How to install Adguard Home on your OpenWrt router

Block ads, spyware and speed up browsing with powerful DNS filtering at the router level.

Victor Bayas
Victor Bayas
August 22, 2023
4 min read
How to install Adguard Home on your OpenWrt router

AdGuard Home is a network-wide software for blocking ads & tracking. After you set it up, it’ll cover ALL your home devices, and you don’t need any client-side software for that.

It operates as a DNS server that re-routes tracking domains to a “black hole”, thus preventing your devices from connecting to those servers.

Compared to Pi-Hole, Adguard Home doesn’t requires additional dependencies so you can run it on OpenWrt without problems. It also supports DNS caching and encryption without additional software.

System requirements

  • A router with a recent version of OpenWrt installed
  • At least 100MB of free RAM
  • At least 20MB of free disk space
For this guide I’m going to use a Belkin RT3200 / Linksys E8450


This router has an arm64 processor but you may need to replace it with the architecture that matches your router (eg armv7, mips, etc), SSH into your router and run:

opkg update && opkg install wget
mkdir /opt/ && cd /opt/
wget -c
tar xfvz AdGuardHome_linux_arm64.tar.gz
rm AdGuardHome_linux_arm64.tar.gz
/opt/AdGuardHome/AdGuardHome -s install

Initial configuration

If your router is not at then replace the IP address accordingly
  • Go to
  • Setup the admin web interface to listen in at port 8080
  • Set DNS server to listen in at port 5353
  • Create an user and choose a strong password

Make your devices use AdGuard Home

Now that AGH is up and running we need to make our devices use it as their DNS server:

  1. Navigate to LuCi and go to Network -> DHCP and DNS
  2. Add into DNS forwardings, then click Save & Apply
  3. Navigate to Resolv and Hosts Files tab and check the Ignore resolv file option to prevent the router from using the DNS servers provided by your ISP

Intercept all DNS traffic

This step is optional, however there are apps and devices that ship with a harcoded DNS server (such as making our filtering rules useless unless we redirect those queries to our AGH instance.

  1. Navigate to LuCI → Network → Firewall → Port Forwards

  2. Click Add and specify:

    • Name: Intercept-DNS
    • Protocol: TCP, UDP
    • Source zone: lan
    • External port: 53
    • Destination zone: unspecified
    • Internal IP address: any
    • Internal port: any
  3. Then click Save & Apply

CLI instructions

# Intercept DNS traffic
uci -q delete firewall.dns_int
uci set firewall.dns_int="redirect"
uci set"Intercept-DNS"
uci set firewall.dns_int.src="lan"
uci set firewall.dns_int.src_dport="53"
uci set firewall.dns_int.proto="tcp udp"
uci set"DNAT"
# Also intercept IPv6 DNS traffic
uci set"any"
uci commit firewall
/etc/init.d/firewall restart

Final notes


Now that you have AdGuard Home up and running feel free to play with the settings, here are some of my recommendations:


Choose the DNS providers of your choice (Adguard Home supports both regular unencrypted DNS and encrypted DNS protocols such as DoH, DoH3, DoT and DoQ out of the box):

  • Upstream DNS servers:


  • Parallel requests: enabled (improves performance)

  • Private reverse DNS servers (for client names resolution):

  • Rate limit: 0 (if this is your LAN I don't see any reason to limit the number of requests)

  • Optimistic caching: enabled (dramatically improves performance)


Adguard Home supports hosts and adblock style blocklists, you can choose from the ones provided by default or add your own.

Personally, I use the HaGeZi Light blocklist but OISD Big is another good alternative for a set and forget setup.

Enjoy happy and safe browsing!

Let's build together

I'm always open to new projects and opportunities. Drop me an email or DM me on X and I'll get back to you.


© 2024 Victor Bayas.