Installing AdGuard home on NAT VPS

Installing AdGuard home on NAT VPS

Here is a simple guide to set up Adguard Home on a NAT VPS.

What is AdGuard Home?

AdGuard Home is a network-wide ad-and-tracker blocking DNS server. Its purpose is to let you control your entire network and all your devices, and it does not require using a client-side program.

At the same, AdGuard Home features a web interface to easily manage the filtering process.

We have a NAT VPS (with shared ipv4), we will see how to setup AdGuard home + Wireguard VPN, filtering all traffic from wireguard through your own AdGuard Home DNS Server.

We have a 256MB NAT VPS. Public IPv4 is 158.51.113.104 and assigned ports are 14001-14020.

A fresh Ubuntu 20 install is used.

STEP 1: Add a Domain/Subdomain

Use the 'Domain Forwarding' option in control panel to forward http.
domain-forwarding
You can use any domain / subdomain. Follow the instructions on screen & add proper A records at your DNS provider pointing to your assigned IP.

STEP 2: Enable Tun, PPP, Fuse and NFS

You can skip this step if you're using a KVM NAT VPS.
a. Go to Settings > VPS Configuration > enable Tun, PPP, Fuse, and NFS.
b. Press Submit.
adguard-nat

Restart the VPS using control panel for changes to take effect.

STEP 3: Installing and configuring AdGuard Home using Snap Store

SSH into your NAT VPS using assigned IPv6 or shared IPv4 address.

a. Make sure you don't have any application using port 80 as this will be used for wireguard.

apt remove apache2 -y

b. Get Update:

sudo apt update -y

c. Install snap, fuse and nano.

sudo apt install snapd nano fuse -y

d. Install AdGuard Home

sudo snap install adguard-home -y

e. AdGuard Home is installed now.
adguard-installed

f. Configure AdGuard web UI. (requires one time IPv6 access)
Port 3000 is used to install the web UI the first time.
Make sure you have IPv6 connectivity for this step.

Go to [AssignedIPv6]:3000 in your web browser, where Assigned_IPv6 is the IPv6 address assigned to your NAT VPS.
webui-setup

Follow the steps to set Admin Web Listening Interface and DNS server Listening Interface to your Internal IP, in our case this is venet0 ; click next
listening-interface

done-1

Set your webui access username and password click next till Open Dashboard option appears. Remember username and password this will be used in last step.

STEP 4: Set nameserver to AdGuard Home

Modify /etc/resolv.conf using your favourite editor to set nameserver to your Internal IP. We will use 10.37.138.140

nano /etc/resolv.conf

remove other entries and save the file.

resolv

STEP 5: Install Wireguard server.

We will be installing Wireguard using Nyr's script.

wget https://git.io/wireguard -O wireguard-install.sh && bash wireguard-install.sh

Follow the instructions on screen, set proper port as per your assigned port range.
Set DNS to Current system resolvers when asked.
Others can be left to default options.
dns

Wireguard configuration will be saved. Scan the generated QR code using wireguard client.
Additional clients can be added using using

./wireguard-install.sh

That's it! Your own personal AdGuard Home + Wireguard VPN Server is ready

When connected to the VPN, all traffic is filtered using AdGuard Home server.

Add as many clients you need.

Block custom Ads & websites using AdGuard WebUI accessible from your Domain / Sub-domain (see STEP-1)

This article was made using WebHorizon NAT VPS - starting $7 per year.

Please consult your provider for exact steps.