Installing pihole directly on asus router

[Tonystarr]

This was a fun project that I took up as a learning experience. After following a few guides I managed to do this and if anyone wants to have it up and running here are the steps. Note, I don't 100% know what I'm doing. This setup just worked for my RT-AC68U router. Overall the cpu and ram seems to handle pihole without trouble. Note having ram swap set up is recommended.
For pihole v5.0 see issue guide

1. Following these guides to get Debian running on the router Stretch, Jessie, or wheezy (anything running wheezy is less likely to work due to compatibility of pi-hole.)
If you get an update error after entering "apt-get update && apt-get upgrade -y" then you need to edit the source.list (This doesn't appear to be a current issue)

nano /etc/apt/sources.list

2. Getting everything ready for pihole

apt-get install curl
apt-get install sudo
sudo -s
mount /proc
cat /proc/mounts > /etc/mtab

3. Installing pihole. For setup make sure the eth or vlan you choose isn't taken by using the "ip a" command.

curl -L https://install.pi-hole.net | bash

If you get back an error relating to storage space try the following instead.

sudo -s
cd /
wget -O basic-install.sh https://install.pi-hole.net
sudo bash basic-install.sh --i_do_not_follow_recommendations

4. Depending on the router you might have to compile FTL. You will know if this is the case if you are getting a "old kernel" error or issues with FTL that isn't related to port number. Just follow this guide for compiling. If you get an Error 1 after entering "sudo make install" that is to be expected just continue the guide.
If you get a port 53 taken error just run the following command.

netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471 \|:5453 \|:8093'
killall -9 dnsmasq

Restart pihole-FTL service.

5. Changing port 80 for the website (if needed)

nano /etc/lighttpd/lighttpd.conf

change it to what you want

sudo /etc/init.d/lighttpd restart

Now you should have pihole running.
creating the following script and adding it to S99debian will allow pihole to start up if the router reboots.

chroot /opt/debian /bin/bash <<"EOT"
sudo ip address add (pihole ip) dev (eth or vlan)
sudo /etc/init.d/lighttpd restart
killall -9 dnsmasq
sudo service pihole-FTL restart
EOT

Don't forget to backup Debian.
DNS over TLS and DNSSEC can be enabled if you add stubby or unbound.
Please feel free to add suggestions or possible improvements.

 

[Delusion]

Thanks . Everything goes smoothly with installing Debian . I am stuck at this line:
mount /proc

it tells me that fstab is not configured or something of this sort. /etc/fstab is empty
(not counting the commented line)

 

[martinr]

This was a fun project that I took up as a learning experience. After following a few guides I managed to do this and if anyone wants to have it up and running here are the steps. Note, I don't 100% know what I'm doing. This setup just worked for my RT-AC68U router. Overall the cpu and ram seems to handle pihole without trouble.

1. Following these guides to get Debian running on the router Stretch, Jessie, or wheezy
If you get an update error after entering

apt-get update && apt-get upgrade -y

then you need to edit the source.list

nano /etc/apt/sources.list

deb http://archive.debian.org/debian/ jessie main
deb-src http://archive.debian.org/debian/ jessie main

deb http://security.debian.org jessie/updates main
deb-src http://security.debian.org jessie/updates main

2. Getting everything ready for pihole

apt-get install curl
apt-get install sudo
mount /proc
cat /proc/mounts > /etc/mtab

3. Installing pihole

sudo -s

curl -L https://install.pi-hole.net | bash

For setup make sure eth1 is selected (I found this to work since eth0 is taken up. Use command "ip a" to see for yourself)

4. Depending on the router you might have to compile FTL. You will know if this is the case if you are getting a "old kernel" error or issues with FTL that isn't related to port number. This is due to incompatible architecture. Just follow this guide for compiling. If you get an Error 1 after entering

sudo make install

that is to be expected just continue the guide.
If you get a port 53 taken error just exit out of debian and run the following command.

sudo netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471 \|:8093'

killall -9 dnsmasq

Go back into debian and restart pihole-FTL service.

5. Changing port 80 for the website (if needed)

nano /etc/lighttpd/lighttpd.conf

change it to what you want

sudo /etc/init.d/lighttpd restart

Now you should have pihole running.
Current issues:

• If the router updates or reboots the ip for pihole no longer is found under eth1. This means the whole thing needs to be reinstalled. (As far as I can tell)
• DNSSEC has some servfail errors according to the root canary test.
• DNS over TLS / Https doesn't seem to work.

Please feel free to add suggestions or possible solutions to these current issues.

Welcome to the forum.

“Note, I don't 100% know what I'm doing.” You’re lucky: I don’t 1% know what I’m doing.

I know you said you’re doing this as a learning exercise, which is a great idea: no better way to learn. But, just in case you haven’t yet come across it, and if your goals change, thelonelycoder’s Diversion

https://www.snbforums.com/threads/diversion-the-router-ad-blocker.48538/

is now a mature program/script that blocks ads on the router. (Best installed through AMTM.)

 

[Tonystarr]

Thanks . Everything goes smoothly with installing Debian . I am stuck at this line:
mount /proc

it tells me that fstab is not configured or something of this sort. /etc/fstab is empty
(not counting the commented line)

What happens when you enter the next command ? The only purpose for this was that those two commands seem to fix the issue where
"curl -L https://install.pi-hole.net | bash" would come back with an error. Like I said I don't fully know what I am doing. Continue to the next commands and let me know if you have any issues. When I get off from work I will try reinstalling it and see if "mount /proc" is actually necessary.

 

[Delusion]

What happens when you enter the next command ? The only purpose for this was that those two commands seem to fix the issue where
"curl -L https://install.pi-hole.net | bash" would come back with an error. Like I said I don't fully know what I am doing. Continue to the next commands and let me know if you have any issues. When I get off from work I will try reinstalling it and see if "mount /proc" is actually necessary.

When I try to instal pi-hole I get this error:

[i] Unknown free disk space!
      We were unable to determine available free disk space on this system.
      You may override this check, however, it is not recommended.
      The option '--i_do_not_follow_recommendations' can override this.
      e.g: curl -L https://install.pi-hole.net | bash /dev/stdin <option>

 

[Tonystarr]

When I try to instal pi-hole I get this error:

[i] Unknown free disk space!
      We were unable to determine available free disk space on this system.
      You may override this check, however, it is not recommended.
      The option '--i_do_not_follow_recommendations' can override this.
      e.g: curl -L https://install.pi-hole.net | bash /dev/stdin <option>

I will have to look into that when I get off in an hour or so. The other way that should work is by following this

sudo -s
cd /
wget -O basic-install.sh https://install.pi-hole.net
sudo bash basic-install.sh --i_do_not_follow_recommendations

 

[Kamil Mirza]

wow great stuff
really wanted to have pihole on ASUS router
tried this on my RT-AC68U 384.12 with Debian Jessie
beforehand I had DoT and 512MB SWAP
had to give router IP address (as STATIC and GATEWAY) during pihole bash install script - or else it failed
had to compile pihole-FTL, killed dnsmasq on ASUS
got queries from only 2 devices, maybe because of DoT
will try again with clean firmware install someday

 

[Not Autistic]

2

I will have to look into that when I get off in an hour or so. The other way that should work is by following this

sudo -s
cd /
wget -O basic-install.sh https://install.pi-hole.net
sudo bash basic-install.sh --i_do_not_follow_recommendations

I'm still waiting for you to provide an update, I have been unable to get Pihole running 100% on my RT-AC68U. Some of your information is contradicting, you said, " Use Stretch, Jessie or wheezy (anything running wheezy is less likely to work due to compatibility of pi-hole.)" So Wheezy won't work (why even list it?) and Stretch will only run on kernel v4.0 or higher (which the RT-AC68U doesn't have) so that only leaves Jessie. Jessie 8.9 can't run Pihole natively without major modifications.

So I'd like to know your configuration, what you had to do to get it running, Please.

 

[Tonystarr]

2



I'm still waiting for you to provide an update, I have been unable to get Pihole running 100% on my RT-AC68U. Some of your information is contradicting, you said, " Use Stretch, Jessie or wheezy (anything running wheezy is less likely to work due to compatibility of pi-hole.)" So Wheezy won't work (why even list it?) and Stretch will only run on kernel v4.0 or higher (which the RT-AC68U doesn't have) so that only leaves Jessie. Jessie 8.9 can't run Pihole natively without major modifications.

So I'd like to know your configuration, what you had to do to get it running, Please.

FTLDNS is limited in its compatibility, but you have the option to compile it yourself. This may or may not work. This is why I kept wheezy in there, because according to some people on pihole forms they managed to get it to work on something that old. As far as my router goes I had to compile FTLDNS, which is a simple process that didn't take that long.

 

[SomeWhereOverTheRainBow]

This was a fun project that I took up as a learning experience. After following a few guides I managed to do this and if anyone wants to have it up and running here are the steps. Note, I don't 100% know what I'm doing. This setup just worked for my RT-AC68U router. Overall the cpu and ram seems to handle pihole without trouble. Note having ram swap set up is recommended.

1. Following these guides to get Debian running on the router Stretch, Jessie, or wheezy (anything running wheezy is less likely to work due to compatibility of pi-hole.)
If you get an update error after entering "apt-get update && apt-get upgrade -y" then you need to edit the source.list Example for Debian Jessie

nano /etc/apt/sources.list

deb http://archive.debian.org/debian/ jessie main
deb-src http://archive.debian.org/debian/ jessie main

deb http://security.debian.org jessie/updates main
deb-src http://security.debian.org jessie/updates main

2. Getting everything ready for pihole

apt-get install curl
apt-get install sudo
sudo -s
mount /proc
cat /proc/mounts > /etc/mtab

3. Installing pihole. For setup make sure the eth or vlan you choose isn't taken by using the "ip a" command.

curl -L https://install.pi-hole.net | bash

If you get back an error relating to storage space try the following instead.

sudo -s
cd /
wget -O basic-install.sh https://install.pi-hole.net
sudo bash basic-install.sh --i_do_not_follow_recommendations

4. Depending on the router you might have to compile FTL. You will know if this is the case if you are getting a "old kernel" error or issues with FTL that isn't related to port number. Just follow this guide for compiling. If you get an Error 1 after entering "sudo make install" that is to be expected just continue the guide.
If you get a port 53 taken error just exit out of debian and run the following command.

netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:471 \|:5453 \|:8093'
killall -9 dnsmasq

Go back into debian and restart pihole-FTL service.

5. Changing port 80 for the website (if needed)

nano /etc/lighttpd/lighttpd.conf

change it to what you want

sudo /etc/init.d/lighttpd restart

Now you should have pihole running.
creating the following script and adding it to S99debian will allow pihole to start up if the router reboots.

chroot /opt/debian /bin/bash <<"EOT"
sudo ip address add (pihole ip) dev (eth or vlan)
sudo /etc/init.d/lighttpd restart
killall -9 dnsmasq
sudo service pihole-FTL restart
EOT

Don't forget to backup Debian.
DNS over TLS and DNSSEC can be enabled if you add stubby or unbound.
Please feel free to add suggestions or possible improvements.

Just out of curiosity, what are you doing within the router itself as far as settings go when you are running this, please explain your overall setup.

 

[Tonystarr]

Just out of curiosity, what are you doing within the router itself as far as settings go when you are running this, please explain your overall setup.

WAN
DNS Server1 and Server2: (set to ip of pihole)
Forward local domain queries: no
Enable DNS Rebind: no
Enable DNSSEC: no
Privacy Protocol : none

LAN:
Under DHCP Server
Domain Name: (pick whatever name you want)
DNS Server 1 and Server 2: (set to ip of pihole)
Advertise router's IP: no
DNSFilter:
Enable DNS-based Filtering: ON
Global Filter Mode: Router # Just ensures that the dns will actually point to pihole and not something else.

Tools - Other Settings:
Use local caching...: no #Since pihole caches addresses you dont need to have local caching turned on

Pi-hole setting on website:
Settings Dns:
Interface listing behavior: Listen on all interfaces
Use conditional forwarding: check (set it to ip of your router) (set local domain name that you made in LAN settings) #just makes sure that pihole can see all addresses on your network.

I also have stubby set up as well let me know if you want that information.

 

[spanjap]

I tried to install pihole following the instructions on a RT-AX88U, but can't get the FTL service running.

If I start or restart it it's saying "Not running".
I don't know which dev (eth or vlan) I have to select (br0 or eth0.....)

Please advice!

 

[spanjap]

I noticed dnsmasq is auto restarting and will bind port 53.
I changed the port for dnsmasq to 5353. Now I can start pihole-FTL.

The problem which I have now is that it's not working for WiFi connected devices!!!!!!

 

[SomeWhereOverTheRainBow]

WAN
DNS Server1 and Server2: (set to ip of pihole)
Forward local domain queries: no
Enable DNS Rebind: no
Enable DNSSEC: no
Privacy Protocol : none

LAN:
Under DHCP Server
Domain Name: (pick whatever name you want)
DNS Server 1 and Server 2: (set to ip of pihole)
Advertise router's IP: no
DNSFilter:
Enable DNS-based Filtering: ON
Global Filter Mode: Router # Just ensures that the dns will actually point to pihole and not something else.

Tools - Other Settings:
Use local caching...: no #Since pihole caches addresses you dont need to have local caching turned on

Pi-hole setting on website:
Settings Dns:
Interface listing behavior: Listen on all interfaces
Use conditional forwarding: check (set it to ip of your router) (set local domain name that you made in LAN settings) #just makes sure that pihole can see all addresses on your network.

I also have stubby set up as well let me know if you want that information.

Yes I would appreciate it to know how to do this with stubby

 

[Tonystarr]

I noticed dnsmasq is auto restarting and will bind port 53.
I changed the port for dnsmasq to 5353. Now I can start pihole-FTL.

The problem which I have now is that it's not working for WiFi connected devices!!!!!!

You shouldn't have to change dnsmasq at all. Can you show me what pops up when you type

netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:5353 \|:5453 \|:8093'

 

[spanjap]

You shouldn't have to change dnsmasq at all. Can you show me what pops up when you type

netstat -nltup | grep 'Proto\|:53 \|:67 \|:80 \|:5353 \|:5453 \|:8093'

I get the following:

 

[Tonystarr]

I get the following:
View attachment 19192

It looks like dnsmasq isn't running because avahi-daemon is taking that port up. Try changing back dnsmasq to port 53. Since Pihole is already running it should stay up with dnsmasq running. Here is what it looks like for me.

 

[Tonystarr]

Yes I would appreciate it to know how to do this with stubby

While I managed to get stubby to fully run with pihole it has an issue when the router reboots. This appears to be the result of ntp not syncing up. fake-hwclock might solve this problem, but I would need to do some trial and error with this. This may not be the same for unbound ? If anyone has a solution for this please share it.

For stubby I just installed it outside of chroot debian. Most of this was already figured out thanks to Xentrk .

opkg install stubby

Next just copied S61stubby into /opt/etc/init.d/ and stubby.yml into /opt/etc/stubby/

 

[spanjap]

It looks like dnsmasq isn't running because avahi-daemon is taking that port up. Try changing back dnsmasq to port 53. Since Pihole is already running it should stay up with dnsmasq running. Here is what it looks like for me.

I'm able to get everything running when assigning a different port number to dnsmasq (5353)
The biggest issue now is that when I disconnect a wifi device and connect it again. The DNS isn't working anymore on that device (There is an exclamation mark on the wifi symbol)
Disconnecting and reconnecting isn't solving that.

The wifi devices connected to the router when starting pihole are all working without problems........

 

[Tonystarr]

I'm able to get everything running when assigning a different port number to dnsmasq (5353)
The biggest issue now is that when I disconnect a wifi device and connect it again. The DNS isn't working anymore on that device (There is an exclamation mark on the wifi symbol)
Disconnecting and reconnecting isn't solving that.

The wifi devices connected to the router when starting pihole are all working without problems........

Just for diagnostic purposes what happens when you change back dnsmasq to port 53. If you do this pihole should be up and running still. Then try disconnecting and reconnecting a device.

Also for clarification what do you mean by "The DNS isn't working anymore on that device"