AdGuardHome [RELEASE] Asuswrt-Merlin-AdGuardHome-Installer (AMAGHI)

[dev_null]

@SomeWhereOverTheRainBow Quick question, what does"min upd" mean, is there another minor version update?
ag open AdGuardHome v1.0.1 -> min upd

It's usually a minor fix "hot fix" with no incremental versioning.

 

[syndicate]

Successfully installed AGH on ac68u via amtm, everything goes smooth during installation and no error prompted.
But when I try to login the WebUI, it give me the "Error: control/login | invalid username or password | 400" ...
Anyone have any idea?
Thanks in advance.

 

[SomeWhereOverTheRainBow]

Successfully installed AGH on ac68u via amtm, everything goes smooth during installation and no error prompted.
But when I try to login the WebUI, it give me the "Error: control/login | invalid username or password | 400" ...
Anyone have any idea?
Thanks in advance.

it doesn't agree with what you created as your username and password inside the ssh terminal

 

[SomeWhereOverTheRainBow]

View attachment 38220

For this part, if my router ip 192.168.50.1, is it right to change like below?


[/50.168.192.in-addr.arpa/]192.168.50.1:553
[/Some-Domain/]192.168.50.1:553

That is correct, but you need to set your domain on the dhcp lan page of your router as well. obviously it wont be Some-Domain unless that is what you define on your dhcp lan page.

 

[SomeWhereOverTheRainBow]

Same here.
Added router ip to dns one and 127.0.0.1 to the second, don't know if that second one is actually needed.

I just define DNSfilter as the router that forces all clients to use AdGuardHome despite any breakage. Also, Users may want to increase the Adguardhome ratelimit. if any one here has noisy clients, the ratelimit could be causing some issues. Adguardhome will return a refused connetion.

 

[syndicate]

it doesn't agree with what you created as your username and password inside the ssh terminal

Just try reinstall again ... and found the following error: "installer: line 812: /opt/bin/bcrypt-tool: not found"
May I know how can I solve this?
Thanks.

 

[SomeWhereOverTheRainBow]

Just try reinstall again ... and found the following error: "installer: line 812: /opt/bin/bcrypt-tool: not found"
May I know how can I solve this?
Thanks.

Paste the entire Terminal output from your installation Redact any info you consider private I need to see what is not working for you.. Also run uninstall before trying to run install. It appears bcrypt-tools is not installing for you so something is not working correctly inside your Entware setup.

 

[SomeWhereOverTheRainBow]

One thing I notice last night, after upgrading to v.1.0.1 I could no longer reach the web interface for adguard.

Rebooting the router fixed that, and I'm back in. Not sure if anyone else experienced the same thing, but thought I'd give a head up

I set adguardhome to run as a service, which is something that it wasn't doing properly before.

pushed it as minor update.

 

[SomeWhereOverTheRainBow]

That is what AdGuardHome is advising? In the web interface if you look at installation guide.
So i just put that there xD

This is all new for me.

This is if you are running adguardhome locally on a device and you want adguardhome to catch ads for that device, you would then tell that device to listen for itself as dns.

 

[syndicate]

Paste the entire Terminal output from your installation Redact any info you consider private I need to see what is not working for you.. Also run uninstall before trying to run install. It appears bcrypt-tools is not installing for you so something is not working correctly inside your Entware setup.

Its the go package that doesn't work..... after I manually remove the go package, then reinstall go_nohf, then install AGH again via amtm, everything works fine and can login WebUI.
Thanks for the great work !!!

 

[SomeWhereOverTheRainBow]

Its the go package that doesn't work..... after I manually remove the go package, then reinstall go_nohf, then install AGH again via amtm, everything works fine and can login WebUI.
Thanks for the great work !!!

What model router are you using, I may have to make an exclusion for certain models so they use the proper go.

 

[syndicate]

What model router are you using, I may have to make an exclusion for certain models so they use the proper go.

AC68U

 

[SomeWhereOverTheRainBow]

AC68U

humor me, but what out put do you get when you put this in the terminal?

opkg print-architecture | awk '!(NR%3)' | awk  '{print $2}'

 

[syndicate]

humor me, but what out put do you get when you put this in the terminal?

opkg print-architecture | awk '!(NR%3)' | awk  '{print $2}'

phui@RT-AC68U:/tmp/home/root#
phui@RT-AC68U:/tmp/home/root# opkg print-architecture | awk '!(NR%3)' | awk '{print $2}'
phui@RT-AC68U:/tmp/home/root#
phui@RT-AC68U:/tmp/home/root# opkg print-architecture
arch all 100
arch armv7-2.6 160
phui@RT-AC68U:/tmp/home/root#

 

[SomeWhereOverTheRainBow]

phui@RT-AC68U:/tmp/home/root#
phui@RT-AC68U:/tmp/home/root# opkg print-architecture | awk '!(NR%3)' | awk '{print $2}'
phui@RT-AC68U:/tmp/home/root#
phui@RT-AC68U:/tmp/home/root# opkg print-architecture
arch all 100
arch armv7-2.6 160
phui@RT-AC68U:/tmp/home/root#

so yours would be

opkg print-architecture | awk '!(NR%2)' | awk  '{print $2}'

which would give off amv7-2.6

 

[SomeWhereOverTheRainBow]

Thank you for that, now I got means to patch with.

 

[SomeWhereOverTheRainBow]

phui@RT-AC68U:/tmp/home/root#
phui@RT-AC68U:/tmp/home/root# opkg print-architecture | awk '!(NR%3)' | awk '{print $2}'
phui@RT-AC68U:/tmp/home/root#
phui@RT-AC68U:/tmp/home/root# opkg print-architecture
arch all 100
arch armv7-2.6 160
phui@RT-AC68U:/tmp/home/root#

If you get a chance or have time to test the installer again, I managed to patch it to install go_nohf for those who need it.

 

[SomeWhereOverTheRainBow]

I think we're going to need a Diversion vs Adguard comparison

I did a YazFi & AdGuardHome analysis. AdGuardHome can listen on each of the guest network addresses for example, if 192.168.1.7 is one of the address, AdGuardHome can be set to listen at 192.168.1.7:53. Set that to the DNS address of the guest network and viola you have yourself a working AdGuardHome-YazFi Network.

 

[sturmstar]

Hi!

Thank you so much for this cool addon - I worked with adguard-home before - so I already configured it a little more and observed two things.

First thing on asuswrt-merlin (has nothing to do with the second thing - and was there right after the installation on my AX86U:

This log entry in the router-log:

06:58:26 dnsmasq-script[3909]: json_object_from_file: error opening file /jffs/nmp_vc_json.js: No such file or directory

...appears every few minutes - don't know if it is harmless or if there is a problem.



Second thing - after I configured encryption with a wildcard cert, enabled DNS-over-TLS on Port 853, port-forwarded the port to the router itself (x.x.0.1) and - because it wasn't working - executed and added the following entry to /jffs/firewall-start:

iptables -I INPUT -p tcp --dport 853 -j ACCEPT

I think this is necessary if you want to open a port on the router itself.

After this everything is working as I want - I needed that so I can put my own DNS-over-TLS resolver on my mobilphone (and also working via mobile network)

Since I enabled HTTPS-over-TLS and activated the incoming port on the router I also get the following log-entries:

Jan 4 06:26:02 AdGuardHome[2545]: 2022/01/04 06:26:02.012291 [error] handling tcp: reading msg: reading len: read tcp 192.168.0.1:853->192.168.0.10:40983: i/o timeout
Jan 4 06:26:14 AdGuardHome[2545]: 2022/01/04 06:26:14.080283 [error] handling tcp: reading msg: reading len: read tcp 192.168.0.1:853->192.168.0.9:40540: i/o timeout
Jan 4 06:26:21 AdGuardHome[2545]: 2022/01/04 06:26:21.071987 [error] handling tcp: reading msg: reading len: read tcp 192.168.0.1:853->192.168.0.10:40985: i/o timeout
Jan 4 06:27:40 AdGuardHome[2545]: 2022/01/04 06:27:40.353486 [error] handling tcp: reading msg: reading len: read tcp 192.168.0.1:853->192.168.0.9:40544: i/o timeout
Jan 4 06:27:58 AdGuardHome[2545]: 2022/01/04 06:27:58.749689 [error] handling tcp: reading msg: reading len: read tcp 192.168.0.1:853->192.168.0.9:40554: i/o timeout
Jan 4 06:28:02 AdGuardHome[2545]: 2022/01/04 06:28:02.566035 [error] handling tcp: reading msg: reading len: read tcp 192.168.0.1:853->77.119.199.28:13302: i/o timeout
Jan 4 06:28:28 AdGuardHome[2545]: 2022/01/04 06:28:28.367093 [error] handling tcp: reading msg: reading len: read tcp 192.168.0.1:853->192.168.0.18:45666: i/o timeout

As I said - everything is working - but I don't unterstand the log-entries.

First of all - the only device which should use TLS is my mobile phone - which is here the 77.119.x.x.
Second thing - why do other devices also use this path?
Third thing - why do INTERNAL devices there get a timeout?
Fourth thing - why IS there a timeout?
Fifth thing - when there is timeout - why is it still working?
Sixt thing - should i worry?

I don't know if anybody could help here - or get some light into dark - but it would be very appreciated.

Thank you and best regards

 

[SomeWhereOverTheRainBow]

Hi!

Thank you so much for this cool addon - I worked with adguard-home before - so I already configured it a little more and observed two things.

First thing on asuswrt-merlin (has nothing to do with the second thing - and was there right after the installation on my AX86U:

This log entry in the router-log:

06:58:26 dnsmasq-script[3909]: json_object_from_file: error opening file /jffs/nmp_vc_json.js: No such file or directory

...appears every few minutes - don't know if it is harmless or if there is a problem.



Second thing - after I configured encryption with a wildcard cert, enabled DNS-over-TLS on Port 853, port-forwarded the port to the router itself (x.x.0.1) and - because it wasn't working - executed and added the following entry to /jffs/firewall-start:

iptables -I INPUT -p tcp --dport 853 -j ACCEPT

I think this is necessary if you want to open a port on the router itself.

After this everything is working as I want - I needed that so I can put my own DNS-over-TLS resolver on my mobilphone (and also working via mobile network)

Since I enabled HTTPS-over-TLS and activated the incoming port on the router I also get the following log-entries:

Jan 4 06:26:02 AdGuardHome[2545]: 2022/01/04 06:26:02.012291 [error] handling tcp: reading msg: reading len: read tcp 192.168.0.1:853->192.168.0.10:40983: i/o timeout
Jan 4 06:26:14 AdGuardHome[2545]: 2022/01/04 06:26:14.080283 [error] handling tcp: reading msg: reading len: read tcp 192.168.0.1:853->192.168.0.9:40540: i/o timeout
Jan 4 06:26:21 AdGuardHome[2545]: 2022/01/04 06:26:21.071987 [error] handling tcp: reading msg: reading len: read tcp 192.168.0.1:853->192.168.0.10:40985: i/o timeout
Jan 4 06:27:40 AdGuardHome[2545]: 2022/01/04 06:27:40.353486 [error] handling tcp: reading msg: reading len: read tcp 192.168.0.1:853->192.168.0.9:40544: i/o timeout
Jan 4 06:27:58 AdGuardHome[2545]: 2022/01/04 06:27:58.749689 [error] handling tcp: reading msg: reading len: read tcp 192.168.0.1:853->192.168.0.9:40554: i/o timeout
Jan 4 06:28:02 AdGuardHome[2545]: 2022/01/04 06:28:02.566035 [error] handling tcp: reading msg: reading len: read tcp 192.168.0.1:853->77.119.199.28:13302: i/o timeout
Jan 4 06:28:28 AdGuardHome[2545]: 2022/01/04 06:28:28.367093 [error] handling tcp: reading msg: reading len: read tcp 192.168.0.1:853->192.168.0.18:45666: i/o timeout

As I said - everything is working - but I don't unterstand the log-entries.

First of all - the only device which should use TLS is my mobile phone - which is here the 77.119.x.x.
Second thing - why do other devices also use this path?
Third thing - why do INTERNAL devices there get a timeout?
Fourth thing - why IS there a timeout?
Fifth thing - when there is timeout - why is it still working?
Sixt thing - should i worry?

I don't know if anybody could help here - or get some light into dark - but it would be very appreciated.

Thank you and best regards

06:58:26 dnsmasq-script[3909]: json_object_from_file: error opening file /jffs/nmp_vc_json.js: No such file or directory
This is normal inside Asuswrt logs in general. it is a known message to appear across many syslogs and is harmless.

As for the logs you are seeing with AdGuardHome, that looks like something you may want to query AdGuardHome about. it could just be handshakes. From My understanding, AdGuardHome fakes those IP's in the syslog so it doesn't actually show the real IP, but I would query over to AdGuardHomes github and ask someone a little bit more knowledgeable on their applets practices. Not sure about the timeouts though. It probably has to do with the device or adguardhome failing to close the connection.

If you are able to load pages I wouldn't worry to much about it.