jessikitty/openwrt-adguard-setup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c33034a9eb35284d2e5d008ca44b14929c1c5356
openwrt-adguard-setup/setup-checklist.md

8.1 KiB
Raw Blame History

OpenWRT & AdGuard Setup - Quick Checklist

Pre-Setup Information

  • Note current network gateway: 10.0.0.254 (TPLink)
  • Note current DNS: 10.0.0.55 (HomeAssistant/AdGuard)
  • OpenWRT target IP: 10.0.0.246
  • New AdGuard IP: 10.0.0.245
  • DHCP range: 10.0.0.1 - 10.0.0.200

Phase 1: OpenWRT Initial Setup (15 minutes)

Step 1: First Connection

  • Connect Ethernet cable to OpenWRT LAN port
  • Access default IP: http://192.168.1.1
  • Login as root (no password on first boot)

Step 2: Set Security

  • System → Administration → Router Password
  • Set strong root password: _________________
  • Save the password in your password manager

Step 3: Configure LAN Interface

  • Network → Interfaces → LAN → Edit
  • IPv4 address: 10.0.0.246
  • IPv4 netmask: 255.255.255.0
  • IPv4 gateway: 10.0.0.254
  • Use custom DNS: 10.0.0.245
  • Save & Apply
  • Reconnect to http://10.0.0.246

Phase 2: DHCP Configuration (10 minutes)

Step 4: Basic DHCP

  • Network → DHCP and DNS
  • DNS forwardings: 10.0.0.245
  • Save

Step 5: DHCP Range

  • Network → Interfaces → LAN → Edit → DHCP Server
  • Enable DHCP server: ✓
  • Start: 1
  • Limit: 200
  • Lease time: 12h
  • Save & Apply

Step 6: Static Leases

  • Network → DHCP and DNS → Static Leases
  • Add lease: HomeAssistant → MAC: ____________ → IP: 10.0.0.55
  • Add lease: New AdGuard → MAC: ____________ → IP: 10.0.0.245
  • Add lease: TPLink Router → MAC: ____________ → IP: 10.0.0.254
  • Add other critical devices as needed

Phase 3: AdGuard Home Setup (20 minutes)

Step 7: Install AdGuard

Choose your installation method:

  • Option A: Docker installation on ___________
  • Option B: Native Linux installation on ___________
  • Option C: Windows installation on ___________

Step 8: Initial Configuration

  • Access: http://10.0.0.245:3000
  • Complete setup wizard
  • Admin interface port: 3000
  • DNS server port: 53
  • Set admin username: _________________
  • Set admin password: _________________
  • Save credentials in password manager

Step 9: Configure Upstream DNS

  • Settings → DNS settings
  • Add upstream servers:
    • https://dns.cloudflare.com/dns-query
    • https://dns.google/dns-query
    • 1.1.1.1
    • 8.8.8.8
  • Enable parallel queries
  • Save

Step 10: Add Blocklists

  • Filters → DNS blocklists
  • Add OISD Big List: https://big.oisd.nl/
  • Add AdGuard DNS: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
  • Add Steven Black: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
  • Save and Apply

Step 11: Local DNS Entries

  • Filters → DNS rewrites
  • Add: openwrt.local10.0.0.246
  • Add: adguard.local10.0.0.245
  • Add: homeassistant.local10.0.0.55
  • Add: router.local10.0.0.254

Phase 4: Access Control Setup (15 minutes)

Step 12: Install Required Packages

SSH to OpenWRT (ssh root@10.0.0.246):

opkg update
opkg install luci-app-firewall iptables-mod-extra
  • Packages installed successfully

Step 13: Copy Device Control Script

  • Upload device-control.sh to /root/
  • Run: chmod +x /root/device-control.sh
  • Run: /root/device-control.sh init

Step 14: Configure Persistence

  • Edit /etc/firewall.user
  • Add these lines:
ipset create blocked_devices hash:ip timeout 0 comment -exist
iptables -I FORWARD -m set --match-set blocked_devices src -j REJECT
  • Save and exit
  • Run: /etc/init.d/firewall restart

Phase 5: Testing (20 minutes)

Step 15: Test DHCP

  • Connect test device to network
  • Verify IP received in range 10.0.0.1-200
  • Verify DNS server shows as 10.0.0.245
  • Verify gateway is 10.0.0.254 or 10.0.0.246

Step 16: Test DNS Resolution

From test device:

nslookup google.com 10.0.0.245
  • DNS query successful
  • Response received

Step 17: Test AdGuard Filtering

  • Access http://10.0.0.245:3000
  • Dashboard → Query Log
  • Browse to a website from test device
  • Verify queries appear in log
  • Try accessing known ad domain
  • Verify ads are blocked

Step 18: Test Access Control

  • Get test device IP: _________________
  • Run: /root/device-control.sh block [IP] "Test Device"
  • Verify internet access is blocked
  • Run: /root/device-control.sh unblock [IP]
  • Verify internet access restored

Step 19: Verify Static Leases

  • Check each static device is getting correct IP
  • HomeAssistant: 10.0.0.55 ✓
  • New AdGuard: 10.0.0.245 ✓
  • TPLink Router: 10.0.0.254 ✓

Phase 6: Backup & Documentation (10 minutes)

Step 20: Create Backups

  • OpenWRT: System → Backup/Flash → Generate Archive
  • Save backup file: openwrt-backup-[DATE].tar.gz
  • AdGuard: Settings → General → Export Settings
  • Save backup file: adguard-backup-[DATE].yaml

Step 21: Document Your Setup

Create a file with:

  • OpenWRT admin password
  • AdGuard admin credentials
  • List of static IP assignments
  • List of blocked devices (if any)
  • Any custom firewall rules
  • Backup file locations

Post-Setup Verification

Final Checks

  • All devices can get DHCP leases
  • DNS resolution working through AdGuard
  • Internet access working for allowed devices
  • AdGuard dashboard accessible
  • OpenWRT web interface accessible
  • Device blocking working correctly
  • Static leases all functioning
  • Local DNS names resolving (openwrt.local, etc.)

Performance Checks

  • Run speed test from multiple devices
  • Verify DNS response times in AdGuard
  • Check for any connection issues
  • Monitor AdGuard query log for problems

Common Device Management Commands

Block/Unblock Devices

# Block a device
/root/device-control.sh block 10.0.0.100 "Kids Tablet"

# Unblock a device
/root/device-control.sh unblock 10.0.0.100

# List all blocked devices
/root/device-control.sh list

# Check device status
/root/device-control.sh status 10.0.0.100

Monitor System

# View DHCP leases
cat /tmp/dhcp.leases

# View system log
logread

# Check DNS traffic
tcpdump -i br-lan port 53

# Restart services
/etc/init.d/dnsmasq restart
/etc/init.d/firewall restart

Troubleshooting Reference

Issue: Can't access OpenWRT web interface

/etc/init.d/uhttpd restart
netstat -tulpn | grep :80

Issue: DHCP not giving out addresses

/etc/init.d/dnsmasq restart
logread | grep -i dhcp

Issue: DNS not resolving

nslookup google.com 10.0.0.245
ping 10.0.0.245

Issue: Device blocking not working

ipset list blocked_devices
iptables -L FORWARD -v -n
/etc/init.d/firewall restart

Maintenance Schedule

Weekly

  • Check AdGuard query logs for anomalies
  • Review blocked devices list
  • Check OpenWRT system log for errors

Monthly

  • Update AdGuard blocklists
  • Review and update static leases
  • Check for OpenWRT updates: System → Software
  • Create fresh backups

Quarterly

  • Review all firewall rules
  • Audit device access permissions
  • Update OpenWRT firmware if available
  • Test backup restoration procedure

Emergency Contacts & Resources

Reset Instructions

OpenWRT Hard Reset:

  • Press and hold reset button for 10 seconds
  • Default IP will be 192.168.1.1

AdGuard Reset:

  • Stop AdGuard service
  • Delete config files
  • Restart and run setup wizard

Support Resources

Completion Sign-off

Setup completed by: _________________ Date: _________________ Time taken: _______ minutes

All phases completed successfully: ☐ YES ☐ NO

Notes/Issues encountered:

Next review date: _________________

Reference in New Issue View Git Blame Copy Permalink