[Help Wanted] AdGuardHome and VPN

[eoopx]

How to use any popular VPN with local hosted AdGuardHome?

I get windows device as example, we can set custom DNS service similar google, quad9 on VPN adapter and no issue occur. When set local address (eg: AGH local address) even VPN client connected but web browsing or similar activities not possible.

That may be issue due use local addresses. Any easy solution?

[eoopx]

Ignored?

[ameshkov]

Sorry, I missed the question.

When set local address (eg: AGH local address) even VPN client connected but web browsing or similar activities not possible.

What exact local address do you set?

As I understand, here's should be done:

1. AGH should listen to 0.0.0.0
2. You should specify the IP address of your VPN interface

[eoopx]

Let me explain about my setup as exactly has.

---

• I have separate windows device running AdGuard Home (eg: 192.168.8.105)
• Another laptop(windows) 192.168.8.104
  (Built-in Wi-Fi adapter configured to use 192.168.8.105 as primary DNS)

No issues at all.

---

• That laptop has VPN software installed (ProtonVPN) and works well.
• I also tested custom DNS providers by configuring TAP VPN adapter
  (eg: 8.8.8.8 - Google, 176.103.130.130 - AdGuard as primary DNS)

Still no issues at all.

---

• Then i set my AdGuard Home address '192.168.8.105' as TAP VPN adapter primary DNS

Just VPN software(client) connect without issue but web browsing etc not possible

---

You can reproduce this too.

[eoopx]

Even test this by installing AdGuard Home software on same device that runs VPN client but still same issue
(so TAP VPN adapter configuration 127.0.0.1 or that device own IP 192.168.8.104)

[ameshkov]

Ah, so it's a third-party VPN. Well, the problem is that it will route your DNS traffic through the VPN tunnel, and it simply won't reach AdGuard Home instance which is located in your local network. You need AdGuard Home to have a public static IP for that to work.

[eoopx]

You need AdGuard Home to have a public static IP for that to work.

I dont think to do it but no tricks (or act as) or using any third party tools?

[ameshkov]

Not that I know of, maybe someone else can advise something?

[gontazaka]

@eoopx
Can you solve with "Settings" > "Advanced" > "Split Tunneling"> "EXCLUDED IP" setting?
https://protonvpn.com/support/protonvpn-split-tunneling/

Because I never used ProtonVPN, do not have more information about this app.

[eoopx]

@eoopx
Can you solve with "Settings" > "Advanced" > "Split Tunneling"> "EXCLUDED IP" setting?
https://protonvpn.com/support/protonvpn-split-tunneling/

Because I never used ProtonVPN, do not have more information about this app.

No. i want to log DNS queries also block together. I mean about any VPN service so this's not an expected solution for me :(

[eoopx]

@ameshkov Isn't it possible to enhance AGH to capture all adapters traffic? (I mean AGH installed device) so this issue simply able to solve. Furthermore, i think it might good monitor all network adapters on AGH server installed device.
(In this cause, i can run seperate AGH instance on thrdparty VPN client running device)

Below all tools help me for that,
https://www.nirsoft.net/utils/network_traffic_view.html (raw socket or nPcap)
https://nmap.org/npcap/
https://www.nirsoft.net/utils/dns_query_sniffer.html (AGH does the similar)

https://www.beethink.com/BeeGuardian/IPBlocker/IPBlocker.htm
(this tool might be similar AGH when has #391)

[ameshkov]

Isn't it possible to enhance AGH to capture all adapters traffic?

This is kinda out of scope for AGH. It is supposed to be server software, not client software.

[eoopx]

Isn't it possible to enhance AGH to capture all adapters traffic?

This is kinda out of scope for AGH. It is supposed to be server software, not client software.

If so i dont know any solution. or enhance any unique interaction with upcoming desktop, mobile vpn apps

[ameshkov]

@eoopx there are no specific plans for that yet, but we're thinking about providing some kind of integration between AdGuard Home and AdGuard VPN later.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[liushapku]

Ah, so it's a third-party VPN. Well, the problem is that it will route your DNS traffic through the VPN tunnel, and it simply won't reach AdGuard Home instance which is located in your local network. You need AdGuard Home to have a public static IP for that to work.

May I know why the original setup does not work?

I have a similar setup and could not make it work. It seems that the devices in the VPN subnet could not get a response from the VPN server (I mean the port), although it could reach the server machine (I mean the ip).

If the DNS traffic enters the VPN tunnel, it should be able to arrive at the LAN ip address, right? And that VPN server is bound to 0.0.0.0, should not it be able handle request from the VPN subnet?