Just an update - OPNsense 23.1 released this week & includes some better reporting tools for the built-in UnboundDNS resolver: opnsense.org/opnsense-23-1-released/ For some, this may be enough to prefer Unbound over AdGuard. Just up to your preference!
At first I thought 'wow, how could it take almost half an hour to explain how to do this', now I must say, this is probably the most valuably instructive video I've ever seen 🥺
Hello - and thank you so much for the comment! I feel like I struggle sometimes with thinking "oh this should be quick" - then wind up wanting to explain or give more examples, which extends the length of the video. It sometimes makes me worry that they end up too long for most people. I really appreciate your feedback 😊
@@0x2142 I get that. It's definitely more work, but maybe it's worth seperating content into two videos: a 5-8 min direct approach (e.g. add repo, install adguard; to get the views) and a seperate video for the advanced stuff (ad lists, custom filters, seperate DNS etc; for the viewers who want more). Just an idea though :)
Thanks for this! I have a quick question/suggestion about the last section of your video: If you want to use Unbound together with AdGuard, then you must set Unbound's IP and port (192.168.1.1:53 in your example) in AdGuard > DNS Settings > Upstream DNS Servers. Also, in this case, you can leave blank the Services > DHCPv4 > [LAN] > DNS Servers field in OPNsense (15:11). Please correct me if I'm wrong...
A missed opportunity, a nice little joke would have been when he clicked on block RU-vid, his video went to a black screen. Or a good way to have had to end the video. LOL
Awesome Informative video, clear voice, easy to follow, thank you so much. I've had my OPNsense server for a couple of years and only now am I finding out how powerful it is, in fact I'm wondering based on this if I should setup a pihole docker container on my synology NAS docker and forward unbound to that. maybe, maybe not, this seems nice an easy to remember.
Thank you so much for this.. with this step will I be able to see all my opn sense client in adguard instead of just open sense ip.m I have pf sense currently and I have tried everything possible but it only shows my pf sense ip ad.. ty
Do you if it is possible to still show the client IP address in AdGuard when using both Unbound and AdGuard? With the query forwarding all traffic in AdGuard is coming from the interface IP. Is there a way to still forward the traffic but keep the client IP address?
set all of this up ti discover in the end that if I have my amneziavpn (wireguard client with obfuscation) on, service blocks dont work:) prolly none of the other filtering too? haven't checke danything yet. just discovered:)
For me it only works if the machine has auto dns, if I put manual dns in the machine for example google or other then the blocks go away, how can I make the opnsense machine dns authoritative thru the whole network
awesome video. got this up and running on my home lan during my lunch break. but can you intercept doh ? because this works well and good until someone turns on secure dns via DoH or DoT. I'm wondering about how to deal with those scenarios. I presume you can't just redirect the request, because it's just https. can opnsense detect doh and redirect it ?
Once i selected my blocked services, I can still access these sites?? Is there a step I need to configure in Opnsense to block them?I followed along with everything that was mentioned in the step-by-step. But still can access the sites. Someone please help.
I can't connect to the adguard port for some reason. The page isn’t redirecting properly Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
Great video! I currently have my Adguard setup on my TrueNAS. I wanted to get Adguard off my TrueNAS as it will be blasted away soon. I recently purchased one of the little firewall machines and have installed proxmox with OPNsense (PCIe passthrough for WAN interface) and an adguard container. I just tried this with my OPNsense and got Adguard installed on it. But when I updated Adguard it just sits there with the spinning icon. Even removing the service and installing it again, I have the same issue. So it looks like it is just not there yet.
Huh, that's odd. When I was recording this video - I went through the install/setup process a few times. Usually the upgrade was fairly quick, but I did have once or twice where it did spin for a while - though it always completed eventually!
Works well as per the guide. Only problem I am encountering is, on AdGuardHome, only the IP address of the Opnsense DNS is showing in the logs, not by the individual IPs conntected on the network. Is there any workaround on this? Thanks.
It sounds like you have Unbound forwarding the queries to AdGuard. In that case, as far as AdGuard knows, it's only the Unbound service (running on the same box) that's doing any queries. This video should have mentioned that configuring it this way will result in losing the ability to do custom unblocking per client, or logging per client activity in general, since all queries to AdGuard come from your OPNsense box itself.
Hi, Sorry my bad English. Could you please help me? My adguardhome service in opnsense suddenly stopped working after a firewall reboot because of energy cut off in my house. When I try to restart the service it keeps shutting down right away. I also tried reinstalling adguardhome to its default config and it works, but when I replace my config .yaml file, it stops working again. How could I verify what the problem is?
Great Video. As a recent convert to OPNsense from pfsense, I was looking for a replacement to pfblockerNG. AdGuard seems to do the trick. I do have a couple of questions though. I have a similar problem to someone else who commented. I only see the IP of my OPNsense interface in the dashboard. I have multiple vlans/subnets and I have the DHCP servers all pointing to the IP of the OPNsense. I also created the Query forwarding entry as instructed near the end of the video. I am curious, do I need to the IP addresses of all the subnets in the bind section of the yaml file for it to recognize all of the IPs in the dashboard? My other question is the use of 5353. Another user commented that this is used for mDNS. I use Apple products and I know it needs to be able to use mDNS for AirPlay and bonjour. Should I be using a different port other than 5353? Thanks in advance for your help.
Hi, I set this up following your guide but after the initial setup on 3000, i cannot get to the web interface, this seems to make some sense as you show to configure it on the listen interface of the router but at port 80, this is surely the opnsense admin web interface so that is somewhat expected? I can't seem to uninstall and reinstall to reset the settings to try a different port now so seems to just be stuck running on a used port and not reachable to change
Hi there - you can still edit the port that the Web UI runs on, but you'll have to SSH into the OPNsense box & edit the configuration file manually. Check the video here: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-7RC7q5WOYC0.htmlsi=8hM4cmDbo30RhId1&t=1248 or written instructions on my blog here: 0x2142.com/how-to-set-up-adguard-on-opnsense/#how-do-i-change-the-interface-port-for-the-web-ui-or-dns
Is there any real reason to use this over the built in Unbound service? Seems like Unbound supports everything you could want from AdGuard including blocklists, custom rules, DoT etc. Using Unbound also has the advantage of integrating with the DHCP server so you can get your static mappings into DNS for free.
Hi there! Yeah it mostly depends on what you are comfortable & the specific features you need. Most of these products can do the job these days. Unbound definitely supports a lot more advanced configuration options than AdGuard - but I think AdGuard is much easier for someone to use who might not understand all that stuff. AdGuard is real easy to set up & get going, and the reporting/dashboards are easier to use. That being said - It's just up to what works for your use case.
Honestly, it's better to just use unbound as backup via a configuration file becomes more difficult from my last experience. If the repo being used is third party, the configuration file might not be able to be use, it might load but you might run into issues. EDIT: Just adding, you would not be getting a nice dashboard with Unbound as far as I know.
Thanks for the guide. I followed it leaving unbound enabled. AdGuard is working except the reporting only lists my OPNsense IP. It never shows which client made the request. Any ideas on why this is happening?
Hmm - Curious if the clients are on the same subnet? My only thought here is that perhaps the client address is hitting a NAT before reaching the AdGuard IP.
@@0x2142 I have no idea how it would be hitting a NAT before AdGuard. Its a new OPNsense install and the only thing I added to it is AdGuard so far. Everything is on same subnet and the computers Im testing this with are connected with ethernet to an unmanaged switch that is connected directly to the OPNsense LAN port. Its been driving me crazy trying to get this working.
Hi there - OPNsense is an open source product that you can download here: opnsense.org/download/ . While they do have some hardware appliances that you can buy with OPNsense pre-installed, generally most people will buy their own hardware. In addition, you can also buy some level of business support from OPNsense, but there is also free community-based support via their forums, etc. If you're interested in looking at some hardware or what the install / setup process looks like, I posted a video that covers this: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-ppS6IhKSkfY.html
Hey there! Pi-hole is absolutely an option, just depends on what you want out of it. Both products do pretty much the same just in different ways & they both work great. For this video, I focused on AdGuard Home because it can be loaded directly on an OPNsense firewall - rather than needing to install it separately. This could be helpful for people who might already be running OPNsense, but not have additional compute to run Pi-Hole or AdGuard elsewhere.
![[How To] Set up AdGuard Home on OPNsense](/img/logo.svg){kind=logo}
