AdGuard Home is a…

Privacy protection center for you and your devices

Free and open source, powerful network-wide ads & trackers blocking DNS server.

It has a windows, Mac, Android and iOS app. Also a web extension, it is also offering a DNS service, VPN service and a package for OpenWrt. We will focus on the latter, I wrote briefly about it the Ad Blocking, simple & fast entry.

This post is based on this forum entry. The only difference is that it will be installed in an external HDD connected to the OpenWrt router.

Installation

  1. Login to the router ssh root@192.168.1.1
  2. Update the packages and install wget opkg update && opkg install wget
  3. Go to the mounted HDD location and create a folder for AdGuardHome cd /mnt/sda1 && mkdir AdGuardHome && cd AdGuardHome

  4. Now download the package wget -c https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.6/AdGuardHome_linux_armv7.tar.gz

    1. Please note that there are different platform downloads in every release. In this case the selected download is Linux armv7 for OpenWrt installed in a router with an ARMv7 CPU architecture.
  5. Unpack it tar xfvz AdGuardHome_linux_armv7.tar.gz
  6. Remove the unused rm AdGuardHome_linux_armv7.tar.gz

  7. And install it with /mnt/sda1/AdGuardHome/AdGuardHome -s install

    1. This will create a service to start, restart and stop the package.
  8. Enable and start the service with /etc/init.d/AdGuardHome enable and then /etc/init.d/AdGuardHome start
  9. In the browser go to http://192.168.1.1:3000/ (If your router IP is not 192.168.1.1, change this accordingly)
  10. Setup the Admin Web Interface to listen on 192.168.1.1 at port 8080. (Changing the web interface port is optional)
  11. Set DNS server to listen on 192.168.1.1 at port 5353.
  12. Finally, create an user and choose a strong password.

Configure OpenWrt to use AdGuardHome

  1. Login into LuCi and go to Network -> DHCP and DNS, in General Settings set DNS forwardings to 192.168.1.1#5353.
  2. Go to Resolv and Hosts Files tab and check the Ignore resolv file option.
  3. Go to Network -> Firewall and in Custom Rules tab add the following:
iptables -t nat -A PREROUTING -i br-lan -p udp --dport 53 -j DNAT --to 192.168.1.1:5353
iptables -t nat -A PREROUTING -i br-lan -p tcp --dport 53 -j DNAT --to 192.168.1.1:5353

For OpenWrt 22.xx this will not work, since it is not using fw3 but fw4. So it will ignore the custom rules but the workaround is the following:

  • Go to Network -> Firewall -> Port Forwards and create a the following rule:
Name: AdGuardHome
Protocol: TCP, UDP
Source zone: lan
External port: 53
Destination zone: lan
Internal IP address: 192.168.1.1
Internal port: 5353

This rule will force that any traffic originated on lan will go to the OpenWrt router on port 5353. This blog entry explains it and adds a second rule (NAT rule) that is useful when using a separate DNS blocking device, in that scenario a Pi-hole. The second rule will have the source IP rewritten to match the original.

Modify Blocklists

You can add and remove Blocklists as you wish. You can check list from Firebog and oisd.

  1. Open in the web browser http://192.168.1.1:8080/ and go to Filters -> DNS blocklists
  2. You can use this regex rules to block ads. Go to Filters -> Custom filtering rules. This will block by itself around 50% of ads.

Final thoughts

  1. Since AdGuardHome is running from an external HDD connected to the router, all configuration and logs will survive reboots.
  2. You can do more things with AdGuardHome, like set DNS-over-TLS for more privacy or configure it as a DHCP sever.
  3. Maybe you want to block complete access to TikTok. AdGuardHome can block popular sites and services and offers parental control.
If you found this content useful, please support me:
BTC: 1E2YjL6ysiPxRF4AEdXChpzpesRuyzgE1y