AdGuardHome [RELEASE] Asuswrt-Merlin-AdGuardHome-Installer (AMAGHI)

SomeWhereOverTheRainBow

Part of the Furniture
1651965720275.png

Asuswrt-Merlin-AdGuardHome-Installer​

The Official Installer of AdGuardHome for Asuswrt-Merlin

Requirements:​

  • ARM based ASUS routers (not bridges or access points) that use Asuswrt-Merlin Firmware
  • JFFS support and enabled
  • REQUIRES ENTWARE(!) for package management, and a separate USB drive for storage -i.e. the same drive Entware is stored.
  • Recommended to have a 2gb swap file. (can be made with amtm).

Incompatibilities:​

  • No Known Issues

Current features:​

  • AdGuardHome Network-wide ads & trackers blocking DNS server, with multiple dns protocol encryption, and other features.
  • Support ARM based routers
  • Redirect all DNS queries on your network to AdGuardHome if user chooses to use Merlin DNS Filter Option
  • Ability to update AdGuardHome without reinstalling/reconfiguring
  • Improved Installer/Update/Backup Functions.

AdGuardHome Supports Multiple Features​


Features
  • 94.140.14.140: plain DNS (over UDP).
  • tls://dns-unfiltered.adguard.com: encrypted DNS-over-TLS.
  • https://cloudflare-dns.com/dns-query: encrypted DNS-over-HTTPS.
  • quic://dns-unfiltered.adguard.com:784: experimental DNS-over-QUIC support.
  • tcp://1.1.1.1: plain DNS (over TCP).
  • sdns://...: DNS Stamps for DNSCrypt or DNS-over-HTTPS resolvers.
  • [/example.local/]1.1.1.1: DNS upstream for specific domains, see below.
1650241718094.png

A good list of dns servers and how to use them can be found in this post :

Setting Up Your Routers Reverse DNS​


Lan
  • Under Lan DHCP page on Asuswrt-Merlin define a domain such as lan or some-domain like in the image above.
1650241786628.png

  • Define the appropriate rules inside the Private Reverse DNS Servers.
  • It should be noted that the Some-Domain line should be placed in the upstream DNS section.

Changelog:​

https://github.com/jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer/commits/master

Install/Update/Reconfig/Uninstall:​

Run this command from ssh shell and following the prompt for AdGuardHome:

Code:
curl -L -s -k -O https://raw.githubusercontent.com/jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer/master/installer && sh installer

Terminal Commands supported by AdGuardHome​


Traditional Commands:

Code:
/opt/etc/init.d/S99AdGuardHome {start|stop|restart|check|kill|reload}

New Supported Commands (recommended commands):

Code:
service {start|stop|restart|kill|reload}_AdGuardHome

How to check if it works​

Run this command in the ssh shell:
Code:
pidof AdGuardHome
will return a number.
or
Code:
/opt/etc/init.d/S99AdGuardHome check
which will return
Code:
 Checking AdGuardHome...              alive.

  1. While this is an ad-blocker just like Diversion, for all intensive purposes it shall be treated as an alternative and not a replacement. Diversion will continue to function as is.
  2. This script is not intended to be run on Access Points or Bridges.
  3. While browser adblocking can benefit along side AdGuardHome, AdGuardHome is meant to be your only DNS ad-blocking solution, support will not be provided for missconfigurations involving more than one DNS ad-blocking solution.
  4. This script is only intended to install AdGuardHome as a basic local DNS service on an Asuswrt-Merlin router running in router mode, any extra configurations or missconfigurations on your part are beyond the scope of this installer.
  5. This script does not install/configure AdGuardHome as a Remote DoH,DoT,DoQ, or Dnscrypt DNS server.
  6. Feel free to use this thread to share information with each other.
 
Last edited:

SomeWhereOverTheRainBow

Part of the Furniture
As one gracious forum member pointed out in a previous post

A couple of tips for anyone getting ready to install to consider:
1. Be patient. The install takes a while, the router may hit 100% cpu and sit there (quite a while meaning more than a few minutes) because bcrypt-tools is compiled with go locally on the router. Bcrypt-tools is used to convert the user made password to a hash that is only readable to AdGuardHome. Users no longer have to wait for go compiling of bcrypt-tools, we will now use httpasswd which comes from apache on Entware Package Repo.
2. Adguard admin name and password is for the new adguard control page, i.e. the page running on the router, NOT an adguard account on their website.
3. Before attempting to install consider what Entware or DNS scripts that could create conflicts that you may have installed, and remove them before attempting to try this script out. If everything works out then start adding things back slowly.

This list will be added to as more issues are discovered.

Known Issues After Install
1. AdGuardHome --check-config changes bootstrap resolver format to be incorrectly inputted. After install it is important to change them from
format
Code:
  bootstrap_dns:
  - '[9.9.9.9 8.8.8.8]'
to this format
Code:
  bootstrap_dns:
  - 9.9.9.9
  - 8.8.8.8
Inside the WebUI it should look like

1641192206835.png

Here is the issue I opened for those who wish to follow it.
(***ADDED A WORK AROUND IN V1.0.2***)
Though the issue still remains, I have added a workaround to deal with this matter.
 
Last edited:

SomeWhereOverTheRainBow

Part of the Furniture
To configure Guest Networks without YazFi:


an example of some of the addresses for guestnetworks done by the router

Code:
dhcp-range=br1,192.168.101.2,192.168.101.254,255.255.255.0
dhcp-option=br1,3,192.168.101.1
interface=br2
dhcp-range=br2,192.168.102.2,192.168.102.254,255.255.255.0
dhcp-option=br2,3,192.168.102.1

What you need to add to dnsmasq.conf.add:

Code:
dhcp-option=br1,6,192.168.101.1,192.168.101.1

Code:
dhcp-option=br2,6,192.168.102.1,192.168.102.1

DNS enforcement would look like this (add these to firewall-start script):

Code:
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 53 -i br1 -j DNAT --to-destination 192.168.101.1
iptables -t nat -A PREROUTING -p udp -m udp --dport 53 -i br1 -j DNAT --to-destination 192.168.101.1
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 53 -i br2 -j DNAT --to-destination 192.168.102.1
iptables -t nat -A PREROUTING -p udp -m udp --dport 53 -i br2 -j DNAT --to-destination 192.168.102.1


To configure with YazFi:


1643809093804.png


You change the DNS address to reflect the first address of the network. For example, if 192.168.2.0/24 is the network, the address would be 192.168.2.1.

Additionally, if directing the guest network to a VPN server using Yaz-Fi, you must set the "VPN Accept DNS" method to disabled. The below illustrates how:

1643819959619.png

Otherwise the vpn server will force its DNS to clients instead of allowing AdGuardHome as the only DNS.

If you are still interested in using the DNS servers of the VPN provider, just put the vpn dns server addresses in the upstream section of AdGuardHome, otherwise it will travel to the designated DNS servers placed in the upstream section of adguardhome, but it will travel via way of vpn server.

Scribe Integration:

@Markfree has shared a quick and easy way to integrate AdGuardHome with scribe.

However sed command will have to be rerun every time the installer update option is ran because the S99 file for AdGuardHome is dynamically replaced on updates... At least until I have time to add this as a feature to the installer.
 
Last edited:

thelonelycoder

Part of the Furniture
amtm support is coming soon to a router near you…
 

thelonelycoder

Part of the Furniture
I think we're going to need a Diversion vs Adguard comparison :)
I have not had the time to really look at the WebUI but it looks nice. And Diversion is sitting on that test router, waiting in vain for something to do.
 

BreakingDad

Very Senior Member
I currently run adguard on a pi4, you think the performance would be better on a standalone pi or adding to the router?

Great work btw, hope this is added to amtm.
 

BreakingDad

Very Senior Member
o_Oo_Oo_O Pages load slower with Adguardhome, but less memory footprint. That is my for what its worth analysis.
When you say slower, can you be more specific ? On my pi based adguard I get an average processing time of 31ms with literally all the filters and parental controls on.
 

thelonelycoder

Part of the Furniture
Great work btw, hope this is added to amtm.
I‘m the one that gently asked the devs last Friday for this threads installer script to be coded - in the hope that I can add support in amtm.

Things got very busy very quickly behind the scene. The AdGuardHome install script is released, now I have to code my part of the deal.
I‘m about 85% done.
 

SomeWhereOverTheRainBow

Part of the Furniture
When you say slower, can you be more specific ? On my pi based adguard I get an average processing time of 31ms with literally all the filters and parental controls on.
refresh times and query times. it takes longer to load webpages because of the filtering methods. it doesn't imply the ad-blocking isn't good. For example, in comparison with pihole and diversion, I have gotten marginally faster query times with pihole and diversion.
 
Last edited:

SomeWhereOverTheRainBow

Part of the Furniture
I currently run adguard on a pi4, you think the performance would be better on a standalone pi or adding to the router?

Great work btw, hope this is added to amtm.
I imagine it would be. Much faster response times on the router. The only difference is, you may get away with a larger filter size on the rpi than the router. I haven't tested this aspect out yet.
 

SomeWhereOverTheRainBow

Part of the Furniture
Why or how could it be much faster response time on the router? If the raspberry pi (4) is at your lan it should only add 1-2ms, right?
Like I said, still needs testing. I am looking for the many entrepreneurs of the forum to help fill in those gaps. If you feel up to the challenge, let us know. I imagine the response times will be faster, but that is still yet to be tested.
 

thelonelycoder

Part of the Furniture
Support for Asuswrt-Merlin-AdGuardHome-Installer has been added to amtm

Use u in amtm to update to its latest version 3.2.3
 

SomeWhereOverTheRainBow

Part of the Furniture
is there a way to setup a way to bypass Adguard for certain clients like with Diversion.
Dnsfilter on asuswrt-merlin or using iptables. You can also leverage aguardhome to control what (if any) filters get used by the in question client. As far as I know you could send the client through adguardhome and define a ruleset for it that makes it use no filters. Or simply use dnsfilter on asuswrt-merlin to make it completely bypass adguardhome altogether.

Visit the adguardhome wiki to see all that adguardhome is capable of

 
Last edited:

BreakingDad

Very Senior Member
Support for Asuswrt-Merlin-AdGuardHome-Installer has been added to amtm

Use u in amtm to update to its latest version 3.2.3
wow two amtm updates in 1 day :) impressive.
 

zekesdad

Regular Contributor
This exits with an error for me: pastebin.com/igTC64Jn

Seems like it thinks I'm not using a compatible router maybe? I don;t know though, Im on an RT-AX86U with 386.4 fw.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top