Scan this QR code to download the app now

Or check it out in the app stores

Go to openwrt

Beginner in OpenWRT : Can't set Adguard home as my DNS for all my networks

u/FordVerified avatar FordVerified • Official Promoted

If I do this, it means that the DNS will also be accessible from the outside of my network. Could this be a security problem?

I am hosting some services like home assistant on a Raspberry pi on Port 443 with caddy. Could this cause problem with its access?

By default inbound connection on WAN should be blocked.

I ran the 0.0.0.0 configuration for 24 hours and found a few IP addreses (mostly of the v6 variety) that I didn't recognize in my logs under Top Clients. I cannot say for certain that I was serving the entire wide world since I only had logging on for a short time this morning, but I was very spooked.

I've since done this: 

  bind_hosts:
- ::1
- 127.0.0.1
- [router-localIP]

and my devices and router can access the internet, and the devices that show up in the client are all lan devices and none of the weird IPv6 addresses that were not my own.

Sorry for the very late reply, I have been very busy these days.

Thanks a lot for your help ! I re-made my whole openwrt config, along with Adguard, and it now correctly listens on all interfaces! Thank you so much !

The only thing left I would like to activate is DoH or DoT. But I already have a lot of webservices hosted on a Raspberry Pi, with Caddy as my reverse proxy, which means my 80 and 443 ports are already redirect to the Raspberry. Adguard tells me that port 443 is not available. Is there a way out of this ? How can I make it available ?

What is the best way to get auto renawable certs for Adguard on openwrt ? Before I was using the DoH addon for openwrt, that was taking care of everything by itself. Is there a way to get something similar with adguard ?

Thanks in advance and have a great day

You can enable DoH but you’d have to listen on a different port, and specify that port in the URI as well. Nothing should be listening on 853 so you can use that for DoT. The alternative would be to install nginx and redirect to individual services via reverse proxy.

I use ACME to get certs for uhttpd, and point to the cert file within AGH itself so I have DoH/DoT. The only downside is that it won’t use the updated cert until AGH is restarted, could be automated via cron if strictly necessary.

— Starfox

5 more replies More replies More replies More replies More replies