MT6000 Adguard Home + VPN – everything right?

lirotia · April 26, 2025, 9:27pm

Hey guys,

I just set up my Flint 2 and since I'm not a pro I would like to clarify if everything is working properly. The router is connected to a modem.

I managed to configure VPN via WireGuard which works fine. I had some trouble getting Adguard Home working but I think it's running but only if I activate "AdGuard Home Handle Client Requests" which interferes with the VPN, right?
I activated encryption, generated a certificate and private key, changed the port because the 443 isn't working and under "Upstream-DNS-Server" use the Quad9 and Cloudflare DNS-Servers for DNS-over-TLS and DNS-over-HTTPS.

What I don't understand is that I see three different IPs: in the Flint VPN settings, on an ip check website (nearly the same IP as in Flints VPN settings) and on dnsleaktest. But they all show the country to which my VPN is set to. The hostname shown by dnsleaktest is dns.adguard-dns.com.

Is everything alright? Do I have to change something? Let me know what infos you need to help me. Oh and the "Top queried domain" in AGH is (myiphone).local. Is this normal?

Edit: I now set the DNS-IP inside the WireGuard VPN details to the IP of AGH and set the VPNs IP als DNS-Upstream-Server in AGH and it seems to work a lot better now. Is this the way to go?

All the best!

lirotia · April 27, 2025, 7:00pm

I allow myself to reply to my own post to give a clearer picture of the current situation.

I now use the WireGuard profile from Proton (without Netshield, I think it's not necessary, isn't it?). I changed the DNS-Address of the profile to the Router IP. Inside AGH I set the original Proton DNS-Address as the only DNS-Upstream Server. Now all test websites give me the same IP (the one from the VPN) and it seems like there is no DNS leak.

Is it all right now? Because I read a lot of people had similar problems but I never read about the "solution" I use now. And is it a problem in any way that I changed the port from DoH inside AGH because the 443 is used by the GUI? I read that Apple devices only use 443 for DoH and it can't be changed.

Edit: The site dnscheck.tools gives me different server locations than all the other test sites …

bruce · May 7, 2025, 3:42am

As long as the test results show the VPN country, DNS means there is no leak and no other problems.

Check whether you can modify the HTTPS port of the GUI and leave port 443 for ADG DOH, if the Apple devices are required.