Ad blocking feature available?

hello people from vyos world can u care to give me tips how to block ads on my network ,like in openwrt u have adblock, or in opnsense u have unbound dns blacklist ,how to achieve something similar here

There is a webcategory database you can utilize through the webproxy function:

https://docs.vyos.io/en/latest/configuration/service/webproxy.html#url-filtering

Note however that you would need to enable ssl-termination for that to work properly.

Other than that you can install pi-hole as a docker image in VyOS to have the blocking be done through DNS-queries.

Finally what works best IMHO is to use something like Ghostery as an extension to your browser - this way you wont have to deal with SSL-termination and Ghostery (and the others) can be more granular on how they replace the unwanted urls/requests within your browser.

2 Likes

let me try these options,thnks again

is the process easy to install pi hole is this method correct or is there a better way

PiHole running on Docker - Talks - VyOS Forums

Try adguard home with docker-compose to deploy it.

2 Likes

i am a newbie if you could guide me step by step please…

I went down this rabbit hole yesterday. I documented the steps used to create a Adguard Home container in Vyos 1.4:

I went a little further and used the Vyos forwarder listening on a different port as a recursive DNS server that Adguard uses to avoid using public DNS servers but that’s not reflected in this guide. Adguard not supporting this out of the box is a little silly but there are workarounds.

5 Likes

Let me report back after checking ur a saviour :raised_hands:

Hi @JeffWDH,

Thank you so much for sharing the steps to create an AdGuard Home container in VyOS 1.4! Your documentation and insights are incredibly valuable to our community. We really appreciates your contribution. Thanks again! :tada: :beer:

3 Likes

Hello,

I describe my implemention of PiHole and using Cloudflare DoH (DNS over HTTPS) in this post if you are curious.

If you don’t want to use DoH you can use the normal PiHole docker image instead of the one I use, or create your own.

1 Like

ok got it working
thanks a ton u saved my weeks time but please make small correction two lines are incomplete

set container name adguard volume adguard-conf source ‘/config/adguard/conf’ (adguardhome/conf)

volume adguard-work source ‘/config/adguard/work’(adguardhome/work)

just to save time of some one else

1 Like

you guys rock i feel like we are all one family helping out each other im slowly removing **sense from all my 5 installations once i have full command over vyos…

Good catch. I’m actually using /config/adguard for my setup and just messed up the instructions. Updated!

3 Likes

Nice guide!

I’ve been running almost exactly this setup for about a year, thought it would be a pretty rare config. Many people would run the container on another server, but I like it being in vyos for simplicity. My only two differences to your config were:

  • I had “cap-add net-raw”, you’ve made me realise I could narrow that down to net-bind-service, of course!
  • I haven’t done the same as you with /etc/hosts, but it makes sense. I haven’t found a need to with my setup, I think because I also use Adguard Home for DHCP I don’t have anything special in the vyos hosts file anyway.

In Adguard Home I’m using DoH and DNSSEC to connect to a few upstreams, and I find setting parallel requests and optimistic caching makes it very fast, with average processing time being ~1ms. I’m not too worried about it not being recursive, and I prefer Adguard Home currently over PiHole because of the ease of setting different filters and upstreams for my kids’ devices. Haven’t tried PiHole for a few years though, it may have caught up.

2 Likes

Oh boy, nope I definitely needed “cap-add net-raw” for my setup. Without it my devices weren’t being given IP addresses from Adguard Home’s DHCP server. :smile:

Just out of curiosity: why are you using Adguard DHCP server over VyOS DHCP server? I am not saying you are doing anything wrong here, I am just curious :slight_smile:

2 Likes

No problem. Firstly I’m only using this in a home network, and acknowledge it’s probably not best practice. The short answer is that it just comes down to what I do rarely vs what I do often.

I prefer repeatable text based configuration. I use VyOS for the same reason I use NixOS, I like that (given the same hardware and image version) the same config file will give me an identical environment, and I can quickly roll back any changes. Sometimes I see people asking for GUI features in VyOS and I understand that, but if I wanted that myself there are other firewalls that provide it. I just want a stable router/firewall that rarely changes, and when it does I can commit the config into git.

Except for DHCP/DNS! I’m constantly messing with individual devices. I have different subnets defined in VyOS to use different VPNs, for example, and I often add or move devices between subnets to switch those. With Adblock Home I don’t have to get on my computer, I can pop out my phone and do it very quickly, it has an easy and intuitive interface.

So for me using ABH with VyOS is the best of both worlds. Pihole and other systems would offer a similar experience. There are probably significant risks to stability having my network rely on a podman container inside the router, but it has been bulletproof for my limited use case (until the tiny change I made and reverted today :smiley: ) so, I’m happy.

2 Likes

since you seem to be working with adguard a lot if i have ipv6 on my wan and lan do we have to specify ipv6 dns server in upstream or is it automatic

I don’t know, I disable ipv6 everywhere on my network.

(I know that’s frowned upon in IT circles, but shrug it’s just my home network and it makes my life simpler.)

1 Like

Same to me! Ipv4 will be easier.

3 Likes