AdGuard Home is a…
Privacy protection center for you and your devices
Free and open source, powerful network-wide ads & trackers blocking DNS server.
It has a windows, Mac, Android and iOS app. Also a web extension, it is also offering a DNS service, VPN service and a package for OpenWrt. We will focus on the latter, I wrote briefly about it the Ad Blocking, simple & fast entry.
This post is based on this forum entry. The only difference is that it will be installed in an external HDD connected to the OpenWrt router.
- Login to the router
- Update the packages and install wget
opkg update && opkg install wget
- Go to the mounted HDD location and create a folder for AdGuardHome
cd /mnt/sda1 && mkdir AdGuardHome && cd AdGuardHome
Now download the package
wget -c https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.6/AdGuardHome_linux_armv7.tar.gz
- Please note that there are different platform downloads in every release. In this case the selected download is Linux armv7 for OpenWrt installed in a router with an ARMv7 CPU architecture.
- Unpack it
tar xfvz AdGuardHome_linux_armv7.tar.gz
- Remove the unused
And install it with
/mnt/sda1/AdGuardHome/AdGuardHome -s install
- This will create a service to start, restart and stop the package.
- Enable and start the service with
/etc/init.d/AdGuardHome enableand then
- In the browser go to
http://192.168.1.1:3000/(If your router IP is not
192.168.1.1, change this accordingly)
- Setup the Admin Web Interface to listen on
8080. (Changing the web interface port is optional)
- Set DNS server to listen on
- Finally, create an user and choose a strong password.
Configure OpenWrt to use AdGuardHome
- Login into LuCi and go to
Network -> DHCP and DNS, in General Settings set DNS forwardings to
- Go to Resolv and Hosts Files tab and check the Ignore resolv file option.
- Go to
Network -> Firewalland in Custom Rules tab add the following:
iptables -t nat -A PREROUTING -i br-lan -p udp --dport 53 -j DNAT --to 192.168.1.1:5353
iptables -t nat -A PREROUTING -i br-lan -p tcp --dport 53 -j DNAT --to 192.168.1.1:5353
For OpenWrt 22.xx this will not work, since it is not using fw3 but fw4. So it will ignore the custom rules but the workaround is the following:
- Go to
Network -> Firewall -> Port Forwardsand create a the following rule:
Protocol: TCP, UDP
Source zone: lan
External port: 53
Destination zone: lan
Internal IP address: 192.168.1.1
Internal port: 5353
This rule will force that any traffic originated on
lan will go to the OpenWrt router on port
5353. This blog entry explains it and adds a second rule (NAT rule) that is useful when using a separate DNS blocking device, in that scenario a Pi-hole. The second rule will have the source IP rewritten to match the original.
- Open in the web browser
http://192.168.1.1:8080/and go to
Filters -> DNS blocklists
- You can use this regex rules to block ads. Go to
Filters -> Custom filtering rules. This will block by itself around 50% of ads.
- Since AdGuardHome is running from an external HDD connected to the router, all configuration and logs will survive reboots.
- You can do more things with AdGuardHome, like set DNS-over-TLS for more privacy or configure it as a DHCP sever.
- Maybe you want to block complete access to TikTok. AdGuardHome can block popular sites and services and offers parental control.
If you found this content useful, please support me: