Savoir Faire

Search

SearchSearch

Adguard on Mikrotik Router

Jul 30, 20235 min read

This is a tutorial on how to install a AdGuard Home DNS docker on your Mikrotik router. AdGuard Home is a free service you can use.

I swtiched my Asus router to a Mikrotik Router. As I was one of the unfortunate guy who was using a x86 Asus router, so I cannot use a reliable Asuswrt-Merlin. But after doing some researches online, I realize Mikrotik Router is too good to be true: they are cheap, the RouterOS is too powerful for a home user, and most importantly, it gets updates from time to time. Just that they are often out of stock. But I eventually get a hAP AX3. It is a great router, with possibility in using dockers to extend the functions of a router. I Instead of installing a pi-hole, I choose AdGuard Home instead.

The following tutorial is mostly referred to this tutorial by the Network Berg with some editings on steps. I transcript them to words, so that when navigating the tools, we can save a bit of time.

For this tutorial, I am using a Mikrotik hAP AX3 router with RouterOS 7.10.

Warning

RouterOS has a major change in 7.14, so some of the procedures might be obsolete.

Preparing the Router

You will first need to enable the Container function in the router.

  • Download Extra Packages of the corresponding infrastructure, mine is a ARM64
  • Unzip the downloaded zip file
  • Enter router admin console by using WinBox, then navigate to Files > Upload (Or alternatively, you can perform the same task by using their webUI)
  • Upload the container-7.XX-arm64.npk (depends on your Router OS version, the 7.XX will be different)
  • Reboot the Router by clicking System > Reboot
  • Open New Terminal, Key in /system/device-mode/update container=yes, after that, perform another reboot
  • Insert the Flash Drive, format it as ext4 by clicking System > Disks > Format Drive, it will take some time. You can use a very small and old one, even 256MB will do. You can configure the following virutal network while wating for the Flash Disk to format
  • You have prepared the Router for the installation

Configuring a virtual network

The next step would be quite technical, but as a layman, we can just follow the below step to create a virtual network for your Adguard Home

  • In WinBox, choose Bridge > New
  • Name the new interface as dockers
  • Then navigate to IP > Addresses > New
  • Set the address to be 10.0.0.1/24 (Can be your choice). Bind the Interface with dockers
  • Create a virtual Ethernet device, by choosing Interfaces > VETH > New
  • Name the new interface as veth1-adguard, address will be 10.0.0.2/24 and gateway to be 10.0.0.1
  • Finally, go to Brdiges > Ports > New
  • Bind the interface with bridge: Interface: veth-adguard, bridge: dockers

Then we have finished configuring the virtual network, time to move on to create a container!

Creating a container in RouterOS

We continue to perform the following tasks in Winbox, or the webUI.

  • We configture the container properties at Container > Config
  • Set Registry URL to be https://registry-1.docker.io (this is indeed the link of the docker hub) and Tmp dir to be your own usb flash disk
  • We use the latest version of Adguard Home. The tag for the latest version is adguard/adguardhome:latest
  • In Router OS, create a new container at Container > New
  • Set Remote Image to be adguard/adguardhome:latest, Interface: veth1-adguard, Root Dir usb1-part1/adguard and Enable Start On Boot
  • By default, the created container will be stopped, start the container
  • If all things go well, you can access your Adguard Home by accessing http://10.0.0.2:3000/, where port 3000 is the default port for this tool

Forcing all your devices use Adguard Home Server as DNS

Just two more steps to force your devices in your network to use Adguard Home as your DNS.

  • First one is to ensure your Router is using it as your DNS
  • Go to IP > DNS and replace your original DNS server with 10.0.0.2, it will tell that your router to use your Container as DNS server
  • Go to IP -> DHCP Server -> Networks tab -> Double-click your LAN network, set DNS Servers to 10.0.0.1 (this is the address of your router)
  • If you are using Windoes, open a cmd and type in ipconfig /release then ipconfig /renew to refresh your DHCP lease with the updated DNS address, pointing to your AdguardHome Server
  • Also use ipconfig /all to confirm that it’s been updated as expected
  • Finally, use ipconfig /flushdns to remove any Windows-cached resolved addresses so that your next DNS queries are sure to flow to AdguardHome’s DNS for resolution (and perhaps blocking)
  • And you are all set!

Enable some filters and check whether AdGuard is really guarding your DNS

By default, AdGuard Home only enables some filters, you can introduce to optimize your browsing experience.

  • Go to http://10.0.0.2:3000/, configure Filters to add / remove filters
  • Under Settings > DNS Settings, you will need to input an upstream DNS provider
  • Use this Test Ad Block tool to test whether your AdGuard Home is really blocking the contents. For a more accurate result, please disable your broswer’s adblocker
  • You can also check the dashboard of AdGuard Home to see whether there’s anything being blocked
  • If you can see a large number being blocked, then you are all good! You can further tweak AdGuard Home to suit your network’s need

Graph View

Backlinks

  • No backlinks found