AGH is worth its weight in gold, the advertising in my country is currently taking over, you have the feeling of standing in the supermarket without AGH, only advertising without end
1 Like
That seems to be the case everywhere then. I run on-device block lists but don't happen to use AGH. The Web is practically unusable without ad blocking of some type.
2 Likes
What do you mean by "executing block lists?" How or where do you do this via Luci?
I was referring to adblocking lists. A 'code block' would look something
like this.
If you want to add the IPs for NTP, you can also do it in LuCI -> System -> System -> Time Synchronization. It will show domains. The corresponding IPs for those domain/DNS entries are:
- 104.167.241.197
- 73.239.145.47
- 142.147.88.111
- 171.66.97.126
You would then use the GL GUI to change your DNS over to just be DOH instead of through AGH's DOH/DOT — as mentioned.
Sorry to ask, but I'm supposed to enter the DNS IP for time synchronization?
What does time synchronization have to do with ad blocking, or am I misunderstanding something?
It's also possible that the translation is completely wrong.
I thought NTP was only for time.
Yes; those NTP IPs should help things considerably.
NTP by itself has nothing to do with ad blocking. It does relate to TLS which requires accurate time. TLS is used by both DOT & DOH. DOH or DOT is used by AdGuardHome... & of course AGH deals with the ads.
I doubt that NTP is an issue, tbh.
For me, this looks like the usual AGH multipath issue that happens on newer firmwares.
Unfortunately, the logs aren't helpful.
Could you do me a favor and test ping 1.1.1.1 and nslookup google.de from a device (windows is fine) when your VPN seems to stuck?
I’m working on the NTP vs Wireguard race condition and happened to make a list of NTP servers which specifically allow you to connect via IP (in other words, they don’t request that you use their hostname instead) … here are some in Europe you can use, I would select 4 of these if you do decide to use IP address of NTP servers to set your clock.
- ntp.probe-networks.de (DE) 82.96.64.2
- ntp.freiwuppertal.de (DE) 192.53.103.103
- ntp1.juergen-habich.com (DE) 178.254.13.123
- ntp2.juergen-habich.com (DE) 178.254.3.244
- ntp2.innolan.net (DK) 83.89.248.209
- ntp1.asda.gr (GR) 193.93.164.194
- ntp2.asda.gr (GR) 193.93.164.195
Of course, I then have to wait at least 24 hours because, strangely enough, a certain amount of time always has to pass before this effect occurs.
This may be because OpenWrt attempts to initially set the clock to the modification date of the most recently modified file within /etc, so if something touches a file within /etc when your router boots successfully, it would cause the problem not to re-occur on the next boot until enough time has passed that the time set from /etc is sufficiently incorrect that Wireguard fails to connect. This hack to set the time from /etc is accomplished because /etc/init.d/sysfixtime is run on every boot in vanilla OpenWrt.
For anybody else in North America dealing with this problem, here’s a list of NTP servers with relatively stable IPs:
- NIST
- time-d-g.nist.gov (US MD) 129.6.15.27
- time-f-g.nist.gov (US MD) 129.6.15.25
- time-c-wwv.nist.gov (US CO Ft Collins) 132.163.97.3
- time-f-wwv.nist.gov (US CO Ft Collins) 132.163.97.8
- time-b-b.nist.gov (US CO Boulder) 132.163.96.2
- time-e-b.nist.gov (US CO Boulder) 132.163.96.6
- Caltech
- ntp-01.caltech.edu 192.12.19.20
- ntp-02.caltech.edu 131.215.220.143
- ntp-03.caltech.edu 131.215.220.22
- Stratum Two servers with ~UseDNS No
- mail.cantrell.win (US CA) 74.48.15.18
- time.btr.net (US NJ) 45.79.182.100
Sorry to ask, but I'm supposed to enter the DNS IP for time synchronization?
No, he was suggesting that you specify some NTP servers by IP address (instead of hostname) in the router’s NTP configuration.
TLS depends on a relatively accurate clock. DNS over HTTPS and DNS over TLS depend on TLS, so if your clock is incorrect enough, they don’t work.
This can lead to a problem if your router tries to set the time by looking up IP addresses of NTP servers over DNS over HTTPS or DNS over TLS, when the clock is sufficiently different from actual time. In this case, the DNS lookups will fail, thus the clock cannot be set. This is why entering IP addresses instead of hostnames in the NTP setup can solve some of these types of problems.
Unfortunately, it’s discouraged to specify NTP servers by IP rather than hostname, for many reasons. Though most NTP server operators prefer you use their hostname, there are some operators who don’t object to you using their IP, and who publish their IP address. I did some research today to find some of these, hence the lists of European and North American NTP server IPs in my preceding comments.