jessikitty/openwrt-adguard-setup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add comprehensive setup checklist with all phases and verification steps

Browse Source
This commit is contained in:
jessikitty
2025-12-11 00:32:50 +11:00
parent d35665ed85
commit db5eab846f
1 changed files with 324 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

324
setup-checklist.md Normal file
View File

@@ -0,0 +1,324 @@
# OpenWRT & AdGuard Setup - Quick Checklist
## Pre-Setup Information
- [ ] Note current network gateway: **10.0.0.254** (TPLink)
- [ ] Note current DNS: **10.0.0.55** (HomeAssistant/AdGuard)
- [ ] OpenWRT target IP: **10.0.0.246**
- [ ] New AdGuard IP: **10.0.0.245**
- [ ] DHCP range: **10.0.0.1 - 10.0.0.200**
---
## Phase 1: OpenWRT Initial Setup (15 minutes)
### Step 1: First Connection
- [ ] Connect Ethernet cable to OpenWRT LAN port
- [ ] Access default IP: http://192.168.1.1
- [ ] Login as root (no password on first boot)
### Step 2: Set Security
- [ ] System → Administration → Router Password
- [ ] Set strong root password: _________________
- [ ] Save the password in your password manager
### Step 3: Configure LAN Interface
- [ ] Network → Interfaces → LAN → Edit
- [ ] IPv4 address: `10.0.0.246`
- [ ] IPv4 netmask: `255.255.255.0`
- [ ] IPv4 gateway: `10.0.0.254`
- [ ] Use custom DNS: `10.0.0.245`
- [ ] Save & Apply
- [ ] Reconnect to http://10.0.0.246
---
## Phase 2: DHCP Configuration (10 minutes)
### Step 4: Basic DHCP
- [ ] Network → DHCP and DNS
- [ ] DNS forwardings: `10.0.0.245`
- [ ] Save
### Step 5: DHCP Range
- [ ] Network → Interfaces → LAN → Edit → DHCP Server
- [ ] Enable DHCP server: ✓
- [ ] Start: `1`
- [ ] Limit: `200`
- [ ] Lease time: `12h`
- [ ] Save & Apply
### Step 6: Static Leases
- [ ] Network → DHCP and DNS → Static Leases
- [ ] Add lease: HomeAssistant → MAC: ____________ → IP: 10.0.0.55
- [ ] Add lease: New AdGuard → MAC: ____________ → IP: 10.0.0.245
- [ ] Add lease: TPLink Router → MAC: ____________ → IP: 10.0.0.254
- [ ] Add other critical devices as needed
---
## Phase 3: AdGuard Home Setup (20 minutes)
### Step 7: Install AdGuard
Choose your installation method:
- [ ] Option A: Docker installation on ___________
- [ ] Option B: Native Linux installation on ___________
- [ ] Option C: Windows installation on ___________
### Step 8: Initial Configuration
- [ ] Access: http://10.0.0.245:3000
- [ ] Complete setup wizard
- [ ] Admin interface port: `3000`
- [ ] DNS server port: `53`
- [ ] Set admin username: _________________
- [ ] Set admin password: _________________
- [ ] Save credentials in password manager
### Step 9: Configure Upstream DNS
- [ ] Settings → DNS settings
- [ ] Add upstream servers:
- [ ] `https://dns.cloudflare.com/dns-query`
- [ ] `https://dns.google/dns-query`
- [ ] `1.1.1.1`
- [ ] `8.8.8.8`
- [ ] Enable parallel queries
- [ ] Save
### Step 10: Add Blocklists
- [ ] Filters → DNS blocklists
- [ ] Add OISD Big List: `https://big.oisd.nl/`
- [ ] Add AdGuard DNS: `https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt`
- [ ] Add Steven Black: `https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts`
- [ ] Save and Apply
### Step 11: Local DNS Entries
- [ ] Filters → DNS rewrites
- [ ] Add: `openwrt.local``10.0.0.246`
- [ ] Add: `adguard.local``10.0.0.245`
- [ ] Add: `homeassistant.local``10.0.0.55`
- [ ] Add: `router.local``10.0.0.254`
---
## Phase 4: Access Control Setup (15 minutes)
### Step 12: Install Required Packages
SSH to OpenWRT (ssh root@10.0.0.246):
```bash
opkg update
opkg install luci-app-firewall iptables-mod-extra
```
- [ ] Packages installed successfully
### Step 13: Copy Device Control Script
- [ ] Upload device-control.sh to /root/
- [ ] Run: `chmod +x /root/device-control.sh`
- [ ] Run: `/root/device-control.sh init`
### Step 14: Configure Persistence
- [ ] Edit /etc/firewall.user
- [ ] Add these lines:
```bash
ipset create blocked_devices hash:ip timeout 0 comment -exist
iptables -I FORWARD -m set --match-set blocked_devices src -j REJECT
```
- [ ] Save and exit
- [ ] Run: `/etc/init.d/firewall restart`
---
## Phase 5: Testing (20 minutes)
### Step 15: Test DHCP
- [ ] Connect test device to network
- [ ] Verify IP received in range 10.0.0.1-200
- [ ] Verify DNS server shows as 10.0.0.245
- [ ] Verify gateway is 10.0.0.254 or 10.0.0.246
### Step 16: Test DNS Resolution
From test device:
```bash
nslookup google.com 10.0.0.245
```
- [ ] DNS query successful
- [ ] Response received
### Step 17: Test AdGuard Filtering
- [ ] Access http://10.0.0.245:3000
- [ ] Dashboard → Query Log
- [ ] Browse to a website from test device
- [ ] Verify queries appear in log
- [ ] Try accessing known ad domain
- [ ] Verify ads are blocked
### Step 18: Test Access Control
- [ ] Get test device IP: _________________
- [ ] Run: `/root/device-control.sh block [IP] "Test Device"`
- [ ] Verify internet access is blocked
- [ ] Run: `/root/device-control.sh unblock [IP]`
- [ ] Verify internet access restored
### Step 19: Verify Static Leases
- [ ] Check each static device is getting correct IP
- [ ] HomeAssistant: 10.0.0.55 ✓
- [ ] New AdGuard: 10.0.0.245 ✓
- [ ] TPLink Router: 10.0.0.254 ✓
---
## Phase 6: Backup & Documentation (10 minutes)
### Step 20: Create Backups
- [ ] OpenWRT: System → Backup/Flash → Generate Archive
- [ ] Save backup file: openwrt-backup-[DATE].tar.gz
- [ ] AdGuard: Settings → General → Export Settings
- [ ] Save backup file: adguard-backup-[DATE].yaml
### Step 21: Document Your Setup
Create a file with:
- [ ] OpenWRT admin password
- [ ] AdGuard admin credentials
- [ ] List of static IP assignments
- [ ] List of blocked devices (if any)
- [ ] Any custom firewall rules
- [ ] Backup file locations
---
## Post-Setup Verification
### Final Checks
- [ ] All devices can get DHCP leases
- [ ] DNS resolution working through AdGuard
- [ ] Internet access working for allowed devices
- [ ] AdGuard dashboard accessible
- [ ] OpenWRT web interface accessible
- [ ] Device blocking working correctly
- [ ] Static leases all functioning
- [ ] Local DNS names resolving (openwrt.local, etc.)
### Performance Checks
- [ ] Run speed test from multiple devices
- [ ] Verify DNS response times in AdGuard
- [ ] Check for any connection issues
- [ ] Monitor AdGuard query log for problems
---
## Common Device Management Commands
### Block/Unblock Devices
```bash
# Block a device
/root/device-control.sh block 10.0.0.100 "Kids Tablet"
# Unblock a device
/root/device-control.sh unblock 10.0.0.100
# List all blocked devices
/root/device-control.sh list
# Check device status
/root/device-control.sh status 10.0.0.100
```
### Monitor System
```bash
# View DHCP leases
cat /tmp/dhcp.leases
# View system log
logread
# Check DNS traffic
tcpdump -i br-lan port 53
# Restart services
/etc/init.d/dnsmasq restart
/etc/init.d/firewall restart
```
---
## Troubleshooting Reference
### Issue: Can't access OpenWRT web interface
```bash
/etc/init.d/uhttpd restart
netstat -tulpn | grep :80
```
### Issue: DHCP not giving out addresses
```bash
/etc/init.d/dnsmasq restart
logread | grep -i dhcp
```
### Issue: DNS not resolving
```bash
nslookup google.com 10.0.0.245
ping 10.0.0.245
```
### Issue: Device blocking not working
```bash
ipset list blocked_devices
iptables -L FORWARD -v -n
/etc/init.d/firewall restart
```
---
## Maintenance Schedule
### Weekly
- [ ] Check AdGuard query logs for anomalies
- [ ] Review blocked devices list
- [ ] Check OpenWRT system log for errors
### Monthly
- [ ] Update AdGuard blocklists
- [ ] Review and update static leases
- [ ] Check for OpenWRT updates: System → Software
- [ ] Create fresh backups
### Quarterly
- [ ] Review all firewall rules
- [ ] Audit device access permissions
- [ ] Update OpenWRT firmware if available
- [ ] Test backup restoration procedure
---
## Emergency Contacts & Resources
### Reset Instructions
**OpenWRT Hard Reset:**
- Press and hold reset button for 10 seconds
- Default IP will be 192.168.1.1
**AdGuard Reset:**
- Stop AdGuard service
- Delete config files
- Restart and run setup wizard
### Support Resources
- OpenWRT Forum: https://forum.openwrt.org/
- AdGuard Forum: https://forum.adguard.com/
- This documentation folder: ________________
---
## Completion Sign-off
Setup completed by: _________________
Date: _________________
Time taken: _______ minutes
All phases completed successfully: ☐ YES ☐ NO
Notes/Issues encountered:
_________________________________________________
_________________________________________________
_________________________________________________
Next review date: _________________