How to install AdGuard Home on your FritzBox Router
You can more or less easily install AdGuard Home on your existing FritzBox with some scripts and commands.
How AdGuard Home works is explained in-depth over here.
You do not void your warranty because you can uninstall everything and flashing alternative firmware in the EU is not illegal and permitted by law.
Activating Telnet
There are some models without phone support in this case you can skip this part because you cannot activate the dialer help function.
- Open the user interface of your FritzBox, by "fritz.box" open in your Browser.
- Go to "telephony" > "phone book" and then click "New entry".
- Under "Name" you can assign, for example, "Telnet enabled".
- Enter the "numbers", the number "#96*7" and confirm with "OK".
- Select in the next step, under "telephony" > "calls" > "Click to dial" the Option "Use Click to Dial" choose the default phone book and save with "Apply".
- Click in the phone book now on the number, and confirm all messages with "OK" to enable Telnet.
- You can use "#96*8" to close the telnet session.
- To call the session you use
telnet fritz.box.
With inhouse firmwares the telnet access should be enabled by default. However those versions are alpha material but can be flashed trough the official WebGUI because they are signed.
What you prefer on access, telnet, com, ssh etc is up to you, however telnet is usually one of the easier access methods. On newer FritzOS you might need to do additional steps explained here and here in order to get access to e.g. SSH because telnet is not official supported.
Commands
You can commands for basically every FritzBox here.
- Make sure you do not use any alternative DNS server otherwise you see errors like
Server lookup failure: fritz.box:telnet, Name or service not known. - You might need to enable TR-064 and/permit access from other apps. Otherwise your login access might get rejected, depending on what method you use. If you are finished with everything you can disable it again of course.
To get access we can use Telnet or SSH with Putty, depending on your OS you might need BusyBox and curl, if it is not preinstalled, assuming you want to continue with other mods after this guide.
Using username "root".
root@192.168.0.1's password:
# Optional you can get the TTY via this command
tty is "/dev/pts/0"
Make sure you use ar7login as login, sometimes or some boxes use login as login instead of ar7login. Telnet should automatically uses and prefers ar7login. If for whatever reason the webpassword is used instead of the real login, you need to use the script provided by Alexander Kriegisch.
Install Script
You can change the workdir folder to whatever you want to store the certificate and temp files in to whatever you want.
I suggest /var/tmp for the 7520/7530 models since you need minimum 25 MB free NAS storage. You might need to use /var/tmp/AdGuardHome/cacert.pem /var/tmp/AdGuardHome/AdGuardHome & for those models.
cd /var/media/ftp/workdir
wget -O- https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.8/AdGuardHome_linux_mips_softfloat.tar.gz | gunzip -c | tar x
cd AdGuardHome
wget https://curl.se/ca/cacert.pem
multid -s
SSL_CERT_FILE=/var/media/ftp/workdir/AdGuardHome/cacert.pem
mkdir /var/tmp/AdGuardHome
/var/media/ftp/workdir/AdGuardHome/AdGuardHome -w /var/tmp/AdGuardHome &
sleep 12
multid
It should be noted that newer models using ARMv7 instead of linux_mips_softfloat release. So make sure the download is correct corresponding to your FritzBox model.
For the 7529/7530/7520/4040 models the entire script looks like this, it basically automates the manual steps.
cd /var/tmp
wget -O- https://github.com/AdguardTeam/AdGuardHome/releases/download/v0.107.8/AdGuardHome_linux_armv7.tar.gz | gunzip -c | tar x
cd AdGuardHome
wget https://curl.se/ca/cacert.pem
multid -s
SSL_CERT_FILE=/var/tmp/AdGuardHome/cacert.pem /var/tmp/AdGuardHome/AdGuardHome &
sleep 12
multid
If you want to use an external USB drive, then change the path to the drive. multid basically acts as DNS LAN management daemon, which is why we need to stop and start it in order to make AdGuard Home work.
Calling AdGuard Home Interface
You need to work with the internal IP of your FritzBox. It will look like this <ip der fritzbox>:3000.
Important things to know here are
- You start the Interface from your Browser
- You MUST start multid manually once you are on the AdGuard Home welcome page.
- By default the listening Interface is set to Port 80, we cannot use this port for obvious reasons. So change the port to another one such as 8374 or another - useless - one you never use or need. Once you change the port you call the Interface with
http:// fritz.box:8374/control/statusto check the status, this is only needed an optional in case you use the AdGuard API for monitoring reasons.
After you finished setting up the AdGuard Settings restart AdGuard Home with ./AdGuardHome -s restart.
Upstream DNS Servers under AdGuard Home
Make sure you change the IPs according to your Box internal IP but this example should work by default.
https://dns.digitale-gesellschaft.ch/dns-query
https://dns10.quad9.net/dns-query
tls://dns.digitale-gesellschaft.ch
tls://dns.quad9.net
tls://dns2.digitalcourage.de
tls://dns3.digitalcourage.de
tls://dnsforge.de
tls://dot.ffmuc.net
tls://fdns1.dismail.de
[/fritz.box/]192.168.178.1:53
[/178.168.192.in-addr.arpa/]192.168.178.1
Bootstrap DNS servers under AdGuard Home
I let Quad9 unfiltered in the list in this example because it is by default listed.
9.9.9.10
149.112.112.10
2620:fe::10
2620:fe::fe:10
46.182.19.48
91.239.100.100
89.233.43.71
Potential issue, FritzBox is slow and causes AdGuard Home to not start
If you Box does not come up fast enough e.g. while rebooting and you want to start ADGH to fast then you get problems, so it makes sense to start ADGH only after a short while when the box is fully loaded. Here is a small startup script.
#!/bin/sh
while [ $(cut -d '.' -f1 /proc/uptime) -lt 600 ]; do
sleep 60
done
multid -s
/var/media/ftp/freetz/bin/AdGuardHome -w /var/media/ftp/uStor01/FREETZ/AdGuardHome &
sleep 15
multid
The script will start AdGuard Home after 10 minutes, which gives your box more than enough time to do the his voodoo magic to work.
Assuming you use Freetz as firmware image you can add this directly into nohup /var/media/ftp/freetz/scripts/ADGH_start.sh >/dev/null 2>&1 &
Working with dnsmasq as adblocker
An alternative is to work with dnsmasq which is basically supported on every Linux based system - that comes with dnsmasq - of course.
Create a cron to daily execute the task at 06:10.
10 6 * * */1 /var/media/ftp/workdir/./adblock.sh
Add content and filter-lsits into your adblocking script
wget -q https://github.com/notracking/hosts-blocklists/raw/master/dnsmasq/dnsmasq.blacklist.txt -O /tmp/dnsmasq.blacklist.txt && mv /tmp/dnsmasq.blacklist.txt /var/media/ftp/Documents/dnsmasq.blacklist.txt
fgrep -vf /var/media/ftp/workdir/whitelist.txt /var/media/ftp/workdir/dnsmasq.blacklist.txt > /var/media/ftp/workdir/dnsmasq.blacklist_new.txt
sh -x /etc/init.d/rc.dnsmasq restart
This is theory would work with alternative images such as Freetz and a simple alternative - not a replacement - for AdGuard Home.
Drawbacks
- You cannot see via AdGuard GUI what your Clients do because this is controlled via FritzBox directly
- You cannot block your own URLs. This might be fixed in further updates.
- You cannot enable additional filters such as AdAway.
- Blocking services such as Facebook trough the AdGuard service blocking menu might not work because external clients use DHCP.
- Client based settings are not possible, if you restrict your clients via FritzBox Kindersicherung you cannot give them their own AdGuard profiles. It is all or nothing.
- Higher CPU usage and potential slower response times compared to external DNS that includes some filtering.
Closing words
In the future maybe Freetz NG gets adblocking features which makes AdGuard Home obsolete to install since you then have an all-in-one-package for the firmware and AdBlocking within the GUI. In the meantime you need to work with dnsmasq.
However, I suggest not to install Freetz or Freetz NG until your official firmware support officially ended, because the normal Fritz OS works just fine and modifications can often be more time intense and problematic.
Pictures maybe added in the future.