AdGuardHome [RELEASE] Asuswrt-Merlin-AdGuardHome-Installer (AMAGHI)

[SomeWhereOverTheRainBow]

After install of AGH. I choose the option to force all traffic through AGH.

Then maybe you should say no to that then. It sounds like it doesn't work properly with your setup. Or try the ntp script previously posted.

 

[johndoe85]

Then maybe you should say no to that then. It sounds like it doesn't work properly with your setup. Or try the ntp script previously posted.

Yes but i want all trafic to go through AGH, its just this NTP that is an issue, a excluding option for NTP servers would be handy, i guess.

 

[SomeWhereOverTheRainBow]

Yes but i want all trafic to go through AGH, its just this NTP that is an issue, a excluding option for NTP servers would be handy, i guess.

You might be able to request @RMerlin to put it in as a feature request since it is his code in the firmware that writes those rules. Or play around with forwarding the ntp to a different server in the adguardhome upstream section. Or just continue to use ip like you have been.

 

[mrgnex]

Run the commands

opkg install python3 python3-pip python3-bcrypt

Then

pip3 install bcrypt

Report any error messages.

If there are none,

Then you should be able to fix your password with the installer.

I got some errors sadly. After running the first command these errors popped up:

Collected errors:
 * opkg_download: Failed to download https://bin.entware.net/armv7sf-k2.6/python3_3.10.0-1_armv7-2.6.ipk, wget returned 5.
 * opkg_install_pkg: Failed to download python3. Perhaps you need to run 'opkg update'?
 * opkg_install_cmd: Cannot install package python3.
 * opkg_download: Failed to download https://bin.entware.net/armv7sf-k2.6/python3-pip_21.2.3-1_armv7-2.6.ipk, wget returned 5.
 * opkg_install_pkg: Failed to download python3-pip. Perhaps you need to run 'opkg update'?
 * opkg_install_cmd: Cannot install package python3-pip.
 * opkg_download: Failed to download https://bin.entware.net/armv7sf-k2.6/python3-bcrypt_3.1.7-4_armv7-2.6.ipk, wget returned 5.
 * opkg_install_pkg: Failed to download python3-bcrypt. Perhaps you need to run 'opkg update'?
 * opkg_install_cmd: Cannot install package python3-bcrypt.

After running opkg update I got this error:

*** Failed to download the package list from https://bin.entware.net/armv7sf-k2.6/Packages.gz

Collected errors:
 * opkg_download: Failed to download https://bin.entware.net/armv7sf-k2.6/Packages.gz, wget returned 5.

Is this related to some certification issues by any chance?

 

[SomeWhereOverTheRainBow]

I got some errors sadly. After running the first command these errors popped up:

Collected errors:
 * opkg_download: Failed to download https://bin.entware.net/armv7sf-k2.6/python3_3.10.0-1_armv7-2.6.ipk, wget returned 5.
 * opkg_install_pkg: Failed to download python3. Perhaps you need to run 'opkg update'?
 * opkg_install_cmd: Cannot install package python3.
 * opkg_download: Failed to download https://bin.entware.net/armv7sf-k2.6/python3-pip_21.2.3-1_armv7-2.6.ipk, wget returned 5.
 * opkg_install_pkg: Failed to download python3-pip. Perhaps you need to run 'opkg update'?
 * opkg_install_cmd: Cannot install package python3-pip.
 * opkg_download: Failed to download https://bin.entware.net/armv7sf-k2.6/python3-bcrypt_3.1.7-4_armv7-2.6.ipk, wget returned 5.
 * opkg_install_pkg: Failed to download python3-bcrypt. Perhaps you need to run 'opkg update'?
 * opkg_install_cmd: Cannot install package python3-bcrypt.

After running opkg update I got this error:

*** Failed to download the package list from https://bin.entware.net/armv7sf-k2.6/Packages.gz

Collected errors:
 * opkg_download: Failed to download https://bin.entware.net/armv7sf-k2.6/Packages.gz, wget returned 5.

Is this related to some certification issues by any chance?

Yes so it sounds like the reason the installer is not working for you. Something that entware opkg uses is broken in your setup, it might be the certificate as you mention. I honestly don't know how to handle that if it is the case. Perhaps search the forum, I think @thelonelycoder posted a script some time ago that patches the certificate. I honestly don't recall atm though.

 

[mrgnex]

Yes so it sounds like the reason the installer is not working for you. Something that entware opkg uses is broken in your setup, it might be the certificate as you mention. I honestly don't know how to handle that if it is the case. Perhaps search the forum, I think @thelonelycoder posted a script some time ago that patches the certificate. I honestly don't recall atm though.

Got it working! I formatted JFFS and reinstalled everything from scratch. After running
echo insecure >> $HOME/.curlrc
Everything installed fine! Thank you for your help! It was indeed a certification error as discussed here.

 

[dave14305]

You might be able to request @RMerlin to put it in as a feature request since it is his code in the firmware that writes those rules. Or play around with forwarding the ntp to a different server in the adguardhome upstream section. Or just continue to use ip like you have been.

You also perform a binding mount of /rom/etc/resolv.conf in some circumstances that can potentially cause a chicken and egg problem on boot.

Asuswrt-Merlin-AdGuardHome-Installer/AdGuardHome.sh at 2cc2788f26d977cee7a96a5147dd44ea96ab35ce · jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer

The Official Installer of AdGuardHome for Asuswrt-Merlin - jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer

github.com

 

[SomeWhereOverTheRainBow]

You also perform a binding mount of /rom/etc/resolv.conf in some circumstances that can potentially cause a chicken and egg problem on boot.

Asuswrt-Merlin-AdGuardHome-Installer/AdGuardHome.sh at 2cc2788f26d977cee7a96a5147dd44ea96ab35ce · jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer

The Official Installer of AdGuardHome for Asuswrt-Merlin - jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer

github.com

That doesn't get ran until after ntp has sync. So the chicken and the egg is never revealed. Follow the code, and tell me if I am wrong and I will fix it. Adguardhome will not even start until ntp is syncd and no modifications are made to dnsmasq.conf until after it does. Also, the issue the OP is referring to populated itself on their router well before I added that binding mount you are referring to- to the script.

Asuswrt-Merlin-AdGuardHome-Installer/AdGuardHome.sh at 2cc2788f26d977cee7a96a5147dd44ea96ab35ce · jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer

The Official Installer of AdGuardHome for Asuswrt-Merlin - jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer

github.com

Asuswrt-Merlin-AdGuardHome-Installer/AdGuardHome.sh at 2cc2788f26d977cee7a96a5147dd44ea96ab35ce · jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer

The Official Installer of AdGuardHome for Asuswrt-Merlin - jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer

github.com

Therefore this is a router issue presenting itself.

 

[SomeWhereOverTheRainBow]

You also perform a binding mount of /rom/etc/resolv.conf in some circumstances that can potentially cause a chicken and egg problem on boot.

Asuswrt-Merlin-AdGuardHome-Installer/AdGuardHome.sh at 2cc2788f26d977cee7a96a5147dd44ea96ab35ce · jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer

The Official Installer of AdGuardHome for Asuswrt-Merlin - jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer

github.com

It kinda reminds me of issues created when users have wandns1 and 2 empty.

My other question is when does unbound-manager make its modifications in dnsmasq? If it is happening before ntp sync, then it is potentially removing the essential default dns servers line from dnsmasq.conf before it gets a chance to run ntp sync. If it makes these modifications before unbound is even running, and before ntp syncs, then there lies your problem. Keep in mind I have not investigated this making it only conjecture at this time.

Edit: looks like dnsmasq also waits until unbound is running before attempting to append entries to dnsmasq.

Theory of the causes of the problem:

• Wan DNS1 and Wan DNS2 are not set on the WAN page, and WAN DNS is not set to automatic (most likely the case).
• Unbound is somehow attempting to run way earlier than NTP being set in which case the unbound is breaking the resolving of the ntp domains due to waiting for accurate time (I highly doubt it.).
• VPN/ISP/or ROUTER configuration issues (maybe).

 

[Ellenswamy]

Hello all!

I am trying to setup private reverse lookup and believe I followed the steps mentioned in the how to on the first page. But it doesn't appear to be getting host names. Any ideas?

I named the domain lan, put in [/lan/]192.168.50.1:553 into the private lookup and also in the upstream.

 

[SomeWhereOverTheRainBow]

Hello all!

I am trying to setup private reverse lookup and believe I followed the steps mentioned in the how to on the first page. But it doesn't appear to be getting host names. Any ideas?

I named the domain lan, put in [/lan/]192.168.50.1:553 into the private lookup and also in the upstream.

well the installer should do it by default now so you don't have to go through all that. The default uses lan like you have, but it uses the wildcard address (since dnsmasq also runs internally.)
[/lan/][::]:553 . Don't follow those instructions just use the installers defaults. it should do it all just fine for you.

 

[SomeWhereOverTheRainBow]

Hello all!

I am trying to setup private reverse lookup and believe I followed the steps mentioned in the how to on the first page. But it doesn't appear to be getting host names. Any ideas?

I named the domain lan, put in [/lan/]192.168.50.1:553 into the private lookup and also in the upstream.

Here is what the defaults for upstream should look like

with the exception that if you already had a lan defined it would appear as the domain you already defined. Also, you wont see the ip6-prefix arpa if you have ipv6 turned off when you install.

here is what the private reverse looks like:

obviously if your local network IP address is different that the 192 range it will appear differently (e.g. 172.)


the [::] is used to wildcard reference any local port :553 listening address of dnsmasq.

 

[Ellenswamy]

Here is what the defaults for upstream should look like

View attachment 40859

with the exception that if you already had a lan defined it would appear as the domain you already defined. Also, you wont see the ip6-prefix arpa if you have ipv6 turned off when you install.

here is what the private reverse looks like:

View attachment 40860

obviously if your local network IP address is different that the 192 range it will appear differently (e.g. 172.)


the [::] is used to wildcard reference any local port :553 listening address of dnsmasq.

Yup that is what it looks like! Should I remove what I added? And does it take time for it to get the names?

 

[SomeWhereOverTheRainBow]

Yup that is what it looks like! Should I remove what I added? And does it take time for it to get the names?

remove what you have added, and yes for some clients it take time.

currently AdGuardHome has two methods of finding hostnames. RDNS, and ARP. The conundrum they created is that ARP will find client address's for clients that are not as active as other clients, so RDNS will not provide a hostname for those clients until they actually become more active. The problem is that not all ARP implementations supply client hostnames. Sooooo, some clients will appear to not have their host name until they actually require DNS access.

Here is the feature request I opened for this issue. We are not looking to see it resolved until 0.109 version of adguardhome:

Allow RDNS to check/discover hostnames when ARP Implementation does not provide them. · Issue #4419 · AdguardTeam/AdGuardHome

Have a question or an idea? Please search it on our forum to make sure it was not yet asked. If you cannot find what you had in mind, please submit it here. Prerequisites Please answer the followin...

github.com

For example: here is part of my client list.

Notice how all those clients were discovered under ARP. (and yes some of them do have hostnames). Each one of them have not attempted to reach the DNS server, but here we see all the rDNS clients have. They all have their client hostnames listed, except the ARP ones.

 

[Ellenswamy]

One more question for now haha. I tried to add tls for upstream dns and got the one to add from the link you posted. I added it and removed the plain dns ones and the query log is still showing plain dns? What am i missing

Edit: never mind, the plain DNS shown confused me. I highlighted the ? and it showed DOT is being used

 

[SomeWhereOverTheRainBow]

One more question for now haha. I tried to add tls for upstream dns and got the one to add from the link you posted. I added it and removed the plain dns ones and the query log is still showing plain dns? What am i missing

Edit: never mind, the plain DNS shown confused me. I highlighted the ? and it showed DOT is being used

Yea, you will find that sometimes AdGuardHome's method for labeling things can be confusing. I did at first. It really does take a bit to get used to it.

 

[Ellenswamy]

PSA great app to work with AdGuard home for iOS. AdGuard home remote.

 

[SomeWhereOverTheRainBow]

Thanks for your help, managed to reset it. I saw this wiki but I didn't manage to find the .yaml file, found it on the USB flash drive under /etc/AdGuardHome....

I updated the instructions to cover the new way of doing it using python3-bcrypt. And as promised the updated installer now has an option 3 that allows you to change your username and password.

at post #

AdGuardHome - [RELEASE] Asuswrt-Merlin-AdGuardHome-Installer (AMAGHI)

Just checked my PS5 queries in AdGuard from before and after I installed unbound, and it does seem like there is improvement in the response time. From the screenshots you can see unbound serves the cached entries for longer than Adguard does. and in the end when it goes to cloudflare DoT the...

www.snbforums.com

 

[Stylishh1]

I am not able to open WebGUi by http://192.168.1.1:14711 after installation

RT-AC68U:/tmp/home/root# /opt/etc/init.d/S99AdGuardHome check
Checking AdGuardHome... alive.

on the screen everything looks good

 

[SomeWhereOverTheRainBow]

I am not able to open WebGUi by http://192.168.1.1:14711 after installation

RT-AC68U:/tmp/home/root# /opt/etc/init.d/S99AdGuardHome check
Checking AdGuardHome... alive.

on the screen everything looks good

how are you trying to access it? are you on a guest network? main network? wifi? ethernet? what is going on behind the scenes? what do your logistics look like? what browser are you using? are you trying to access over a vpn? did you modify your webui port number?