|
|
@@ -0,0 +1,221 @@
|
|
|
+Connect to router and update OS before installation (that will request a build)
|
|
|
+```bash
|
|
|
+ssh root@(router)
|
|
|
+opkg update
|
|
|
+opkg install auc
|
|
|
+auc
|
|
|
+```
|
|
|
+
|
|
|
+Output:
|
|
|
+```bash
|
|
|
+Are you sure you want to continue the upgrade process? [N/y] y
|
|
|
+Requesting build........................................................................
|
|
|
+Downloading image from https://sysupgrade.openwrt.org/store/c0445c2842532e39e98efeede77b6731/openwrt-22.03.5-4deda7068699-ipq40xx-generic-linksys_ea6350v3-squashfs-sysupgrade.bin
|
|
|
+Writing to 'openwrt-22.03.5-4deda7068699-ipq40xx-generic-linksys_ea6350v3-squashfs-sysupgrade.bin'
|
|
|
+image verification succeeded
|
|
|
+invoking sysupgrade
|
|
|
+
|
|
|
+client_loop: send disconnect: Broken pipe
|
|
|
+
|
|
|
+anton-pvt@ant1mbp3 ~ % ssh root@(router)
|
|
|
+root@(router)'s password:
|
|
|
+
|
|
|
+
|
|
|
+BusyBox v1.35.0 (2023-09-24 19:31:42 UTC) built-in shell (ash)
|
|
|
+
|
|
|
+ _______ ________ __
|
|
|
+ | |.-----.-----.-----.| | | |.----.| |_
|
|
|
+ | - || _ | -__| || | | || _|| _|
|
|
|
+ |_______|| __|_____|__|__||________||__| |____|
|
|
|
+ |__| W I R E L E S S F R E E D O M
|
|
|
+ -----------------------------------------------------
|
|
|
+ OpenWrt 22.03.5, r20134-5f15225c1e
|
|
|
+ -----------------------------------------------------
|
|
|
+root@(router):~#
|
|
|
+```
|
|
|
+
|
|
|
+Update opkg DB and install AdHomeGuard
|
|
|
+```bash
|
|
|
+opkg update
|
|
|
+opkg install adguardhome
|
|
|
+Installing adguardhome (0.107.21-1) to root...
|
|
|
+Downloading https://downloads.openwrt.org/releases/22.03.5/packages/arm_cortex-a7_neon-vfpv4/packages/adguardhome_0.107.21-1_arm_cortex-a7_neon-vfpv4.ipk
|
|
|
+Configuring adguardhome.
|
|
|
+```
|
|
|
+
|
|
|
+Checking does it runs and which port
|
|
|
+```bash
|
|
|
+netstat -ntap | grep AdGuardHome
|
|
|
+tcp 0 0 :::3000 :::* LISTEN 2885/AdGuardHome
|
|
|
+```
|
|
|
+
|
|
|
+
|
|
|
+Open WebUI in browser (beware, it is HTTP, not HTTPS by default)
|
|
|
+```
|
|
|
+http://(router):3000
|
|
|
+```
|
|
|
+
|
|
|
+
|
|
|
+Initial instructions
|
|
|
+```
|
|
|
+http://192.168.71.1:3000/install.html
|
|
|
+Step 1/5
|
|
|
+[Get Started]
|
|
|
+
|
|
|
+Step 2/5
|
|
|
+Admin Web Interface - 'All Interfaces' (Recommended: change to internal one, if you would like to limit access only from inside of network)
|
|
|
+Choose a port other than 80 (which may be used already by another process, probably by LuCi)
|
|
|
+```
|
|
|
+'br-lan 192.168.71.1' port '1080'
|
|
|
+```
|
|
|
+
|
|
|
+At this point, it is important to understand what you are doing:
|
|
|
+settings up additional DNS server aside with current running one, replacing it and reconfiguring it might effect name resolution and access to Internet.
|
|
|
+
|
|
|
+There are instructions how to replace current running DNS, but that is solution, I would not advice, because OS's own name resolution might be effected.
|
|
|
+The main idea is that, we are enabling DNS resolution for end clients, not for OS router itself.
|
|
|
+I advice to set up AdGuardHome DNS server running on different port: for example, 1053 and point a name resolution traffic to it.
|
|
|
+
|
|
|
+Listening interface: (Recommended: change to internal one, if you would like to limit access only from inside of network)
|
|
|
+```
|
|
|
+'br-lan 192.168.71.1' port '1053'
|
|
|
+```
|
|
|
+
|
|
|
+Static IP Address
|
|
|
+AdGuard Home is a server so it needs a static IP address to function properly. Otherwise, at some point, your router may assign a different IP address to this device.
|
|
|
+AdGuard Home cannot configure it automatically for this network interface. Please look for an instruction on how to do this manually.
|
|
|
+[avoiding this message for now]
|
|
|
+
|
|
|
+
|
|
|
+Step 3/5
|
|
|
+Creating admin credentials
|
|
|
+
|
|
|
+Step 4,5/5
|
|
|
+read and confirm
|
|
|
+
|
|
|
+```
|
|
|
+
|
|
|
+
|
|
|
+Check processes are running and listening for incoming traffic
|
|
|
+```
|
|
|
+netstat -ntap | grep AdGuardHome
|
|
|
+tcp 0 0 192.168.71.1:1080 0.0.0.0:* LISTEN 2885/AdGuardHome <--- dashboard
|
|
|
+tcp 0 0 192.168.71.1:1053 0.0.0.0:* LISTEN 2885/AdGuardHome <--- DNS server
|
|
|
+[...]
|
|
|
+```
|
|
|
+
|
|
|
+Change OpenWRT default DNS listening port to something other that 53
|
|
|
+```
|
|
|
+https://192.168.71.1/cgi-bin/luci/admin/network/dhcp
|
|
|
+DHCP and DNS
|
|
|
+Dnsmasq is a lightweight DHCP server and DNS forwarder.
|
|
|
+"Advanced Settings" tab
|
|
|
+Set "DNS server port" to 2053
|
|
|
+[Save & Apply]
|
|
|
+```
|
|
|
+
|
|
|
+Check from process is changed listening port
|
|
|
+```
|
|
|
+root@hlm1gw:~# netstat -ntap | grep dnsmasq
|
|
|
+tcp 0 0 127.0.0.1:2053 0.0.0.0:* LISTEN 3206/dnsmasq
|
|
|
+tcp 0 0 192.168.1.100:2053 0.0.0.0:* LISTEN 3206/dnsmasq
|
|
|
+tcp 0 0 192.168.71.1:2053 0.0.0.0:* LISTEN 3206/dnsmasq
|
|
|
+tcp 0 0 ::1:2053 :::* LISTEN 3206/dnsmasq
|
|
|
+tcp 0 0 fe80::6238:e0ff:fe9b:984a:2053 :::* LISTEN 3206/dnsmasq
|
|
|
+tcp 0 0 fd98:4463:7c5a::1:2053 :::* LISTEN 3206/dnsmasq
|
|
|
+tcp 0 0 fe80::6238:e0ff:fe9b:984b:2053 :::* LISTEN 3206/dnsmasq
|
|
|
+tcp 0 0 fe80::6238:e0ff:fe9b:984c:2053 :::* LISTEN 3206/dnsmasq
|
|
|
+tcp 0 0 fe80::6238:e0ff:fe9b:984d:2053 :::* LISTEN 3206/dnsmasq
|
|
|
+```
|
|
|
+
|
|
|
+Change AdHomeGuard's DNS listening port to 53.
|
|
|
+```bash
|
|
|
+root@hlm1gw:~# vi /etc/adguardhome.yaml
|
|
|
+change bind port for DNS server
|
|
|
+service adguardhome restart
|
|
|
+```
|
|
|
+
|
|
|
+
|
|
|
+Disable dnsmasq on OpenWRT
|
|
|
+```
|
|
|
+https://192.168.71.1/cgi-bin/luci/admin/system/startup
|
|
|
+Startup, dnsmasq, [Disabled], [Stop]
|
|
|
+```
|
|
|
+
|
|
|
+
|
|
|
+Point local traffic to AdHome Guard
|
|
|
+do not edit ```/etc/resolv.conf```, it will be overwritten on reboot
|
|
|
+```
|
|
|
+https://192.168.71.1/cgi-bin/luci/admin/network/network
|
|
|
+Interfaces >> wan, "Advanced Settings":
|
|
|
+Uncheck [ ] "Use DNS servers advertised by peer"
|
|
|
+Set "Use custom DNS servers" to "192.168.71.1"
|
|
|
+```
|
|
|
+
|
|
|
+Reboot OpenWRT to validate setup
|
|
|
+```
|
|
|
+System > Reboot
|
|
|
+```
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+# to forward DNS requests to specific servers by doing:
|
|
|
+uci add_list dhcp.@dnsmasq[0].server="192.168.71.1"
|
|
|
+uci commit dhcp
|
|
|
+
|
|
|
+
|
|
|
+uci set network.wan.peerdns="0"
|
|
|
+uci set network.wan6.peerdns="0"
|
|
|
+uci -q delete network.wan.dns
|
|
|
+uci -q delete network.wan6.dns
|
|
|
+uci add_list network.wan.dns="192.168.71.1"
|
|
|
+uci commit network
|
|
|
+service network reload
|
|
|
+
|
|
|
+
|
|
|
+# as long, as /etc/resolv.conf is used by many system tools, DNS resolver must be listening there:
|
|
|
+```bash
|
|
|
+cat /etc/resolv.conf
|
|
|
+search lan
|
|
|
+nameserver 127.0.0.1
|
|
|
+nameserver ::1
|
|
|
+
|
|
|
+netstat -ntap | grep 53
|
|
|
+tcp 0 0 127.0.0.1:2053 0.0.0.0:* LISTEN 4405/dnsmasq
|
|
|
+tcp 0 0 192.168.1.100:2053 0.0.0.0:* LISTEN 4405/dnsmasq
|
|
|
+tcp 0 0 192.168.71.1:2053 0.0.0.0:* LISTEN 4405/dnsmasq
|
|
|
+tcp 0 0 192.168.71.1:53 0.0.0.0:* LISTEN 1128/AdGuardHome
|
|
|
+tcp 0 0 192.168.71.1:22 192.168.71.106:53246 ESTABLISHED 3810/dropbear
|
|
|
+```
|
|
|
+
|
|
|
+# fix issue with OpenWRT local DNS resolution by binding AdGuardHome to localhost, as well
|
|
|
+
|
|
|
+```bash
|
|
|
+vi /etc/adguardhome.yaml
|
|
|
+---edit---
|
|
|
+dns:
|
|
|
+ bind_hosts:
|
|
|
+ - 192.168.71.1
|
|
|
+ # add localhost below
|
|
|
+ - 127.0.0.1
|
|
|
+---edit---
|
|
|
+
|
|
|
+
|
|
|
+service adguardhome restart
|
|
|
+
|
|
|
+root@hlm1gw:~# netstat -ntap | grep 53
|
|
|
+tcp 0 0 127.0.0.1:2053 0.0.0.0:* LISTEN 4405/dnsmasq
|
|
|
+tcp 0 0 192.168.1.100:2053 0.0.0.0:* LISTEN 4405/dnsmasq
|
|
|
+tcp 0 0 192.168.71.1:2053 0.0.0.0:* LISTEN 4405/dnsmasq
|
|
|
+tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 5093/AdGuardHome <<
|
|
|
+tcp 0 0 192.168.71.1:53 0.0.0.0:* LISTEN 5093/AdGuardHome
|
|
|
+tcp 0 0 192.168.71.1:22 192.168.71.106:53246 ESTABLISHED 3810/dropbear
|
|
|
+```
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ref:
|
|
|
+```
|
|
|
+https://openwrt.org/docs/guide-user/base-system/dhcp_configuration
|
|
|
+```
|
Anton