325 lines
8.1 KiB
Markdown
325 lines
8.1 KiB
Markdown
# OpenWRT & AdGuard Setup - Quick Checklist
|
|
|
|
## Pre-Setup Information
|
|
- [ ] Note current network gateway: **10.0.0.254** (TPLink)
|
|
- [ ] Note current DNS: **10.0.0.55** (HomeAssistant/AdGuard)
|
|
- [ ] OpenWRT target IP: **10.0.0.246**
|
|
- [ ] New AdGuard IP: **10.0.0.245**
|
|
- [ ] DHCP range: **10.0.0.1 - 10.0.0.200**
|
|
|
|
---
|
|
|
|
## Phase 1: OpenWRT Initial Setup (15 minutes)
|
|
|
|
### Step 1: First Connection
|
|
- [ ] Connect Ethernet cable to OpenWRT LAN port
|
|
- [ ] Access default IP: http://192.168.1.1
|
|
- [ ] Login as root (no password on first boot)
|
|
|
|
### Step 2: Set Security
|
|
- [ ] System → Administration → Router Password
|
|
- [ ] Set strong root password: _________________
|
|
- [ ] Save the password in your password manager
|
|
|
|
### Step 3: Configure LAN Interface
|
|
- [ ] Network → Interfaces → LAN → Edit
|
|
- [ ] IPv4 address: `10.0.0.246`
|
|
- [ ] IPv4 netmask: `255.255.255.0`
|
|
- [ ] IPv4 gateway: `10.0.0.254`
|
|
- [ ] Use custom DNS: `10.0.0.245`
|
|
- [ ] Save & Apply
|
|
- [ ] Reconnect to http://10.0.0.246
|
|
|
|
---
|
|
|
|
## Phase 2: DHCP Configuration (10 minutes)
|
|
|
|
### Step 4: Basic DHCP
|
|
- [ ] Network → DHCP and DNS
|
|
- [ ] DNS forwardings: `10.0.0.245`
|
|
- [ ] Save
|
|
|
|
### Step 5: DHCP Range
|
|
- [ ] Network → Interfaces → LAN → Edit → DHCP Server
|
|
- [ ] Enable DHCP server: ✓
|
|
- [ ] Start: `1`
|
|
- [ ] Limit: `200`
|
|
- [ ] Lease time: `12h`
|
|
- [ ] Save & Apply
|
|
|
|
### Step 6: Static Leases
|
|
- [ ] Network → DHCP and DNS → Static Leases
|
|
- [ ] Add lease: HomeAssistant → MAC: ____________ → IP: 10.0.0.55
|
|
- [ ] Add lease: New AdGuard → MAC: ____________ → IP: 10.0.0.245
|
|
- [ ] Add lease: TPLink Router → MAC: ____________ → IP: 10.0.0.254
|
|
- [ ] Add other critical devices as needed
|
|
|
|
---
|
|
|
|
## Phase 3: AdGuard Home Setup (20 minutes)
|
|
|
|
### Step 7: Install AdGuard
|
|
Choose your installation method:
|
|
- [ ] Option A: Docker installation on ___________
|
|
- [ ] Option B: Native Linux installation on ___________
|
|
- [ ] Option C: Windows installation on ___________
|
|
|
|
### Step 8: Initial Configuration
|
|
- [ ] Access: http://10.0.0.245:3000
|
|
- [ ] Complete setup wizard
|
|
- [ ] Admin interface port: `3000`
|
|
- [ ] DNS server port: `53`
|
|
- [ ] Set admin username: _________________
|
|
- [ ] Set admin password: _________________
|
|
- [ ] Save credentials in password manager
|
|
|
|
### Step 9: Configure Upstream DNS
|
|
- [ ] Settings → DNS settings
|
|
- [ ] Add upstream servers:
|
|
- [ ] `https://dns.cloudflare.com/dns-query`
|
|
- [ ] `https://dns.google/dns-query`
|
|
- [ ] `1.1.1.1`
|
|
- [ ] `8.8.8.8`
|
|
- [ ] Enable parallel queries
|
|
- [ ] Save
|
|
|
|
### Step 10: Add Blocklists
|
|
- [ ] Filters → DNS blocklists
|
|
- [ ] Add OISD Big List: `https://big.oisd.nl/`
|
|
- [ ] Add AdGuard DNS: `https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt`
|
|
- [ ] Add Steven Black: `https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts`
|
|
- [ ] Save and Apply
|
|
|
|
### Step 11: Local DNS Entries
|
|
- [ ] Filters → DNS rewrites
|
|
- [ ] Add: `openwrt.local` → `10.0.0.246`
|
|
- [ ] Add: `adguard.local` → `10.0.0.245`
|
|
- [ ] Add: `homeassistant.local` → `10.0.0.55`
|
|
- [ ] Add: `router.local` → `10.0.0.254`
|
|
|
|
---
|
|
|
|
## Phase 4: Access Control Setup (15 minutes)
|
|
|
|
### Step 12: Install Required Packages
|
|
SSH to OpenWRT (ssh root@10.0.0.246):
|
|
```bash
|
|
opkg update
|
|
opkg install luci-app-firewall iptables-mod-extra
|
|
```
|
|
- [ ] Packages installed successfully
|
|
|
|
### Step 13: Copy Device Control Script
|
|
- [ ] Upload device-control.sh to /root/
|
|
- [ ] Run: `chmod +x /root/device-control.sh`
|
|
- [ ] Run: `/root/device-control.sh init`
|
|
|
|
### Step 14: Configure Persistence
|
|
- [ ] Edit /etc/firewall.user
|
|
- [ ] Add these lines:
|
|
```bash
|
|
ipset create blocked_devices hash:ip timeout 0 comment -exist
|
|
iptables -I FORWARD -m set --match-set blocked_devices src -j REJECT
|
|
```
|
|
- [ ] Save and exit
|
|
- [ ] Run: `/etc/init.d/firewall restart`
|
|
|
|
---
|
|
|
|
## Phase 5: Testing (20 minutes)
|
|
|
|
### Step 15: Test DHCP
|
|
- [ ] Connect test device to network
|
|
- [ ] Verify IP received in range 10.0.0.1-200
|
|
- [ ] Verify DNS server shows as 10.0.0.245
|
|
- [ ] Verify gateway is 10.0.0.254 or 10.0.0.246
|
|
|
|
### Step 16: Test DNS Resolution
|
|
From test device:
|
|
```bash
|
|
nslookup google.com 10.0.0.245
|
|
```
|
|
- [ ] DNS query successful
|
|
- [ ] Response received
|
|
|
|
### Step 17: Test AdGuard Filtering
|
|
- [ ] Access http://10.0.0.245:3000
|
|
- [ ] Dashboard → Query Log
|
|
- [ ] Browse to a website from test device
|
|
- [ ] Verify queries appear in log
|
|
- [ ] Try accessing known ad domain
|
|
- [ ] Verify ads are blocked
|
|
|
|
### Step 18: Test Access Control
|
|
- [ ] Get test device IP: _________________
|
|
- [ ] Run: `/root/device-control.sh block [IP] "Test Device"`
|
|
- [ ] Verify internet access is blocked
|
|
- [ ] Run: `/root/device-control.sh unblock [IP]`
|
|
- [ ] Verify internet access restored
|
|
|
|
### Step 19: Verify Static Leases
|
|
- [ ] Check each static device is getting correct IP
|
|
- [ ] HomeAssistant: 10.0.0.55 ✓
|
|
- [ ] New AdGuard: 10.0.0.245 ✓
|
|
- [ ] TPLink Router: 10.0.0.254 ✓
|
|
|
|
---
|
|
|
|
## Phase 6: Backup & Documentation (10 minutes)
|
|
|
|
### Step 20: Create Backups
|
|
- [ ] OpenWRT: System → Backup/Flash → Generate Archive
|
|
- [ ] Save backup file: openwrt-backup-[DATE].tar.gz
|
|
- [ ] AdGuard: Settings → General → Export Settings
|
|
- [ ] Save backup file: adguard-backup-[DATE].yaml
|
|
|
|
### Step 21: Document Your Setup
|
|
Create a file with:
|
|
- [ ] OpenWRT admin password
|
|
- [ ] AdGuard admin credentials
|
|
- [ ] List of static IP assignments
|
|
- [ ] List of blocked devices (if any)
|
|
- [ ] Any custom firewall rules
|
|
- [ ] Backup file locations
|
|
|
|
---
|
|
|
|
## Post-Setup Verification
|
|
|
|
### Final Checks
|
|
- [ ] All devices can get DHCP leases
|
|
- [ ] DNS resolution working through AdGuard
|
|
- [ ] Internet access working for allowed devices
|
|
- [ ] AdGuard dashboard accessible
|
|
- [ ] OpenWRT web interface accessible
|
|
- [ ] Device blocking working correctly
|
|
- [ ] Static leases all functioning
|
|
- [ ] Local DNS names resolving (openwrt.local, etc.)
|
|
|
|
### Performance Checks
|
|
- [ ] Run speed test from multiple devices
|
|
- [ ] Verify DNS response times in AdGuard
|
|
- [ ] Check for any connection issues
|
|
- [ ] Monitor AdGuard query log for problems
|
|
|
|
---
|
|
|
|
## Common Device Management Commands
|
|
|
|
### Block/Unblock Devices
|
|
```bash
|
|
# Block a device
|
|
/root/device-control.sh block 10.0.0.100 "Kids Tablet"
|
|
|
|
# Unblock a device
|
|
/root/device-control.sh unblock 10.0.0.100
|
|
|
|
# List all blocked devices
|
|
/root/device-control.sh list
|
|
|
|
# Check device status
|
|
/root/device-control.sh status 10.0.0.100
|
|
```
|
|
|
|
### Monitor System
|
|
```bash
|
|
# View DHCP leases
|
|
cat /tmp/dhcp.leases
|
|
|
|
# View system log
|
|
logread
|
|
|
|
# Check DNS traffic
|
|
tcpdump -i br-lan port 53
|
|
|
|
# Restart services
|
|
/etc/init.d/dnsmasq restart
|
|
/etc/init.d/firewall restart
|
|
```
|
|
|
|
---
|
|
|
|
## Troubleshooting Reference
|
|
|
|
### Issue: Can't access OpenWRT web interface
|
|
```bash
|
|
/etc/init.d/uhttpd restart
|
|
netstat -tulpn | grep :80
|
|
```
|
|
|
|
### Issue: DHCP not giving out addresses
|
|
```bash
|
|
/etc/init.d/dnsmasq restart
|
|
logread | grep -i dhcp
|
|
```
|
|
|
|
### Issue: DNS not resolving
|
|
```bash
|
|
nslookup google.com 10.0.0.245
|
|
ping 10.0.0.245
|
|
```
|
|
|
|
### Issue: Device blocking not working
|
|
```bash
|
|
ipset list blocked_devices
|
|
iptables -L FORWARD -v -n
|
|
/etc/init.d/firewall restart
|
|
```
|
|
|
|
---
|
|
|
|
## Maintenance Schedule
|
|
|
|
### Weekly
|
|
- [ ] Check AdGuard query logs for anomalies
|
|
- [ ] Review blocked devices list
|
|
- [ ] Check OpenWRT system log for errors
|
|
|
|
### Monthly
|
|
- [ ] Update AdGuard blocklists
|
|
- [ ] Review and update static leases
|
|
- [ ] Check for OpenWRT updates: System → Software
|
|
- [ ] Create fresh backups
|
|
|
|
### Quarterly
|
|
- [ ] Review all firewall rules
|
|
- [ ] Audit device access permissions
|
|
- [ ] Update OpenWRT firmware if available
|
|
- [ ] Test backup restoration procedure
|
|
|
|
---
|
|
|
|
## Emergency Contacts & Resources
|
|
|
|
### Reset Instructions
|
|
**OpenWRT Hard Reset:**
|
|
- Press and hold reset button for 10 seconds
|
|
- Default IP will be 192.168.1.1
|
|
|
|
**AdGuard Reset:**
|
|
- Stop AdGuard service
|
|
- Delete config files
|
|
- Restart and run setup wizard
|
|
|
|
### Support Resources
|
|
- OpenWRT Forum: https://forum.openwrt.org/
|
|
- AdGuard Forum: https://forum.adguard.com/
|
|
- This documentation folder: ________________
|
|
|
|
---
|
|
|
|
## Completion Sign-off
|
|
|
|
Setup completed by: _________________
|
|
Date: _________________
|
|
Time taken: _______ minutes
|
|
|
|
All phases completed successfully: ☐ YES ☐ NO
|
|
|
|
Notes/Issues encountered:
|
|
_________________________________________________
|
|
_________________________________________________
|
|
_________________________________________________
|
|
|
|
Next review date: _________________
|