GL-MV1000 with AdGuard all clients show as localhost

ChrisP · 2022-10-21T02:27:28.110Z

Wonderful, This is just what I was looking for. Thank you very much @qdolan !

beeeners1012 · 2022-11-08T01:28:41.836Z

Finally. this is all i have to say. FINALLLYYYYY!!!

Max3 · 2022-11-16T17:31:12.379Z

The port forwarding works well, however it breaks vpn policies based on “Target Domain or IP”.
If you use that port forwarding AND vpn policies based on domain/IP, the policies doesn’t work after a while (or a reboot).
Seems that a perfect solution doesn’t exist… Too bad, using different DNS for clients inside Adguard Home is just too useful in some cases.

wcs2228 · 2022-11-16T21:44:37.340Z

Try this method that disables DNS server n dnsmasq and makes AdGuardHome the native DNS server on port 53:

GL-AXT1800 (Slate AX) IPv6 and some other problems Technical Support for Routers

You can try this: I do not work for and I do not have formal association with GL.iNet

Maybe it works with VPN policies.

I do not work for and I do not have formal association with GL.iNet

ruu · 2022-11-19T19:56:43.888Z

No, cuz dnsmasq uses ipset under the hood (domain name routing based on vpn policy), so the dnsmasq bypass solution breaks the policy

wcs2228 · 2022-11-20T01:08:48.673Z

Only the DNS server function of dnsmasq would be disabled and the rest of the functions would be running, not bypassed. It should work like a separate DNS server at a different IP address.

ruu · 2022-11-20T06:08:28.059Z

portforward bypasses dnsmasq, the other solution disables dnsmasq.
if the dns query schema does not include dnsmasq, then the vpn policies will not work

wcs2228:

Only the DNS server function of dnsmasq would be disabled and the rest of the functions would be running, not bypassed. It should work like a separate DNS server at a different IP address.

ruu · 2022-11-20T06:10:37.158Z

In any case, both solutions presented break the vpn policies (name based)

Max3 · 2022-11-20T07:15:52.688Z

Thanks, that actually was the first method I tried, but it also breaks VPN policies.

wcs2228 · 2022-11-20T21:44:07.681Z

Well, it looks like another person has tried unsuccessfully before also, using an RPi AdGuardHome server … that’s too bad

Brume - VPN Policy not working when using AdGuard Home on RPi Technical Support for Routers

Hello. I have a problem which may be a bit long-winded, so I will try and explain my problem the best I can. I have a Brume (version 3.203) and I have AdGuard Home that is installed on a Raspberry Pi 4. Furthermore, I have my VPN policy enabled and set to: VPN for guest network - disabled Use VPN for all processes - disabled Domain/IP Rules - do not use VPN for the following list of websites that I don’t want to use the VPN Using the GL.iNet GUI, if I set the custom DNS to 192.168.8.4 (the I…

Max3 · 2022-11-22T10:30:59.290Z

Well, in the end I decided to use 2 routers to achieve my needs. On a Slate Plus I am running the Wireguard client with VPN policies, and a Slate AX connectet to it trough repeater is running Adguard Home with port forwarding. This way I can finally see all clients requests and I can set different DNS for clients inside Adguard Home (extremely useful for Prime videos e.g.)

wcs2228 · 2022-11-22T19:39:06.707Z

I also have separate AdGuardHome, with 1 primary server running in Docker on a Synology NAS and 1 secondary/backup server running on a LAN-only GL-MV1000 Brume (no routing, so no port forwarding required).

Bitty_Bytes · 2023-01-06T22:51:42.924Z

Wouldn’t just installing the most current version of AGH on GL.Inet routers and using the instructions on openwrt.org be an easier solution?

mkdir /opt/
mkdir /opt/AdGuardHome
cd /opt/AdGuardHome
curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v

Change dnsmasq to port 54 after installing and set AGH to port 53 during the setup wizard or copy/paste your config into /opt/AdGuardHome/AdGuardHome.yaml and http://:3000 should show everything normally.

You don’t the AGH icon and stats page in the GL.Inet GUI this way, but you do get the latest version of AGH on port 53.

shieldtv61 · 2023-01-16T15:34:24.402Z

Thank you, worked for me!!!

sethf · 2023-02-24T18:39:47.506Z

Only downside to this workaround is that it removes the ability to resolve local dns hostnames as registered with the router’s DHCP/dnsmasq setup.

For example I have a local ATA device with hostname ‘ata’. I can no longer ping it via the hostname, I have to use the IP address now.

Be aware of this before implementing the workaround firewall port forward rule.

danielsena · 2023-03-09T11:17:41.414Z

I had the same problem with my opal, however wanted to be able to disable adguardhome for captive portals and easiest to have it on the gl.inet front end (so didn’t want to change default dns port etc), so i put the routing change into the service start stop action…

good point about the local dnsmasq hostname lookup, hadn’t considered that!

i also built a custom firmware with all my settings built into it which comes in handy if i’m messing with my router on holidays and break something… means i can just reset it back to the known working state… very handy!

/etc/init.d/AdGuardHome

start_service()
{
…
iptables -t nat -A PREROUTING -p tcp --dport 53 -j DNAT --to ROUTER_IP:3053
iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to ROUTER_IP:3053
}
stop_service()
{
…
iptables -t nat -D PREROUTING -p tcp --dport 53 -j DNAT --to ROUTER_IP:3053
iptables -t nat -D PREROUTING -p udp --dport 53 -j DNAT --to ROUTER_IP:3053
}

Nosferatu · 2023-04-09T09:57:12.498Z

Hello guys today I switched the port from both services (dnsmasq and adguard) on GL-AX1800 kernel: 4.4.60. It’s working ok. Further info over my blog

wcs2228 · 2023-04-10T01:26:18.364Z

Do you have a DHCP server running on a separate router, not the GL-AX1800? In your procedure, dnsmasq is disabled, so DHCP will not be running on the GL-AX1800?

I do not work for and I am not directly associated with GL.iNet

Nosferatu · 2023-04-10T10:48:44.928Z

I don’t; I think I will list my steps over here it would be better (later I’ll edit it from my website):

Note: The following instruction has been applied into router below

Router: GL-AX1800
Kernel version: 4.4.60

It would be faster if you plug the computer with RJ45 wire.

Steps:
1- do a backup.**
2- connect on your device by ssh.

From here I supposed you have “dnsmasq” service up and running.

3- change dnsmasq port.

echo "port=5300" >> /etc/dnsmasq.conf

4- change port from Adguard config file

vi /etc/AdGuardHome/config.yaml

---
dns:
  bind_hosts:
  - 0.0.0.0
  port: 53
---

5- stop dnsmasq

/etc/init.d/dnsmasq stop.

6- starts Adguard, go to Settings - DHCP Settings and startup DHCP service on Adguard.

image703×255 13.2 KB

7- disable dnsmasq

 /etc/init.d/dnsmasq disable.

8- restart Router

Steps Explanation:
1- not explanation needed, do always a backup before a change.
2- ssh connection to your router.eg: ssh root@x.x.x.x
3- this will change the default port of DHCP service, not needed it but it would be better to apply it; cos at the end you will disable the service thus this port shouldn’t be use it.
4- set the port “53” to Adguard service.
5- as we won’t use it.
6- setup adguard service to be use as dhcp server
7- disable service as we won’t use it any more.
8- test if these changes are persisted.

From my side (Adguard):

root@GL-AX1800:~# netstat -pnlt | grep -E "53"
tcp        0      0 0.0.0.0:xxx             0.0.0.0:x               LISTEN      xxxx/xxxx
tcp        0      0 0.0.0.0:xxx             0.0.0.0:x               LISTEN      xxxx/xxxx
tcp        0      0 :::53                   :::*                    LISTEN      8124/AdGuardHome
tcp        0      0 :::xxx                 :::*                    LISTEN      xxxx/xxxx
tcp        0      0 :::xxxx                  :::*                    LISTEN      xxxx/xxxx

wcs2228 · 2023-04-11T01:28:57.225Z

Nosferatu:

Settings - DHCP Settings and startup DHCP service on Adguard.

Okay. I see that you are using the AdGuardHome DHCP server. It may not be necessary to change the dnsmasq port in /etc/dnsmasq.conf if you are disabling dnsmasq anyway.

To use the DHCP OpenWRT server on the router, it is okay to leave dnsmasq enabled.