VPN wireguard and Adguard Home

bruce · August 15, 2024, 1:20am

Have you configured in your server (router)?

j2zero · August 15, 2024, 2:10am

But we have established his build of firmware doesn't have the custom firewall menu option. Apparently openwrt 22.03.4 uses a different approach. Please re-check the previous two posts. Hence the need to ask where to put the code now...

bruce · August 15, 2024, 4:35am

Thanks for the reminder.

Execute that command in the SSH, can work only for temporarily, is lost on reboot.

Since the firewall menu has not the custom rule, please manual add in the SSH:
Login the SSH,

Create the file: vi /etc/firewall.user
iptables -w -t nat -I PREROUTING -i br-lan -p udp --dport 53 -j DNAT --to 10.0.0.1

image918×465 5.35 KB
chmod 755 /etc/firewall.user
add the custom rule in the /etc/config/firewall:

config include 'user_script'
        option type 'script'
        option path '/etc/firewall.user'
        option reload '1'
        option fw4_compatible '1'

reboot OR /etc/init.d/firewall restart

atorcha · August 15, 2024, 7:02am

I modified it that should be:

iptables -w -t nat -I PREROUTING -i br-lan -p udp --dport 53 -j DNAT --to 10.6.0.1

NOW IT WORKS!!!!!!!
I can see in ADH devices connected to GL-X750

atorcha · August 15, 2024, 8:07am

Not, but it works!

atorcha · August 15, 2024, 4:52pm

Someone in other forum told me:
The redirection rule you added:

Code:

iptables -w -t nat -I PREROUTING -i br-lan -p udp --dport 53 -j DNAT --to 10.6.0.1

Only covers udp dns packets, which most dns requests are, but not all. Some are tcp. For completeness you should also add:

Code:

iptables -w -t nat -I PREROUTING -i br-lan -p tcp --dport 53 -j DNAT --to 10.6.0.1

atorcha · August 23, 2024, 5:14am

Just one question. If I disable the WG Inhaven internet. So I can only navigate with wireguard running.

If i want to navigate without VPN. What I have to do??

Or better, how I can do if I want that one device connected to GL inet doesn’t pass by VPN.

admon · August 23, 2024, 5:18am

That is because you asked for it
You want to send all DNS traffic to AdGuard Home on the other side of the VPN tunnel - which will cause no DNS when the connection is down.

I would highly recommend to redesign your network and needs …

atorcha · August 23, 2024, 5:25am

Ok. That is right.

But For all devices it works perfect. But I have one stream player (fire stick from Amazon) and it sometimes stops playing. I need more speed for that. So, how I can vpn just for firestick?

admon · August 23, 2024, 5:28am

In your setup this isn't possible because it would break your DNS. So after you fixed your DNS (so every side is able to get DNS - no matter if VPN is enabled or not) you can switch the VPN Proxy Policy to exclude your device: VPN Dashboard - GL.iNet Router Docs 4

atorcha · August 23, 2024, 5:30am

I will see