[How To] Set up AdGuard Home on OPNsense

Поділитися
Вставка
  • Опубліковано 27 лис 2024

КОМЕНТАРІ • 80

  • @0x2142
    @0x2142  Рік тому +14

    Just an update - OPNsense 23.1 released this week & includes some better reporting tools for the built-in UnboundDNS resolver: opnsense.org/opnsense-23-1-released/
    For some, this may be enough to prefer Unbound over AdGuard. Just up to your preference!

  • @koloblicin4599
    @koloblicin4599 Рік тому +22

    At first I thought 'wow, how could it take almost half an hour to explain how to do this', now I must say, this is probably the most valuably instructive video I've ever seen 🥺

    • @0x2142
      @0x2142  Рік тому +1

      Hello - and thank you so much for the comment! I feel like I struggle sometimes with thinking "oh this should be quick" - then wind up wanting to explain or give more examples, which extends the length of the video. It sometimes makes me worry that they end up too long for most people. I really appreciate your feedback 😊

    • @koloblicin4599
      @koloblicin4599 Рік тому

      @@0x2142 I get that. It's definitely more work, but maybe it's worth seperating content into two videos: a 5-8 min direct approach (e.g. add repo, install adguard; to get the views) and a seperate video for the advanced stuff (ad lists, custom filters, seperate DNS etc; for the viewers who want more). Just an idea though :)

    • @Stealth55555
      @Stealth55555 Місяць тому

      @@0x2142 Its appreciated. People can ALWAYS skip forwards past extra info, but they CAN'T just make missing info appear into a video ;) So thanks!

  • @TealGators
    @TealGators Рік тому +3

    A missed opportunity, a nice little joke would have been when he clicked on block UA-cam, his video went to a black screen. Or a good way to have had to end the video. LOL

  • @Xploder270
    @Xploder270 Рік тому +5

    Use something other than 5353, as that is used for MDNS and needed if you want to relay mDNS across multiple networks.

  • @takeover4726
    @takeover4726 Рік тому +5

    how would you get this to work with unbound dns over tls?

  • @cnkosm6536
    @cnkosm6536 7 місяців тому

    Thanks for this! I have a quick question/suggestion about the last section of your video:
    If you want to use Unbound together with AdGuard, then you must set Unbound's IP and port (192.168.1.1:53 in your example) in AdGuard > DNS Settings > Upstream DNS Servers.
    Also, in this case, you can leave blank the Services > DHCPv4 > [LAN] > DNS Servers field in OPNsense (15:11).
    Please correct me if I'm wrong...

  • @AlBunddy
    @AlBunddy Рік тому +3

    Do you if it is possible to still show the client IP address in AdGuard when using both Unbound and AdGuard? With the query forwarding all traffic in AdGuard is coming from the interface IP. Is there a way to still forward the traffic but keep the client IP address?

    • @SergeantTrigger
      @SergeantTrigger Рік тому +1

      up for this. can't still figure it out a solution.

  • @SN0WMAN27
    @SN0WMAN27 Місяць тому +1

    Great Video - Worked Perfectly.

  • @Iryuushen
    @Iryuushen Місяць тому

    This is amazing. Thank you. Can you make an extension of how to put a Nginx Proxy Manager as well?

  • @GregorMitchell
    @GregorMitchell Рік тому

    Awesome Informative video, clear voice, easy to follow, thank you so much. I've had my OPNsense server for a couple of years and only now am I finding out how powerful it is, in fact I'm wondering based on this if I should setup a pihole docker container on my synology NAS docker and forward unbound to that. maybe, maybe not, this seems nice an easy to remember.

  • @JasonsLabVideos
    @JasonsLabVideos Рік тому +2

    OH YEAH !!! Nice video !! Easy to follow too !

    • @0x2142
      @0x2142  Рік тому

      Thanks man!! Appreciate the enthusiasm 😁

  • @RyanFlores9
    @RyanFlores9 Рік тому +2

    If you're already on the console, you can just use `sudo service network-manager restart` instead to reconnect your NIC.

    • @vn_loc7316
      @vn_loc7316 8 місяців тому

      can't you also renew your IP? :)

  • @emanbuoy7673
    @emanbuoy7673 Рік тому +1

    Thank you so much for this.. with this step will I be able to see all my opn sense client in adguard instead of just open sense ip.m I have pf sense currently and I have tried everything possible but it only shows my pf sense ip ad.. ty

  • @Frozendown
    @Frozendown Рік тому +2

    Thank you for this tutorial.

  • @Ruslan-UA
    @Ruslan-UA 8 місяців тому +1

    brilliant description. Thank you!

  • @Frank_The_Rock
    @Frank_The_Rock Рік тому +1

    Did I miss something all Adguard trafic is from my gateway ip (the unbound i guess) Is there a way to see all diferent trafic comming from?

  • @lifeassuch6128
    @lifeassuch6128 Рік тому +2

    Great great video! Thank you so much. Can you make a detailed video about Netmaker?

    • @0x2142
      @0x2142  Рік тому +1

      Hi there - Thanks for the suggestion! I've not heard of Netmaker before - but it looks like an awesome project! I'll see what I can do 👍

  • @carlbaars1472
    @carlbaars1472 Рік тому +1

    great explanation

  • @dzmelinux7769
    @dzmelinux7769 5 місяців тому

    Just wondering if there is a way to use Adguard together with OPNSense while DNS over TLS in OPNSense?

  • @kchrist
    @kchrist 3 місяці тому

    set all of this up ti discover in the end that if I have my amneziavpn (wireguard client with obfuscation) on, service blocks dont work:) prolly none of the other filtering too? haven't checke danything yet. just discovered:)

  • @Einrich
    @Einrich Рік тому +1

    I'd use NextDns (with adguard privacy list selected) with Unbound DNS over TLS instead - that way you do not need to play with unsupported pluggins...

    • @Jorvs
      @Jorvs Рік тому

      may I ask are this option done 1 device installed opnsense? no need for virtual machines? or extra devices?

  • @silverismoney
    @silverismoney 7 місяців тому

    awesome video. got this up and running on my home lan during my lunch break. but can you intercept doh ? because this works well and good until someone turns on secure dns via DoH or DoT. I'm wondering about how to deal with those scenarios. I presume you can't just redirect the request, because it's just https. can opnsense detect doh and redirect it ?

  • @GH-ic4ll
    @GH-ic4ll Рік тому +1

    Excellent tutorial. :)

  • @aidanbazan7769
    @aidanbazan7769 8 місяців тому

    Question from a semi noob, do I need AdGuard to listen on WAN if I’m using WireGuard to access my server remotely or does that still count as LAN?

  • @SergeantTrigger
    @SergeantTrigger Рік тому

    Works well as per the guide. Only problem I am encountering is, on AdGuardHome, only the IP address of the Opnsense DNS is showing in the logs, not by the individual IPs conntected on the network. Is there any workaround on this? Thanks.

    • @ytmadpoo
      @ytmadpoo 11 місяців тому

      It sounds like you have Unbound forwarding the queries to AdGuard. In that case, as far as AdGuard knows, it's only the Unbound service (running on the same box) that's doing any queries. This video should have mentioned that configuring it this way will result in losing the ability to do custom unblocking per client, or logging per client activity in general, since all queries to AdGuard come from your OPNsense box itself.

    • @SergeantTrigger
      @SergeantTrigger 10 місяців тому

      @@ytmadpoo found a solution in reddit. thanks,

  • @the_giefster
    @the_giefster Рік тому

    Great video! I currently have my Adguard setup on my TrueNAS. I wanted to get Adguard off my TrueNAS as it will be blasted away soon. I recently purchased one of the little firewall machines and have installed proxmox with OPNsense (PCIe passthrough for WAN interface) and an adguard container. I just tried this with my OPNsense and got Adguard installed on it. But when I updated Adguard it just sits there with the spinning icon. Even removing the service and installing it again, I have the same issue. So it looks like it is just not there yet.

    • @0x2142
      @0x2142  Рік тому +1

      Huh, that's odd. When I was recording this video - I went through the install/setup process a few times. Usually the upgrade was fairly quick, but I did have once or twice where it did spin for a while - though it always completed eventually!

    • @the_giefster
      @the_giefster Рік тому +1

      @@0x2142 Thanks. I managed to get it working. I had to blow away my opnsense install and try again. I must have hit a small bug somewhere.

  • @yomanyo13
    @yomanyo13 Рік тому

    I can't connect to the adguard port for some reason.
    The page isn’t redirecting properly
    Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

  • @screege
    @screege 3 місяці тому

    For me it only works if the machine has auto dns, if I put manual dns in the machine for example google or other then the blocks go away, how can I make the opnsense machine dns authoritative thru the whole network

  • @JB3Duk
    @JB3Duk Рік тому

    Hi, I set this up following your guide but after the initial setup on 3000, i cannot get to the web interface, this seems to make some sense as you show to configure it on the listen interface of the router but at port 80, this is surely the opnsense admin web interface so that is somewhat expected? I can't seem to uninstall and reinstall to reset the settings to try a different port now so seems to just be stuck running on a used port and not reachable to change

    • @0x2142
      @0x2142  Рік тому +2

      Hi there - you can still edit the port that the Web UI runs on, but you'll have to SSH into the OPNsense box & edit the configuration file manually.
      Check the video here: ua-cam.com/video/7RC7q5WOYC0/v-deo.htmlsi=8hM4cmDbo30RhId1&t=1248
      or written instructions on my blog here: 0x2142.com/how-to-set-up-adguard-on-opnsense/#how-do-i-change-the-interface-port-for-the-web-ui-or-dns

  • @freakyweirdo92
    @freakyweirdo92 Рік тому

    hi. i added unbound upstream but it doesnt seem to go through adguard

  • @JuicedupGorilla
    @JuicedupGorilla Рік тому

    Hi, Sorry my bad English. Could you please help me? My adguardhome service in opnsense suddenly stopped working after a firewall reboot because of energy cut off in my house.
    When I try to restart the service it keeps shutting down right away. I also tried reinstalling adguardhome to its default config and it works, but when I replace my config .yaml file, it stops working again. How could I verify what the problem is?

  • @onitramt77
    @onitramt77 Рік тому

    Thanks for the guide. I followed it leaving unbound enabled. AdGuard is working except the reporting only lists my OPNsense IP. It never shows which client made the request. Any ideas on why this is happening?

    • @0x2142
      @0x2142  Рік тому

      Hmm - Curious if the clients are on the same subnet? My only thought here is that perhaps the client address is hitting a NAT before reaching the AdGuard IP.

    • @onitramt77
      @onitramt77 Рік тому

      @@0x2142 I have no idea how it would be hitting a NAT before AdGuard. Its a new OPNsense install and the only thing I added to it is AdGuard so far. Everything is on same subnet and the computers Im testing this with are connected with ethernet to an unmanaged switch that is connected directly to the OPNsense LAN port. Its been driving me crazy trying to get this working.

  • @datmansnow
    @datmansnow 5 місяців тому

    Once i selected my blocked services, I can still access these sites?? Is there a step I need to configure in Opnsense to block them?I followed along with everything that was mentioned in the step-by-step. But still can access the sites. Someone please help.

  • @lithiumfrost4659
    @lithiumfrost4659 Рік тому +1

    Is there any real reason to use this over the built in Unbound service? Seems like Unbound supports everything you could want from AdGuard including blocklists, custom rules, DoT etc. Using Unbound also has the advantage of integrating with the DHCP server so you can get your static mappings into DNS for free.

    • @0x2142
      @0x2142  Рік тому +2

      Hi there! Yeah it mostly depends on what you are comfortable & the specific features you need. Most of these products can do the job these days. Unbound definitely supports a lot more advanced configuration options than AdGuard - but I think AdGuard is much easier for someone to use who might not understand all that stuff. AdGuard is real easy to set up & get going, and the reporting/dashboards are easier to use. That being said - It's just up to what works for your use case.

    • @MotionzMultimedia
      @MotionzMultimedia Рік тому +1

      Honestly, it's better to just use unbound as backup via a configuration file becomes more difficult from my last experience.
      If the repo being used is third party, the configuration file might not be able to be use, it might load but you might run into issues.
      EDIT: Just adding, you would not be getting a nice dashboard with Unbound as far as I know.

    • @TismoGaming
      @TismoGaming Рік тому

      Would It be wise to disable unbound if I choose to setup AdGuard instead?

  • @nickquik
    @nickquik 7 місяців тому

    I got most of this installed but I can't seem to get it to block anything

  • @vn_loc7316
    @vn_loc7316 8 місяців тому

    How to change the interface for Adguard without reinstalling Adguard?

  • @capturedbyfabian
    @capturedbyfabian Рік тому

    Make one for DNS over SSL!!

  • @VIPERRED229
    @VIPERRED229 Рік тому

    How does this compare to PI-Hole?

  • @franciscorestrepo1042
    @franciscorestrepo1042 Рік тому

    Can you tell me how to check if unbound is actually blocking?

    • @patrickFREE.
      @patrickFREE. 9 місяців тому

      log level 2 and show on the logs.

  • @BrunoVera
    @BrunoVera 7 місяців тому

    a este video le faltan likes, gracias!

  • @dimassyarif5112
    @dimassyarif5112 Рік тому

    I install opnsense on Oracle Virtual Box, Its oke to install this plugin on that?

    • @0x2142
      @0x2142  Рік тому

      Haven't tried it myself, but it should work all the same!

    • @dimassyarif5112
      @dimassyarif5112 Рік тому

      @@0x2142 thx for the answer, im ask to in your Website. If you dont mind, please answer that .. thank you verymuch🙏🏻🙏🏻

  • @disrael2101
    @disrael2101 Рік тому

    How I get opnese is it a router brand like Cisco or

    • @0x2142
      @0x2142  Рік тому +1

      Hi there - OPNsense is an open source product that you can download here: opnsense.org/download/ . While they do have some hardware appliances that you can buy with OPNsense pre-installed, generally most people will buy their own hardware. In addition, you can also buy some level of business support from OPNsense, but there is also free community-based support via their forums, etc.
      If you're interested in looking at some hardware or what the install / setup process looks like, I posted a video that covers this: ua-cam.com/video/ppS6IhKSkfY/v-deo.html

  • @philexel3007
    @philexel3007 Рік тому

    Great Video. As a recent convert to OPNsense from pfsense, I was looking for a replacement to pfblockerNG. AdGuard seems to do the trick. I do have a couple of questions though. I have a similar problem to someone else who commented. I only see the IP of my OPNsense interface in the dashboard. I have multiple vlans/subnets and I have the DHCP servers all pointing to the IP of the OPNsense. I also created the Query forwarding entry as instructed near the end of the video. I am curious, do I need to the IP addresses of all the subnets in the bind section of the yaml file for it to recognize all of the IPs in the dashboard? My other question is the use of 5353. Another user commented that this is used for mDNS. I use Apple products and I know it needs to be able to use mDNS for AirPlay and bonjour. Should I be using a different port other than 5353? Thanks in advance for your help.

  • @Tntdruid
    @Tntdruid Рік тому +2

    Why not use Pi-Hole?

    • @0x2142
      @0x2142  Рік тому +3

      Hey there! Pi-hole is absolutely an option, just depends on what you want out of it. Both products do pretty much the same just in different ways & they both work great.
      For this video, I focused on AdGuard Home because it can be loaded directly on an OPNsense firewall - rather than needing to install it separately. This could be helpful for people who might already be running OPNsense, but not have additional compute to run Pi-Hole or AdGuard elsewhere.

    • @JasonsLabVideos
      @JasonsLabVideos Рік тому +1

      Adguard has more features & Encrypted DNS too..

    • @Tntdruid
      @Tntdruid Рік тому +1

      @@JasonsLabVideos no need for that use Unbound.

    • @omid4861
      @omid4861 Рік тому

      Pi-Hole maybe cant Handel my Gigabit Ethernet, and absolutely Not the 5gig Connection in my company

    • @JasonsLabVideos
      @JasonsLabVideos Рік тому

      @@omid4861 Thats not a pi-hole issue, thats a resource issue.. Actually..

  • @fedefede843
    @fedefede843 10 місяців тому

    why you put unbound before the filter? It should be the other way around

  • @an_birb
    @an_birb Рік тому +2

    • @0x2142
      @0x2142  Рік тому +2

      Couldn't have said it better myself 🐔