:40.603Z

Finally got it to work but changing the trigger to timed and adding the field of adbtriggerdelay=5 and it now works! Combined with your solution to used backup lists and paring down lists, it all works now. Many thanks!