Post

Integrating AdGuard Home on Your OPNsense Firewall

Posted
By Manuel Laggner
4 min read
Integrating AdGuard Home on Your OPNsense Firewall

AdGuard Home is a network-wide software that blocks ads, trackers, and malicious websites at the DNS level. By integrating AdGuard Home into your OPNsense firewall, you can improve the security and performance of your home network by filtering unwanted content and preventing privacy invasions. In this guide, we will walk you through the process of installing and configuring AdGuard Home on your OPNsense firewall, and setting up your DHCP settings to route DNS requests through AdGuard Home.

🔧 Prerequisites

Before starting the integration, ensure that you have the following:

  • A running OPNsense firewall.
  • Admin access to the OPNsense dashboard and SSH (or console).
  • A basic understanding of DNS and DHCP.

📥 Step 1: Install AdGuard Home

  1. Download and Install AdGuard Home from the Inoffical Repo: AdGuard Home for OPNsense can be installed from the Routerperformance repo:
    • Log in to your OPNsense firewall using SSH or console
    • Add the Routerperformance repo:
      1

      fetch -o /usr/local/etc/pkg/repos/mimugmail.conf https://www.routerperformance.net/mimugmail.conf
    • Check for updates and new packages in the OPNsense dashboard (Firmware -> Plugins).
    • Install the package os-adguardhome-maxit.
    • Change the port of Unbound (Services -> Unbound DNS -> General) to port 5353.
    • Enable AdGuard (Services -> Adguardhome -> General):
      • Check Primary DNS.
      • Enable AdGuard itself.
  2. Initial Configuration: After installation, AdGuard Home runs a web-based configuration wizard. Open the AdGuard Home web interface by visiting http://<AdGuard_Home_IP>:3000 in your web browser.
    • Set up the administrator password.
    • Choose the upstream DNS servers you want AdGuard Home to use (Google, Cloudflare, or custom).
    • Complete the setup wizard to finish the installation process.

🔗 Step 2: Integrate AdGuard Home with OPNsense

🧭 2.1: Set Up DNS Forwarding in OPNsense

Once AdGuard Home is running, you need to configure your OPNsense firewall to forward DNS queries to the AdGuard Home server.

  1. Log into OPNsense: Access your OPNsense dashboard by navigating to https://<OPNsense_IP> in your browser and logging in with your admin credentials.

  2. Configure DNS Settings:
    • Go to System > Settings > General.
    • In the DNS servers field, replace any existing DNS entries with the IP address of your AdGuard Home server.
    • Under the DNS server options section, ensure the option “Do not use the DNS Forwarder/DNS Resolver” is checked (to avoid conflicts).
  3. Enable DNS Forwarding:
    • Go to Services > Unbound DNS > General.
    • Ensure that DNS Resolver is disabled if you are using AdGuard Home as your DNS server.
    • Save the settings.
  4. Configure DNS Routing for DHCP Clients: To ensure that DNS requests from DHCP clients are routed to AdGuard Home:
    • Go to Services > DHCPv4 > [Your LAN interface].
    • In the DNS Servers field, enter the IP address of your AdGuard Home server.
    • Save and apply the changes.

🧪 2.2: Test the Configuration

To verify that DNS queries are routed through AdGuard Home:

  1. Flush the DNS Cache on your devices to make sure they pick up the new DNS settings.
  2. Open a browser on a device connected to your network and visit a website.
  3. Log in to your AdGuard Home web interface and check if the queries are being logged under the Statistics tab.
  4. If everything is working correctly, DNS requests from your devices should be routed through AdGuard Home, and unwanted content should be blocked.

🛡️ Step 3: Customize Filtering in AdGuard Home

AdGuard Home offers extensive customization for DNS filtering. Here are some common configurations you might want to explore:

  1. Block Ads and Trackers:
    • In the AdGuard Home web interface, go to Filters.
    • Enable pre-configured block lists such as “EasyList” and “EasyPrivacy” to block ads and trackers.
  2. Custom Block Lists:
    • You can add additional custom block lists by navigating to Settings > DNS settings > Custom filtering rules.
  3. Safe Browsing:
    • Enable the Safe Browsing feature to block malicious websites and phishing attempts.
  4. Parental Control:
    • You can set up filtering categories like “Adult Content” or “Social Media” for parental controls.

🌐 Step 4: Optional - Set Up DNS Over HTTPS (DoH)

For enhanced privacy, you can configure DNS Over HTTPS (DoH) in AdGuard Home. This will encrypt DNS queries, preventing third parties from snooping on your DNS traffic.

  1. In the AdGuard Home web interface, go to Settings > DNS settings.
  2. Enable DNS over HTTPS (DoH) and configure it with a DoH provider, or you can set up your own DoH server if needed.

🧹 Step 5: Regular Maintenance and Monitoring

  • Monitor DNS Queries: Regularly check the Statistics tab in the AdGuard Home interface to ensure that the service is running smoothly and blocking content as expected.

  • Update Block Lists: Periodically update the filter lists to ensure you are blocking the latest ads, trackers, and malicious websites.

  • Update AdGuard Home: AdGuard Home frequently releases updates that improve its performance and security. Keep the software up to date by following the release notes and applying updates through the web interface.

🧠 Final Thoughts

By following these steps, you have successfully integrated AdGuard Home into your OPNsense firewall, and configured it to filter DNS traffic from your DHCP clients. This setup ensures that all devices on your network benefit from improved privacy, security, and ad-blocking features. With AdGuard Home running, you can customize and refine your network’s DNS filtering for optimal protection.

homeserver
opnsense adguard networking adblock
This post is licensed under CC BY 4.0 by the author.