AdGuardHome [RELEASE] Asuswrt-Merlin-AdGuardHome-Installer (AMAGHI)

Darkje

Regular Contributor
So after a full reinstall . Installed Adguard home. And then IPv6 got fully killed. So I saw you needed investigation. We have full stack IPv6 with dhcp-pd. Could nog get it to go properly. Could be because I actually have 2 connections and I'm running in dual-wan load balanced. Even with Adguard as DHCP did not work. And you loose Aimesh if used.
 

SomeWhereOverTheRainBow

Part of the Furniture
So after a full reinstall . Installed Adguard home. And then IPv6 got fully killed. So I saw you needed investigation. We have full stack IPv6 with dhcp-pd. Could nog get it to go properly. Could be because I actually have 2 connections and I'm running in dual-wan load balanced. Even with Adguard as DHCP did not work. And you loose Aimesh if used.
Did you try adding an ipv6 dns address to adguardhomes gui dns setting page? I have wan aggregation.
 

minhgi

Regular Contributor
That is the correct procedure. How is the performance.
Performance is back to normal. After a few minutes caching queries since since unbound and adhguardhome cache got clear.

Now looking at DNS over TLS or DNS over QUIC setup guide. Do you have any pointers to setup it up?

1641411328513.png
 
Last edited:

SomeWhereOverTheRainBow

Part of the Furniture
Performance is back to normal. After a few minutes caching queries since since unbound and adhguardhome cache got clear.

Now looking at DNS over TLS or DNS over QUIC setup guide. Do you have any pointers to setup it up?

View attachment 38316
Havent tried out their implementation on that, I recommend really reviewing their wiki and possibly Google guides. Read up on as much as you can so you have a firm understanding on what you might have to do.
 

pythonmeister

New Around Here
Hi,

I had a problem with a fresh install trough amtm did an unintall but does not fixed it

Bash:
go: downloading golang.org/x/crypto v0.0.0-20210415154028-4f45737414dc
# gophers.dev/cmds/bcrypt-tool
panic: runtime error: slice bounds out of range [:4202852] with capacity 2725804

the bcrypt-tool is not installed and wont generate a hash from the password.
There by its not possible to login (becaus empty password is not allowed)

I found a dirty bypass an added the hashed password to the yaml and i'm able to login

1: generate a password hash could be done with httpasswd part of apache2 or from a online webpage like https://www.transip.nl/htpasswd/
2: copy the hash from the password online so cut the "username:"
3: open the AdGuardHome settings yaml (mine is here nano /tmp/mnt/AMTM/entware/etc/AdGuardHome/AdGuardHome.yaml)
4: past the hash after the password:
YAML:
users:
- name: user
  password: $2a$13$SEZro.xcyDeRdy7tEMtDalSw5XSEe

this is not a fix ofcourse!

AdguardTeam info

Code:
 Info:  Detected RT-AC86U router.
Info:  Detected Linux platform.
Info:  Detected ARMv8 architecture.
Info:  JFFS custom scripts and configs are already enabled.
Info:  DNS Environment is Ready.
Info:  Choose what you want to do:
  1) Install/Update AdGuardHome
  2) Uninstall
  q) Quit
=>  Please enter the number that designates your selection:, [1-2/q]: 1
Info:  This operation will install AdGuardHome and related files (<6MB)
Info:  to ENTWARE, no other data will be changed.
Info:  Also some start scripts will be installed/modified as required.
=>  Do you want to install AdGuardHome to ENTWARE? [y/n]: y
Info:  Downloading installer
Info:  Downloading AdGuardHome_linux_arm64.tar.gz
./AdGuardHome/
./AdGuardHome/AdGuardHome
./AdGuardHome/LICENSE.txt
./AdGuardHome/AdGuardHome.sig
./AdGuardHome/README.md
./AdGuardHome/CHANGELOG.md
Info:  Creating dnsmasq.postconf file
Info:  Configure dnsmasq.postconf file
Installing go (1.17.4-2) to root...
Downloading https://bin.entware.net/aarch64-k3.10/go_1.17.4-2_aarch64-3.10.ipk
Configuring go.
Please add /opt/bin/go/bin to your PATH
Please set GOROOT=/opt/bin/go environment variable to use GO compiler
go: downloading gophers.dev/cmds/bcrypt-tool v1.1.1
go: downloading golang.org/x/crypto v0.0.0-20210415154028-4f45737414dc
# gophers.dev/cmds/bcrypt-tool
panic: runtime error: slice bounds out of range [:4202852] with capacity 2725804

goroutine 1 [running]:
cmd/internal/goobj.(*Reader).StringAt(...)
        /media/ware4/Entware.2021.12/build_dir/target-aarch64_cortex-a53_glibc-2.27/go-hf/go-1.17.4/src/cmd/internal/goobj/objfile.go:646
cmd/internal/goobj.(*Sym).Name(0x7f66ad6c02, 0x40006544d0)
        /media/ware4/Entware.2021.12/build_dir/target-aarch64_cortex-a53_glibc-2.27/go-hf/go-1.17.4/src/cmd/internal/goobj/objfile.go:317 +0xc4
cmd/link/internal/loader.(*loadState).preloadSyms(0x4000086b70, 0x4000658680, 0x0)
        /media/ware4/Entware.2021.12/build_dir/target-aarch64_cortex-a53_glibc-2.27/go-hf/go-1.17.4/src/cmd/link/internal/loader/loader.go:2170 +0x200
cmd/link/internal/loader.(*Loader).LoadSyms(0x400063c000, 0x44aca0)
        /media/ware4/Entware.2021.12/build_dir/target-aarch64_cortex-a53_glibc-2.27/go-hf/go-1.17.4/src/cmd/link/internal/loader/loader.go:2220 +0x440
cmd/link/internal/ld.(*Link).loadlib(0x40000c6000)
        /media/ware4/Entware.2021.12/build_dir/target-aarch64_cortex-a53_glibc-2.27/go-hf/go-1.17.4/src/cmd/link/internal/ld/lib.go:577 +0x528
cmd/link/internal/ld.Main(0x44aca0, {0x10, 0x20, 0x1, 0x1f, 0x1e, 0x7c00000, {0x29059e, 0x14}, {0x293d32, ...}, ...})
        /media/ware4/Entware.2021.12/build_dir/target-aarch64_cortex-a53_glibc-2.27/go-hf/go-1.17.4/src/cmd/link/internal/ld/main.go:249 +0x1098
main.main()
        /media/ware4/Entware.2021.12/build_dir/target-aarch64_cortex-a53_glibc-2.27/go-hf/go-1.17.4/src/cmd/link/main.go:69 +0xd8c
Info:  Configuring AdGuardHome...
=>  Do you want to redirect all DNS resolutions on your network through to AdGuardHome? [y/n]: y
Info:  DNS is set to redirect All DNS resolutions through this proxy.
Info:  Requesting entries for the for AdGuardHome initial configuration...
Info:  Set the Username and Password which will be encrypted to the yaml file.
=>  Please enter AdGuardHome username: admin
=>  Please enter AdGuardHome password:
=>  Please reenter AdGuardHome password:
installer: line 848: /opt/bin/bcrypt-tool: not found
Info:  Set the DNS server(s) for initializing AdGuardHome
Info:  and router services (e.g. ntp) at boot
=>  Default is 9.9.9.9: 9.9.9.9
=>  2nd Default is 8.8.8.8: 8.8.8.8
Info:  Writing AdGuardHome configuration...
Info:  Checking AdGuardHome configuration...
2022/01/05 23:02:16.520027 [info] AdGuard Home, version v0.107.2
2022/01/05 23:02:16.520600 [info] home.upgradeSchema0to1(): called
2022/01/05 23:02:16.520617 [info] deleting /tmp/mnt/AMTM/entware/etc/AdGuardHome/dnsfilter.txt as we don't need it anymore
2022/01/05 23:02:16.520676 [info] home.upgradeSchema1to2(): called
2022/01/05 23:02:16.520687 [info] deleting /tmp/mnt/AMTM/entware/etc/AdGuardHome/Corefile as we don't need it anymore
2022/01/05 23:02:16.520721 [info] home.upgradeSchema2to3(): called
2022/01/05 23:02:16.520770 [info] home.upgradeSchema3to4(): called
2022/01/05 23:02:16.520789 [info] home.upgradeSchema4to5(): called
2022/01/05 23:02:16.520809 [info] home.upgradeSchema5to6(): called
2022/01/05 23:02:16.520818 [info] Upgrade yaml: 6 to 7
2022/01/05 23:02:16.520827 [info] Upgrade yaml: 7 to 8
2022/01/05 23:02:16.520842 [info] Upgrade yaml: 8 to 9
2022/01/05 23:02:16.520853 [info] Upgrade yaml: 9 to 10
2022/01/05 23:02:16.520875 [info] Upgrade yaml: 10 to 11
2022/01/05 23:02:16.520888 [info] Upgrade yaml: 11 to 12
2022/01/05 23:02:17.894023 [info] configuration file is ok
2022/01/05 23:02:17.940148 [info] AdGuard Home, version v0.107.2
2022/01/05 23:02:17.941523 [info] configuration file is ok
Info:  Starting AdGuardHome...
Starting AdGuardHome...              done.
Starting AdGuardHome...              done.
Info:  AdGuardHome setup is complete.
Info:  To visit AdGuardHome,
Info:  please go to http://192.168.1.1:14711 .
Info:  You can use the WebUI to change things to your liking!
Info:  Stop by https://github.com/AdguardTeam/AdGuardHome/wiki
Info:  for any configuration needs.
Info:  Operation completed. You can quit or continue
 

SomeWhereOverTheRainBow

Part of the Furniture
Hi,

I had a problem with a fresh install trough amtm did an unintall but does not fixed it

Bash:
go: downloading golang.org/x/crypto v0.0.0-20210415154028-4f45737414dc
# gophers.dev/cmds/bcrypt-tool
panic: runtime error: slice bounds out of range [:4202852] with capacity 2725804

the bcrypt-tool is not installed and wont generate a hash from the password.
There by its not possible to login (becaus empty password is not allowed)

I found a dirty bypass an added the hashed password to the yaml and i'm able to login

1: generate a password hash could be done with httpasswd part of apache2 or from a online webpage like https://www.transip.nl/htpasswd/
2: copy the hash from the password online so cut the "username:"
3: open the AdGuardHome settings yaml (mine is here nano /tmp/mnt/AMTM/entware/etc/AdGuardHome/AdGuardHome.yaml)
4: past the hash after the password:
YAML:
users:
- name: user
  password: $2a$13$SEZro.xcyDeRdy7tEMtDalSw5XSEe

this is not a fix ofcourse!

AdguardTeam info

Code:
 Info:  Detected RT-AC86U router.
Info:  Detected Linux platform.
Info:  Detected ARMv8 architecture.
Info:  JFFS custom scripts and configs are already enabled.
Info:  DNS Environment is Ready.
Info:  Choose what you want to do:
  1) Install/Update AdGuardHome
  2) Uninstall
  q) Quit
=>  Please enter the number that designates your selection:, [1-2/q]: 1
Info:  This operation will install AdGuardHome and related files (<6MB)
Info:  to ENTWARE, no other data will be changed.
Info:  Also some start scripts will be installed/modified as required.
=>  Do you want to install AdGuardHome to ENTWARE? [y/n]: y
Info:  Downloading installer
Info:  Downloading AdGuardHome_linux_arm64.tar.gz
./AdGuardHome/
./AdGuardHome/AdGuardHome
./AdGuardHome/LICENSE.txt
./AdGuardHome/AdGuardHome.sig
./AdGuardHome/README.md
./AdGuardHome/CHANGELOG.md
Info:  Creating dnsmasq.postconf file
Info:  Configure dnsmasq.postconf file
Installing go (1.17.4-2) to root...
Downloading https://bin.entware.net/aarch64-k3.10/go_1.17.4-2_aarch64-3.10.ipk
Configuring go.
Please add /opt/bin/go/bin to your PATH
Please set GOROOT=/opt/bin/go environment variable to use GO compiler
go: downloading gophers.dev/cmds/bcrypt-tool v1.1.1
go: downloading golang.org/x/crypto v0.0.0-20210415154028-4f45737414dc
# gophers.dev/cmds/bcrypt-tool
panic: runtime error: slice bounds out of range [:4202852] with capacity 2725804

goroutine 1 [running]:
cmd/internal/goobj.(*Reader).StringAt(...)
        /media/ware4/Entware.2021.12/build_dir/target-aarch64_cortex-a53_glibc-2.27/go-hf/go-1.17.4/src/cmd/internal/goobj/objfile.go:646
cmd/internal/goobj.(*Sym).Name(0x7f66ad6c02, 0x40006544d0)
        /media/ware4/Entware.2021.12/build_dir/target-aarch64_cortex-a53_glibc-2.27/go-hf/go-1.17.4/src/cmd/internal/goobj/objfile.go:317 +0xc4
cmd/link/internal/loader.(*loadState).preloadSyms(0x4000086b70, 0x4000658680, 0x0)
        /media/ware4/Entware.2021.12/build_dir/target-aarch64_cortex-a53_glibc-2.27/go-hf/go-1.17.4/src/cmd/link/internal/loader/loader.go:2170 +0x200
cmd/link/internal/loader.(*Loader).LoadSyms(0x400063c000, 0x44aca0)
        /media/ware4/Entware.2021.12/build_dir/target-aarch64_cortex-a53_glibc-2.27/go-hf/go-1.17.4/src/cmd/link/internal/loader/loader.go:2220 +0x440
cmd/link/internal/ld.(*Link).loadlib(0x40000c6000)
        /media/ware4/Entware.2021.12/build_dir/target-aarch64_cortex-a53_glibc-2.27/go-hf/go-1.17.4/src/cmd/link/internal/ld/lib.go:577 +0x528
cmd/link/internal/ld.Main(0x44aca0, {0x10, 0x20, 0x1, 0x1f, 0x1e, 0x7c00000, {0x29059e, 0x14}, {0x293d32, ...}, ...})
        /media/ware4/Entware.2021.12/build_dir/target-aarch64_cortex-a53_glibc-2.27/go-hf/go-1.17.4/src/cmd/link/internal/ld/main.go:249 +0x1098
main.main()
        /media/ware4/Entware.2021.12/build_dir/target-aarch64_cortex-a53_glibc-2.27/go-hf/go-1.17.4/src/cmd/link/main.go:69 +0xd8c
Info:  Configuring AdGuardHome...
=>  Do you want to redirect all DNS resolutions on your network through to AdGuardHome? [y/n]: y
Info:  DNS is set to redirect All DNS resolutions through this proxy.
Info:  Requesting entries for the for AdGuardHome initial configuration...
Info:  Set the Username and Password which will be encrypted to the yaml file.
=>  Please enter AdGuardHome username: admin
=>  Please enter AdGuardHome password:
=>  Please reenter AdGuardHome password:
installer: line 848: /opt/bin/bcrypt-tool: not found
Info:  Set the DNS server(s) for initializing AdGuardHome
Info:  and router services (e.g. ntp) at boot
=>  Default is 9.9.9.9: 9.9.9.9
=>  2nd Default is 8.8.8.8: 8.8.8.8
Info:  Writing AdGuardHome configuration...
Info:  Checking AdGuardHome configuration...
2022/01/05 23:02:16.520027 [info] AdGuard Home, version v0.107.2
2022/01/05 23:02:16.520600 [info] home.upgradeSchema0to1(): called
2022/01/05 23:02:16.520617 [info] deleting /tmp/mnt/AMTM/entware/etc/AdGuardHome/dnsfilter.txt as we don't need it anymore
2022/01/05 23:02:16.520676 [info] home.upgradeSchema1to2(): called
2022/01/05 23:02:16.520687 [info] deleting /tmp/mnt/AMTM/entware/etc/AdGuardHome/Corefile as we don't need it anymore
2022/01/05 23:02:16.520721 [info] home.upgradeSchema2to3(): called
2022/01/05 23:02:16.520770 [info] home.upgradeSchema3to4(): called
2022/01/05 23:02:16.520789 [info] home.upgradeSchema4to5(): called
2022/01/05 23:02:16.520809 [info] home.upgradeSchema5to6(): called
2022/01/05 23:02:16.520818 [info] Upgrade yaml: 6 to 7
2022/01/05 23:02:16.520827 [info] Upgrade yaml: 7 to 8
2022/01/05 23:02:16.520842 [info] Upgrade yaml: 8 to 9
2022/01/05 23:02:16.520853 [info] Upgrade yaml: 9 to 10
2022/01/05 23:02:16.520875 [info] Upgrade yaml: 10 to 11
2022/01/05 23:02:16.520888 [info] Upgrade yaml: 11 to 12
2022/01/05 23:02:17.894023 [info] configuration file is ok
2022/01/05 23:02:17.940148 [info] AdGuard Home, version v0.107.2
2022/01/05 23:02:17.941523 [info] configuration file is ok
Info:  Starting AdGuardHome...
Starting AdGuardHome...              done.
Starting AdGuardHome...              done.
Info:  AdGuardHome setup is complete.
Info:  To visit AdGuardHome,
Info:  please go to http://192.168.1.1:14711 .
Info:  You can use the WebUI to change things to your liking!
Info:  Stop by https://github.com/AdguardTeam/AdGuardHome/wiki
Info:  for any configuration needs.
Info:  Operation completed. You can quit or continue
We had an issue with "go" not working on some users setups, so I added a patch to allow "go_nohf" to be installed. This is the first time I have seen a user having an issue with "go" on aarch64 bit though. you may have to uninstall "go" and reinstall it to resolve the issue. At any rate- I have uninstalled and reinstalled on my test setup over 100 times with no bcrypt tools failures.


**Edit** looks like i can invest in using htpasswd
 

minhgi

Regular Contributor
Havent tried out their implementation on that, I recommend really reviewing their wiki and possibly Google guides. Read up on as much as you can so you have a firm understanding on what you might have to do.
1641473127151.png


This part here, I got it setup reusing the certificate cert and private key from the Asus DDNS "Let's Encrypt". I don't want to have generate separate certificate just for Adguard Home.

I found a detail instruction how Adguard, Unbound, and DOT/DOH/DOQ configuare but it's alittle over my head.

 

SomeWhereOverTheRainBow

Part of the Furniture
View attachment 38356

This part here, I got it setup reusing the certificate cert and private key from the Asus DDNS "Let's Encrypt". I don't want to have generate separate certificate just for Adguard Home.

I found a detail instruction how Adguard, Unbound, and DOT/DOH/DOQ configuare but it's alittle over my head.

I do something similar using nginx and a http proxy.
 

minhgi

Regular Contributor
I looked over the guide and only see I'm missing the binding port for AdguardHome.yaml and set my bootstrap server to unbound IP/Port. You think that would be revalaent configure.

( f ) # nano /opt/AdGuardHome/AdGuardHome.yaml

web_session_ttl: 720
dns:
bind_hosts:
- 127.0.0.1
- ::1
port: 5353
 

SomeWhereOverTheRainBow

Part of the Furniture
I looked over the guide and only see I'm missing the binding port for AdguardHome.yaml and set my bootstrap server to unbound IP/Port. You think that would be revalaent configure.

( f ) # nano /opt/AdGuardHome/AdGuardHome.yaml

web_session_ttl: 720
dns:
bind_hosts:
- 127.0.0.1
- ::1
port: 5353
The bootstrap part, no because if your unbound goes down, ergo any encrypted services you are using. The bootstrap dns through query verifies service is active and tells that there is service to allow the encrypted queries out.
 

SomeWhereOverTheRainBow

Part of the Furniture
I looked over the guide and only see I'm missing the binding port for AdguardHome.yaml and set my bootstrap server to unbound IP/Port. You think that would be revalaent configure.

( f ) # nano /opt/AdGuardHome/AdGuardHome.yaml

web_session_ttl: 720
dns:
bind_hosts:
- 127.0.0.1
- ::1
port: 5353
If you are trying to tell adguard to use unbound, then you only change your upstream dns on the gui page to listen to your unbound address and port. Don't mess with any other settings on the dns page. I tried it out with unbound, it seems to work well aside from a few caviots such as limited support for using unbound ipv6 upstream. It seemed no matter how I configured it, unbound ipv6 did not want to function properly with adguardhome.
 

minhgi

Regular Contributor
If you are trying to tell adguard to use unbound, then you only change your upstream dns on the gui page to listen to your unbound address and port. Don't mess with any other settings on the dns page. I tried it out with unbound, it seems to work well aside from a few caviots such as limited support for using unbound ipv6 upstream. It seemed no matter how I configured it, unbound ipv6 did not want to function properly with adguardhome.
haha. I got into Fiasco with my Nest Thermostats and Samsung Smart TV not working after enable AdguardHome. I have to disable ADH for now to get them working. Adguard log didn't show any block for either devices and I have even exclude the device mac in the Asus DNS Filter.

Good to know about the IPV6 caveat.
 

minhgi

Regular Contributor
I gave second try and reinstall Adguard Home and got new upstream servers entries. All my devices now working properly.

[/use-application-dns.net/]192.168.1.1:553
[/dns.resolver.arpa/]192.168.1.1:553
9.9.9.9
8.8.8.8
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top