Adguard home как установить на роутер

Нужно понимать, что блокировка рекламы с помощью блокировки доменов никогда не будет столь же эффективным способом борьбы с рекламой, как AdblockPlus/uBlock в браузере. Бывают случаи, когда реклама загружается с того же домена, что и полезный контент. Либо адреса рекламных доменов меняются так часто, что их невозможно блокировать все (YouTube). Браузерные дополнения борются с этим, скрывая такую рекламу непосредственно перед отрисовкой на экране, чего роутер сделать, по понятным причинам, не может. Тем не менее, блокировка рекламы с помощью блокировки доменов имеет смысл — например, если на клиентском устройстве реклама показывается в какой-нибудь мобильной игре или приложении, куда браузерный Adblock не установишь. Просто не нужно ожидать, что такая блокировка будет настолько же хороша, как при использовании AdblockPlus/uBlock и торопиться удалять эти дополнения из браузера.

  1. Установите поддержку репозитория Entware по инструкции.

  2. Установите AdGuard Home:
    opkg update
    opkg install adguardhome-go
    
  3. Отключите DNS-сервер, встроенный в прошивку Keenetic. Подключитесь к CLI (не путайте с SSH-сервером из Entware, который на порту 222):
    opkg dns-override
    system configuration save
    

    после этого пропадёт доступ в Интернет, это нормально (ведь родной dns-proxy кинетика вы только что отключили, а AdGuard Home займёт его место лишь после прохождения первоначальной настройки).

  4. Запустите AdGuard Home:
    /opt/etc/init.d/S99adguardhome start
    
  5. Откройте в браузере мастер первоначальной настройки AdGuard Home по адресу http://IP-адрес-роутера:3000. В дальнейшем будем считать, что этот адрес — http://192.168.1.1:3000

  6. Произведите первоначальную настройку. Веб-интерфейс повесьте на Все интерфейсы, порт 1234, DNS-сервер повесьте на Все интерфейсы, порт 53. Также придумайте логин и пароль (чтобы не усложнять, можно использовать логин/пароль от админки роутера).

  7. Зайдите по адресу http://IP-адрес-роутера:1234 (в нашем примере — http://192.168.1.1:1234) и настройте остальное (подписки, фильтры, upstream DNS) по вкусу.

Решение популярных проблем

Не обновляются подписки по HTTPS

При установке AdGuard Home должен был автоматически установиться пакет ca-bundle, если он не установлен, то установите его (либо можно установить пакет ca-certificates):

opkg update
opkg install ca-bundle

Периодически перестают открываться веб-страницы. В веб-интерфейсе управления роутером видна загрузка процессора на 98-99%

Отключите в настройках AdGuard Home безопасную навигацию и родительский контроль. Если поможет, то это означает, что процессор роутера не справляется с нагрузкой, создаваемой этими функциями.

Использование с VPN Antizapret

1) убедитесь, что Antizapret настроен по этой инструкции.

2) в «http://192.168.1.1:1234/#dns → Upstream DNS-серверы» удалите все имеющиеся там адреса и впишите те, которые вы указывали в свойствах подключения к провайдеру (прошивка 3.7) или в профиле AntiZapret (прошивка 3.8 и новее).

Добавление домена в белый список

Почитайте про пользовательские фильтры в раздел настроек «Фильтры → Пользовательское правило фильтрации» и добавьте туда фильтр, который разблокирует доступ к нужному вам домену.

Удаление AdGuard Home:

1) остановите его:

/opt/etc/init.d/S99adguardhome stop

2) удалите AdGuard Home:

opkg remove adguardhome-go

3) включите DNS-сервер, встроенный в прошивку Keenetic. Подключитесь к CLI (не путайте с SSH-сервером из Entware, который на порту 222):

no opkg dns-override
system configuration save

AdGuard Home (AGH) is a free and open source network-wide advertising and trackers blocking DNS server. It operates as a DNS server that re-routes tracking domains to a “black hole”, thus preventing your devices from connecting to those servers. It is based on software used with public AdGuard DNS servers.

In addition, AdGuard Home also offers DNS encryption features such as DNS over TLS (DoT) and DNS over HTTPS (DoH) built-in without any additional packages needed.

Routers with low RAM, flash/storage space or slower processors will potentially not be suitable to run AdGuard Home. You may want to run AdGuard Home on another client instead if you have any of the mentioned system resource limitations with your router. The following requirements below are provided as general guidance.

The amount of RAM required will also be relative to the filter lists you use.

Routers with less than 128MB of RAM or only having a single core processor will tend to perform poorly. The homehub_v5a was used for testing the 0.107.0 edge and release builds.

An alternative option could be to use a Raspberry Pi Zero plugged into your routers USB port to run AGH. Using a Pi Zero for AGH.

For the best performance and lowest latency on DNS requests, AGH should be your primary DNS resolver in your DNS chain. If you currently have dnsmasq or unbound installed, you should move these services to an alternative port and have AGH use DNS port 53 with upstream DNS resolvers of your choice configured. This wiki recommends keeping dnsmasq/unbound as your local/PTR resolver for Reverse DNS.

The rationale for this is due to resolvers like dnsmasq forking each DNS request when AGH is set as an upstream, this will have an impact on DNS latency which is can be viewed in the AGH dashboard. You will also not benefit from being able to see the DNS requests made by each client if AGH is not your primary DNS resolver as all traffic will appear from your router.

The install script in the setup section will move dnsmasq to port 54 and set it for AGH to use as local PTR / reverse DNS lookups.

The compiled AdGuardHome binary has grown since the 0.107.0 release. For many routers this will be quite a significant amount of storage taken up in the overlay filesystem. In addition, features like statistics and query logging will also require further storage space when being written to the working directory. For routers with less flash space, it is highly recommended to use USB or an external storage path to avoid filling up your overlay filesystem. If you have low flash space, you may want to use the custom installation method and have all of the AdGuard Home installation stored outside of your flash storage. Alternatively you can also perform an exroot configuration.

Currently (May 2022 edge build 108) a full install to the /opt folder you really require about 100mb of space.

You can tweak your logging to keep things smaller if required.

One of the main benefits of AGH is the detailed query and statistics data provided, however for many routers having long retention periods for this data can cause issues (see flash/storage space requirements). If you are using the default tmpfs storage, you should set a relatively short retention period or disable logging altogether. If you want to have longer retention periods for query/statistics data, consider moving the storage directory to outside your routers flash space.

Since 21.02, there is a official AdGuard Home package which can be installed through opkg.

The opkg package for 21.02 has also been confirmed to work on 19.07, but will require transferring the correct ipk through SSH or SCP and installing with opkg manually due to not being present in the 19.07 packages repository.

Required dependencies (ca-bundle) are automatically resolved and installed when using the official package.

opkg update
opkg install adguardhome

The official OpenWrt package uses the following paths and directories by default:

The default configured working directory will mean query logs and statistics will be lost on a reboot. To avoid this you should configure a persistent storage path such as /opt or /mnt with external storage and update the working directory accordingly.

To have AdGuard Home automatically start on boot and to start the service:

service adguardhome enable
service adguardhome start

After installing the opkg package, run the following commands through SSH to prepare for making AGH the primary DNS resolver. These instructions assume you are using dnsmasq. This will demote dnsmasq to an internal DNS resolver only.

The ports chosen are either well known alternate ports or reasonable compromises. You are free to edit the scripts to use your own ports but you should check with https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers for reserved ports.

# Get the first IPv4 and IPv6 Address of router and store them in following variables for use during the script.
NET_ADDR=$(/sbin/ip -o -4 addr list br-lan | awk 'NR==1{ split($4, ip_addr, "/"); print ip_addr[1] }')
NET_ADDR6=$(/sbin/ip -o -6 addr list br-lan scope global | awk 'NR==1{ split($4, ip_addr, "/"); print ip_addr[1] }')
 
echo "Router IPv4 : ""${NET_ADDR}"
echo "Router IPv6 : ""${NET_ADDR6}"
 
# 1. Enable dnsmasq to do PTR requests.
# 2. Reduce dnsmasq cache size as it will only provide PTR/rDNS info.
# 3. Disable rebind protection. Filtered DNS service responses from blocked domains are 0.0.0.0 which causes dnsmasq to fill the system log with possible DNS-rebind attack detected messages.
# 4. Move dnsmasq to port 54.
# 5. Set Ipv4 DNS advertised by option 6 DHCP 
# 6. Set Ipv6 DNS advertised by DHCP
uci set dhcp.@dnsmasq[0].noresolv="0"
uci set dhcp.@dnsmasq[0].cachesize="1000"
uci set dhcp.@dnsmasq[0].rebind_protection='0'
uci set dhcp.@dnsmasq[0].port="54"
uci -q delete dhcp.@dnsmasq[0].server
uci add_list dhcp.@dnsmasq[0].server="${NET_ADDR}"
 
#Delete existing config ready to install new options.
uci -q delete dhcp.lan.dhcp_option
uci -q delete dhcp.lan.dns
 
# DHCP option 6: which DNS (Domain Name Server) to include in the IP configuration for name resolution
uci add_list dhcp.lan.dhcp_option='6,'"${NET_ADDR}" 
 
#DHCP option 3: default router or last resort gateway for this interface
uci add_list dhcp.lan.dhcp_option='3,'"${NET_ADDR}"
 
#Set IPv6 Announced DNS
for OUTPUT in $(ip -o -6 addr list br-lan scope global | awk '{ split($4, ip_addr, "/"); print ip_addr[1] }')
do
	echo "Adding $OUTPUT to IPV6 DNS"
	uci add_list dhcp.lan.dns=$OUTPUT
done
uci commit dhcp
/etc/init.d/dnsmasq restart

Setup AGH through the web interface

On first time setup the default web interface port is TCP 3000.

  1. Setup the Admin Web Interface to listen on 192.168.1.1 at port 8080. (Changing the web interface port is optional)

  2. Set DNS server to listen on 192.168.1.1 at port 53.

  3. Create an user and choose a strong password.

Login AGH

Feel free to change upstream DNS servers to whatever you like (Adguard Home supports DoH, DoT and DoQ out of the box), add the blacklists of your preference and enjoy ad-free browsing on all of your devices.

For older builds, a custom installation or running the latest edge builds you can follow several well written guides by members of the community:

Recommendations and best configuration practices for using AGH on OpenWrt.

AdGuard Home has it’s own web interface for configuration and management and is not managed through LuCI. There is no official LuCI application for managing AdGuard Home. By default the web setup interface will be on port TCP 3000. To access the web interface, use the IP of your router: http://192.168.1.1:3000. If this is the first time you have installed AdGuard Home you will go through the setup process.

By default LuCI will be configured to use standard ports TCP 80/443, so AdGuard Home will need to use an alternative port for the web interface. You can use the default setup port TCP 3000 or change it to an alternative (8080 is the usual port 80 replacememt).

Once AGH is active then follow the official AdGuard Home wiki instructions to configure upstreams and filters. A list of known DNS providers and settings is here : Known DNS Providers

Note: Some settings may not be editable via the web interface and instead will need to be changed by editing the adguardhome.yaml configuration file.

If you already use Nginx with LuCI rather than uHTTPd you can reverse proxy the AdGuard Home interface. This can simplify accessing the AdGuard Home interface and not having to worry about URLs with non standard HTTP ports. Using a reverse proxy also means you don’t have to specifically configure HTTPS access through AdGuard Home and can instead utilise the HTTPS configuration of LuCI instead.

The following example will allow accessing the AdGuard Home interface as a sub directory path /adguard-home. If your router IP or AdGuard Home http_port value is different, change it accordingly.

location /adguard-home/ {
    proxy_pass http://192.168.1.1:8080/;
    proxy_redirect / /adguard-home/;
    proxy_cookie_path / /adguard-home/;
}

Accessing in your browser: http://[ROUTER]/adguard-home.

You can read more reverse proxy configurations from the Nginx docs.

Disable DoH encryption on AdGuard Home

If you have configured TLS on LuCI, there’s no need to use TLS on AdGuard Home. Set allow_unencrypted_doh to false in adguardhome.yaml to allow AdGuard Home respond to DoH requests without TLS encryption.

To enable rDNS so AGH picks up your DHCP assignments from OpenWrt.

  1. From the AdGuard Home web interface SettingsDNS settings

  2. Scroll to “Private reverse DNS servers”

  3. Add 192.168.1.1:54

  4. Tick both “Use private reverse DNS resolvers” and “Enable reverse resolving of clients’ IP addresses” boxes and click apply.

LAN domain interception

Adding the following to the Upstream DNS Server configuration will intercept any LAN domain request or requests without a FQDN and pass those requests to the appropriate resolver, which is mostly like your OpenWrt router but it doesn’t have to be.

The default LAN domain configured by OpenWrt is “lan”, but if you have configured you own domain, you can use this in the example code below:

(127.0.0.1) local loopback is used here to enable statistics tracking but you may also use your router ip (192.168.1.1) here too.

SettingsDNS Settings > Upstream Servers

[/lan/]127.0.0.1:54
[//]127.0.0.1:54

For users using ipset policies for purposes such as VPN split tunnelling, AGH provides ipset functionality similar to dnsmasq. The configuration/syntax is slightly different and you will need to migrate any existing dnsmasq ipset policies to the AGH format and apply these to AGH instead.

An ipset policy is defined in the adguardhome.yaml file, there is currently no web interface available to add these policies, therefore you must add these to the yaml config manually.

If ipset is not already installed, install it:

opkg update
opkg install ipset

Example dnsmasq syntax

Using the following example ipset rules in dnsmasq as a reference, the AGH equivalent is demonstrated.

ipset=/domain.com/ipset_name
ipset=/domain1.com/domain2.com/ipset_name,ipset_name2

Example AGH syntax

dns:
 ipset:
 - domain.com/ipset_name
 - domain1.com,domain2.com/ipset_name,ipset_name2
...

The main syntax differences is each domain is separated using a comma (,) not a forward slash (/). A forward slash denotes the end of a domain rule with AGH. When specifying the ipset chain, a comma is used in both examples to denote multiple chains if required.

Like dnsmasq, an ipset policy in AGH can have one or more domains as well as be assigned to multiple ipset chains. Further information on ipset functionality can be found on the official AdGuard Home wiki under “other settings”.

Note: The ipset chains must exist before being used or referenced as AGH does not initialise them. It is possible to potentially encounter a race condition on startup if the ipset chains are not created in time when AGH attempts to start. An alternative is creating a custom init script that runs the ipset create command earlier than the START value of AGH.

Some devices will bypass DHCP provided DNS servers e.g. Google Chromecast.

In order to make sure all DNS traffic goes through your primary DNS resolver, you can enforce this through firewall rules.

Please note this ONLY enforces plain DNS enquiries from your LAN to be redirected through your DNS. To block DOH or other encrypted DNS requires further rules.

Copy and paste these iptables rules in Network → Firewall → Custom Rules Tab or directly to /etc/firewall.user.

iptables -t nat -A PREROUTING -i br-lan -p tcp --dport 53 -j DNAT --to 192.168.1.1:53
iptables -t nat -A PREROUTING -i br-lan -p udp --dport 53 -j DNAT --to 192.168.1.1:53

You can also implement this via a fw3 rule within /etc/config/firewall:

config redirect 'adguardhome_dns_53'
        option src 'lan'
        option proto 'tcp udp'
        option src_dport '53'
        option target 'DNAT'
        option name 'Adguard Home'
        option dest 'lan'
        option dest_port '53'

These examples are for IPv4 DNS traffic only as they use DNAT.

Further information on DNS interception

nft add rule nat pre udp dport 53 ip saddr 192.168.1.0/24 dnat 192.168.1.1:53

This will redirect all DNS traffic from 192.168.1.0/24 to the 192.168.1.1 server.

In order for SSL to work the correct date/time MUST be set on the device. Not all routers have a Real Time Clock and thus must use NTP to update to the correct date/time on boot. As SSL will NOT work without the correct date/time you MUST bypass encrypted DNS to enable NTP updates to work.

Your router does NOT need encrypted DNS. Only your clients behind the router require filtering and encryption. Setting your router to use AGH as its DNS WILL result in failed NTP lookups unless you bypass encrypted lookups for NTP. This is NOT a recommended setup. Your router should have its own unencrypted upstream for NTP lookups.

When using a upstream DNS setup that utilises DNS encryption e.g. DoT or DoH, you may come across a race condition on startup where communication to such DNS resolvers is not possible because of the NTP service not being able to establish a connection to a network time source and the set the correct time on your router. Given encrypted DNS relies on TLS/certificates, having accurate time is more important. To prevent this, you can allow NTP DNS requests to use plain DNS, regardless of the upstream DNS resolvers set.

From the AdGuard Home web interface: SettingsDNS SettingsUpstream DNS Servers

Add the following to ensure any DNS request for NTP uses plain DNS. In this example, Cloudflare resolvers have been used. You can use any resolvers you like however.

[/pool.ntp.org/]1.1.1.1
[/pool.ntp.org/]1.0.0.1
[/pool.ntp.org/]2606:4700:4700::1111
[/pool.ntp.org/]2606:4700:4700::1001

Click apply to enable these specific DNS rules.

If AdGuard Home won’t start, you will want to view error logs to understand why.

If using the opkg package you can view syslog for errors using logread.

logread -e AdGuardHome

You can also run AdGuardHome from command line and see the output directly.

AdGuardHome -v -c /etc/adguardhome.yaml -w /var/adguardhome --no-check-update

This example uses the defaults set in the init script with the extra addition of the verbose flag.

The most common reason for AdGuard Home not starting is due to syntax errors in the adguardhome.yaml config.

This script uninstalls AGH and resets your router DNS to Google DNS. This is a known good default and should always work.

Note: If your router is not at 192.168.1.1 then replace the router IP address used in the commands below accordingly.

uninstallAGH.sh

#!/bin/sh
opkg update
service adguardhome stop
service adguardhome disable
opkg remove adguardhome
 
# 1. Reverts AdGuard Home configuration and resets settings to default.
# 2. Enable rebind protection.
# 3. Remove DHCP options for IPv4 and IPv6 
uci -q delete dhcp.@dnsmasq[0].noresolv
uci -q delete dhcp.@dnsmasq[0].cachesize
uci set dhcp.@dnsmasq[0].rebind_protection='1'
uci -q delete dhcp.@dnsmasq[0].server
uci -q delete dhcp.@dnsmasq[0].port
uci -q delete dhcp.lan.dhcp_option
uci -q delete dhcp.lan.dns
 
# Network Configuration
# Disable peer/ISP DNS
uci set network.wan.peerdns="0"
uci set network.wan6.peerdns="0"
 
# Configure DNS provider to Google DNS
uci -q delete network.wan.dns
uci add_list network.wan.dns="8.8.8.8"
uci add_list network.wan.dns="8.8.4.4"
 
# Configure IPv6 DNS provider to Google DNS
uci -q delete network.wan6.dns
uci add_list network.wan6.dns="2001:4860:4860::8888"
uci add_list network.wan6.dns="2001:4860:4860::8844"
 
# Save and apply
uci commit dhcp
uci commit network
/etc/init.d/network restart
/etc/init.d/dnsmasq restart
/etc/init.d/odhcpd restart

Reconnect your clients to apply the changes.

The AdGuardHome/data folder contains the following.

root@OpenWrt:/opt/AdGuardHome/data# ll -h
drwxr-xr-x    3 root     root         512 Oct 29 09:42 ./
drwxrwxrwx    4 root     root         736 Oct 30 09:06 ../
drwxr-xr-x    2 root     root         800 Nov  2 09:52 filters/
-rw-r--r--    1 root     root       45.4M Nov  2 20:42 querylog.json
-rw-r--r--    1 root     root        8.9M Oct 29 09:00 querylog.json.1
-rw-r--r--    1 root     root       32.0K Oct 30 05:28 sessions.db
-rw-r--r--    1 root     root        4.0M Nov  2 21:00 stats.db

The filters folder contains all your filter downloads. Purge if it is full but AGH will re-download your filters.

If your filters are too large for your diskspace you will have to disable large filters and restrict their usage.

The AdGuardHome/agh-backup folder contains the previous version of AGH. This also can be removed if space is at a premium.


Ad Blocker, AdGuard, Alternative, DNS, Home Lab, HomeLab, How To, i12bretro, Install Guide, Linux, Networking, OpenWRT, OpenWRT Tutorial, Router, Self-hosted, Tutorial


1 Minute

View interactive steps on GitHub

What is AdGuard Home?

AdGuard Home is a network-wide software for blocking ads and tracking. After you set it up, it’ll cover ALL your home devices, and you don’t need any client-side software for that.


It operates as a DNS server that re-routes tracking domains to a “black hole”, thus preventing your devices from connecting to those servers. It’s based on software we use for our public AdGuard DNS servers, and both share a lot of code. –https://github.com/AdguardTeam/AdguardHome

Installing AdGuard Home

  1. Open a web browser and navigate to the OpenWRT LuCI web UI
  2. Log in
  3. Select System > Startup in the top navigation menu
  4. Find dnsmasq and click the Stop button and click Enabled to disable the service on startup
  5. Select System > Software in the top navigation menu
  6. Type cert in the search
  7. Find ca-certificates and click the Install… button
  8. Find ca-bundle and click the Install… button
  9. Type libustream in the search
  10. Find libustream-openssl and click the Install… button
  11. Open another tab and navigate to https://github.com/AdguardTeam/AdGuardHome/wiki/Getting-Started#installation
  12. Find the download for Linux on the architecture of the router (arm32, arm64, etc)
  13. Right click the link and Copy shortcut / Copy link address
  14. Connect to the OpenWRT device via SSH
  15. Run the following commands

    # download adguard home, pasting the download link copied above
    wget https://static.adguard.com/adguardhome/release/AdGuardHome_linux_amd64.tar.gz –no-check-certificate
    # extract the download tar.gz
    tar xfvz AdGuardHome_linux*
    # change directory into the extracted folder
    cd AdGuardHome
    # install AdGuardHome as a service
    ./AdGuardHome -s install

  16. Open a web browser and navigate to http://OpenWRTIP:3000
  17. Click the Get Started button
  18. Set the Admin Web Interface and DNS Server network interfaces and ports, note port 80 can’t be used for the web interface > Click Next
  19. Enter an admin username and password > Click Next
  20. Click Next on page 4
  21. Click Open Dashboard on the Congratutations page
  22. Log in using the admin username and password created during the install
  23. Welcome to AdGuardHome running on OpenWRT

Source: https://github.com/AdguardTeam/AdGuardHome#getting-started

Перейти к содержанию

На чтение 3 мин Опубликовано Обновлено

Adguard Home — это программа для блокировки рекламы и защиты от вредоносных сайтов на уровне домашней сети. Вместо установки адблокеров на каждом устройстве в сети, Adguard Home устанавливается на роутер, блокируя нежелательный контент для всех устройств в сети. Это предоставляет максимальную защиту и удобство без необходимости установки дополнительных программ на каждом устройстве.

Установка Adguard Home на роутер происходит через установку специального прошивки, которая добавляет функциональность блокировки рекламы и защиты от мошенничества. Для начала процесса установки необходимо подготовить роутер и скачать необходимые файлы.

Примечание: перед установкой Adguard Home убедитесь, что ваш роутер поддерживается и что у вас есть доступ к административной панели вашего роутера.

После подготовки роутера и файлов, следует перейти к настройке программы Adguard Home на роутере. Это включает в себя создание и настройку пользователя, а также выбор дополнительных параметров, таких как блокировка определенных категорий сайтов или настройка правил фильтрации.

Как установить Adguard Home на роутер

Для установки Adguard Home на роутер необходимо выполнить следующие шаги:

1. Убедитесь, что ваш роутер поддерживает установку стороннего программного обеспечения.
2. Скачайте последнюю версию Adguard Home с официального сайта разработчика.
3. Откройте веб-интерфейс вашего роутера и найдите раздел настроек.
4. В разделе настроек найдите опцию для установки стороннего программного обеспечения.
5. Выберите загруженный файл Adguard Home и выполните его установку.
6. После установки настройте Adguard Home согласно вашим предпочтениям.
7. Настройте клиентские устройства для использования резолвера DNS Adguard Home.

После выполнения этих шагов Adguard Home будет успешно установлен на ваш роутер, и вы сможете насладиться блокировкой рекламы и защитой от вредоносных сайтов во всей вашей домашней сети.

Шаги для установки Adguard Home на роутер

  1. Подключите компьютер к роутеру при помощи сетевого кабеля или подключитесь к Wi-Fi сети роутера.
  2. Откройте веб-браузер и введите IP-адрес вашего роутера в адресной строке.
  3. Войдите в административную панель роутера, используя учетные данные администратора.
  4. Найдите в меню роутера раздел «Настройки DNS» или «DNS-сервер».
  5. Выберите опцию «Заменить DNS-сервер» или «Использовать пользовательский DNS».
  6. В поле для первичного и вторичного DNS-сервера введите IP-адрес вашего компьютера, на котором будет установлен Adguard Home.
  7. Сохраните изменения и перезагрузите роутер.
  8. Загрузите Adguard Home с официального сайта и установите его на ваш компьютер.
  9. Откройте веб-браузер и введите IP-адрес вашего компьютера с установленным Adguard Home.
  10. Пройдите настройку Adguard Home, следуя инструкциям на экране.
  11. Вернитесь в административную панель роутера и измените настройки DNS-сервера обратно на значение «Автоматический» или предыдущие DNS-сервера.

После завершения всех этих шагов Adguard Home успешно установлен и настроен на вашем роутере. Теперь вы сможете наслаждаться усовершенствованной безопасностью и блокировкой рекламы на всех устройствах, подключенных к вашей домашней сети.

AdGuard Home

Privacy protection center for you and your devices

Free and open source, powerful network-wide ads & trackers blocking DNS server.


AdGuard Home is a network-wide software for blocking ads & tracking. After you set it up, it’ll cover ALL your home devices, and you don’t need any client-side software for that.

It operates as a DNS server that re-routes tracking domains to a «black hole», thus preventing your devices from connecting to those servers. It’s based on software we use for our public AdGuard DNS servers — both share a lot of common code.

  • Getting Started
  • Comparing AdGuard Home to other solutions
    • How is this different from public AdGuard DNS servers?
    • How does AdGuard Home compare to Pi-Hole
    • How does AdGuard Home compare to traditional ad blockers
  • How to build from source
  • Contributing
    • Test unstable versions
    • Reporting issues
    • Help with translations
    • Other
  • Projects that use AdGuard Home
  • Acknowledgments
  • Privacy

Getting Started

Automated install (Linux and Mac)

Run the following command in your terminal:

curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v

The script also accepts some options:

  • -c <channel> to use specified channel.
  • -r to reinstall AdGuard Home;
  • -u to uninstall AdGuard Home;
  • -v for verbose output;

Note that options -r and -u are mutually exclusive.

Alternative methods

Manual installation

Please read the Getting Started article on our Wiki to learn how to install AdGuard Home manually, and how to configure your devices to use it.

Docker

You can use our official Docker image.

Snap Store

If you’re running Linux, there’s a secure and easy way to install AdGuard Home — you can get it from the Snap Store.

Guides

  • Getting Started
    • FAQ
    • How to Write Hosts Blocklists
    • Comparing AdGuard Home to Other Solutions
  • Configuring AdGuard
    • Configuration
    • Configuring AdGuard Home Clients
    • AdGuard Home as a DoH, DoT, or DoQ Server
    • AdGuard Home as a DNSCrypt Server
    • AdGuard Home as a DHCP Server
  • Installing AdGuard Home
    • Docker
    • How to Install and Run AdGuard Home on a Raspberry Pi
    • How to Install and Run AdGuard Home on a Virtual Private Server
  • Verifying Releases

API

If you want to integrate with AdGuard Home, you can use our REST API.
Alternatively, you can use this python client, which is used to build the AdGuard Home Hass.io Add-on.

Comparing AdGuard Home to other solutions

How is this different from public AdGuard DNS servers?

Running your own AdGuard Home server allows you to do much more than using a public DNS server. It’s a completely different level. See for yourself:

  • Choose what exactly the server blocks and permits.
  • Monitor your network activity.
  • Add your own custom filtering rules.
  • Most importantly, this is your own server, and you are the only one who’s in control.

How does AdGuard Home compare to Pi-Hole

At this point, AdGuard Home has a lot in common with Pi-Hole. Both block ads and trackers using «DNS sinkholing» method, and both allow customizing what’s blocked.

We’re not going to stop here. DNS sinkholing is not a bad starting point, but this is just the beginning.

AdGuard Home provides a lot of features out-of-the-box with no need to install and configure additional software. We want it to be simple to the point when even casual users can set it up with minimal effort.

Disclaimer: some of the listed features can be added to Pi-Hole by installing additional software or by manually using SSH terminal and reconfiguring one of the utilities Pi-Hole consists of. However, in our opinion, this cannot be legitimately counted as a Pi-Hole’s feature.

Feature AdGuard Home Pi-Hole
Blocking ads and trackers
Customizing blocklists
Built-in DHCP server
HTTPS for the Admin interface Kind of, but you’ll need to manually configure lighttpd
Encrypted DNS upstream servers (DNS-over-HTTPS, DNS-over-TLS, DNSCrypt) ❌ (requires additional software)
Cross-platform ❌ (not natively, only via Docker)
Running as a DNS-over-HTTPS or DNS-over-TLS server ❌ (requires additional software)
Blocking phishing and malware domains ❌ (requires non-default blocklists)
Parental control (blocking adult domains)
Force Safe search on search engines
Per-client (device) configuration
Access settings (choose who can use AGH DNS)
Running without root privileges

How does AdGuard Home compare to traditional ad blockers

It depends.

«DNS sinkholing» is capable of blocking a big percentage of ads, but it lacks flexibility and power of traditional ad blockers. You can get a good impression about the difference between these methods by reading this article. It compares AdGuard for Android (a traditional ad blocker) to hosts-level ad blockers (which are almost identical to DNS-based blockers in their capabilities). This level of protection is enough for some users.

Additionally, using a DNS-based blocker can help to block ads, tracking and analytics requests on other types of devices, such as SmartTVs, smart speakers or other kinds of IoT devices (on which you can’t install traditional ad blockers).

Known limitations

Here are some examples of what cannot be blocked by a DNS-level blocker:

  • YouTube, Twitch ads
  • Facebook, Twitter, Instagram sponsored posts

Essentially, any advertising that shares a domain with content cannot be blocked by a DNS-level blocker.

Is there a chance to handle this in the future? DNS will never be enough to do this. Our only option is to use a content blocking proxy like what we do in the standalone AdGuard applications. We’re going to bring this feature support to AdGuard Home in the future. Unfortunately, even in this case, there still will be cases when this won’t be enough or would require quite a complicated configuration.

How to build from source

Prerequisites

Run make init to prepare the development environment.

You will need this to build AdGuard Home:

  • go v1.16 or later.
  • node.js v10.16.2 or later.
  • npm v6.14 or later (temporary requirement, TODO: remove when redesign is finished).
  • yarn v1.22.5 or later.

Building

Open Terminal and execute these commands:

git clone https://github.com/AdguardTeam/AdGuardHome
cd AdGuardHome
make

Please note, that the non-standard -j flag is currently not supported, so
building with make -j 4 or setting your MAKEFLAGS to include, for example,
-j 4 is likely to break the build. If you do have your MAKEFLAGS set to
that, and you don’t want to change it, you can override it by running
make -j 1.

Check the Makefile to learn about other commands.

Building for a different platform. You can build AdGuard for any OS/ARCH just like any other Go project.
In order to do this, specify GOOS and GOARCH env variables before running make.

For example:

env GOOS='linux' GOARCH='arm64' make

Or:

make GOOS='linux' GOARCH='arm64'

Preparing release

You’ll need this to prepare a release build:

  • snapcraft

Commands:

make build-release CHANNEL='...' VERSION='...'

Docker image

  • Run make build-docker to build the Docker image locally (the one that we publish to DockerHub).

Please note, that we’re using Docker Buildx to build our official image.

You may need to prepare before using these builds:

  • (Linux-only) Install Qemu: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes --credential yes
  • Prepare builder: docker buildx create --name buildx-builder --driver docker-container --use

Resources that we update periodically

  • scripts/translations
  • scripts/whotracksme

Contributing

You are welcome to fork this repository, make your changes and submit a pull request — https://github.com/AdguardTeam/AdGuardHome/pulls

Please note that we don’t expect people to contribute to both UI and golang parts of the program simultaneously. Ideally, the golang part is implemented first, i.e. configuration, API, and the functionality itself. The UI part can be implemented later in a different pull request by a different person.

Test unstable versions

There are two update channels that you can use:

  • beta — beta version of AdGuard Home. More or less stable versions.
  • edge — the newest version of AdGuard Home. New updates are pushed to this channel daily and it is the closest to the master branch you can get.

There are three options how you can install an unstable version:

  1. Snap Store — look for «beta» and «edge» channels there.
  2. Docker Hub — look for «beta» and «edge» tags there.
  3. Standalone builds. Use the automated installation script or look for the available builds below.

Beta:

curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -c beta

Edge:

curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -c edge
  • Beta channel builds

    • Linux: 64-bit, 32-bit
    • Linux ARM: 32-bit ARMv6 (recommended for Raspberry Pi), 64-bit, 32-bit ARMv5, 32-bit ARMv7
    • Linux MIPS: 32-bit MIPS, 32-bit MIPSLE, 64-bit MIPS, 64-bit MIPSLE
    • Windows: 64-bit, 32-bit
    • macOS: 64-bit, 32-bit
    • macOS ARM: 64-bit
    • FreeBSD: 64-bit, 32-bit
    • FreeBSD ARM: 64-bit, 32-bit ARMv5, 32-bit ARMv6, 32-bit ARMv7
    • OpenBSD: (coming soon)
    • OpenBSD ARM: (coming soon)
  • Edge channel builds

    • Linux: 64-bit, 32-bit
    • Linux ARM: 32-bit ARMv6 (recommended for Raspberry Pi), 64-bit, 32-bit ARMv5, 32-bit ARMv7
    • Linux MIPS: 32-bit MIPS, 32-bit MIPSLE, 64-bit MIPS, 64-bit MIPSLE
    • Windows: 64-bit, 32-bit
    • macOS: 64-bit, 32-bit
    • macOS ARM: 64-bit
    • FreeBSD: 64-bit, 32-bit
    • FreeBSD ARM: 64-bit, 32-bit ARMv5, 32-bit ARMv6, 32-bit ARMv7
    • OpenBSD: 64-bit (experimental)
    • OpenBSD ARM: 64-bit (experimental)

Report issues

If you run into any problem or have a suggestion, head to this page and click on the New issue button.

Help with translations

If you want to help with AdGuard Home translations, please learn more about translating AdGuard products here: https://kb.adguard.com/en/general/adguard-translations

Here is a link to AdGuard Home project: https://crowdin.com/project/adguard-applications/en#/adguard-home

Other

Here’s what you can also do to contribute:

  1. Look for issues marked as «help wanted».
  2. Actualize the list of Blocked services. It can be found in filtering/blocked.go.
  3. Actualize the list of known trackers. It it can be found in client/src/helpers/trackers/adguard.json.
  4. Actualize the list of vetted blocklists. It it can be found in client/src/helpers/filters/filters.json.

Projects that use AdGuard Home

  • AdGuard Home Remote — iOS app by Joost
  • Python library by @frenck
  • Home Assistant add-on by @frenck
  • OpenWrt LUCI app by @kongfl888 (originally by @rufengsuixing)
  • Prometheus exporter for AdGuard Home by @ebrianne
  • AdGuard Home on GLInet routers by Gl-Inet
  • Cloudron app by @gramakri

Acknowledgments

This software wouldn’t have been possible without:

  • Go and its libraries:
    • gcache
    • miekg’s dns
    • go-yaml
    • service
    • dnsproxy
    • urlfilter
  • Node.js and its libraries:
    • React.js
    • Tabler
    • And many more node.js packages.
  • whotracks.me data

You might have seen that CoreDNS was mentioned here before — we’ve stopped using it in AdGuard Home. While we still use it on our servers for AdGuard DNS service, it seemed like an overkill for Home as it impeded Home features that we plan to implement.

For a full list of all node.js packages in use, please take a look at client/package.json file.

Privacy

Our main idea is that you are the one, who should be in control of your data. So it is only natural, that AdGuard Home does not collect any usage statistics, and does not use any web services unless you configure it to do so. Full policy with every bit that could in theory be sent by AdGuard Home is available here.

  • 678 ошибка при подключении роутера xiaomi
  • 678 ошибка при подключении интернета роутер xiaomi
  • 678 ошибка при подключении интернета через роутер
  • 5g роутер опасны для здоровья
  • 5ghz wifi роутер что это