Implementing router level ad-blocking. My options?

banie01

Hi folks,

I'm currently looking to add router level ad-blocking to just escape even a small portion of the shite. My phone runs ad-away (root) and the difference when I use other devices is stark.

My current home network set up is via an Asus RT-AX88 and it gives me quite a bit of flexibility with DNS routing and block lists. There is also the option to use Diversion script on the router.

https://diversion.ch/

On top of that, I also have a lifetime Windscribe sub which includes it's Ad-blocking ROBERT service and can do that at DNS level too.

https://windscribe.com/features/ad-blocking

Last but by no means least! My wife has got me a Home Assistant Green and aswell as running our smart home setup, it can also run Pi-hole

https://www.home-assistant.io/green/

So, my quandary is this. Which of the options will offer the best user experience? More importantly, which service will allow the no-tech sense muggles in my house the simplest user experience?

If the family hit a speed bump on a website that requires ads to run, which offers them the easiest way to whitelist it without bothering me?

phelixoflaherty

Raspberry pi. Pi hole

Who is your ISP?

I run adguard home (not materially different to pihole) as a Docker image on an always -on micro server at home.

In order to get clients to utilise it I need to manually set their DNS settings to point to the IP address of the image. This is not overly easy to manage as generally clients will all need static ips too.

(Am currently with virgin and am using their router in router mode which means it handles the DHCP server too. If I switched it to modem mode only I could enable the DHCP service in adguard home to avoid the DNS / static IP conf but I don't want to be responsible if/when I accidentally switch off the home server or it has any issues and literally nothing works in the house).

Am considering buying a fanless n100 dual nic appliance from AliExpress to run both opnsense AND adguard home on. Dedicated hardware instead of an image on my homelab.

I don't want to (through ignorance) switch to modem only mode on the isp router without having an appropriate firewall between that connection and my home network.

banie01

https://www.boards.ie/discussion/comment/121478489#Comment_121478489

I'm with Pure at the moment, on FTTH and as someone who was with Virgin until fibre rolled out in my area. I think it's safe to say if/when you can get shot of them and have comparable speeds. You will never look back. The hassle of bridge mode gone forever.

I have been reading up more on Diversion over on SNB forum and it looks like it could very well be a decent solution that suits what I already have.

Granted I do have a Home Assistant Green in the house, but! The Mrs is adamant I can't have it until Xmas 😉

My Asus router is already running AsusWRT-Merlin and I may aswell try and utilise it for more than radio tweaks.

I appreciate all the input and may yet resort to running an instance of Pi-hole, or if there's any other suggestions?

Fire away.

Would you not just install adguard home as an add on within homeassistant?

https://community.home-assistant.io/t/home-assistant-community-add-on-adguard-home/90684

Although I guess the actual router-install of diversion does remove the static / dhcp issues above

banie01

https://www.boards.ie/discussion/comment/121480825#Comment_121480825

My thinking is the same regarding a router install. It makes DNs DDNS and DHCP far simpler. There is the trade off there tho that I will end up being the only person in the house who can whitelist or manage it.

Can you switch off DHCP on your router? If so, you simply need to create an adguard instance 'somewhere' on your network that presents as the single DHCP server.

My problem right now is that if I switch DHCP off on my router, (enter modem mode with the VM SuperHub) it also drops the firewall I believe.

You don't need the dhcp server to physically be on your router in that circumstance. You could spin adguard home up and configure it to do both DNS and DHCP.

[ make sure you only have a single DHCP server running on your network at any time!! ]

banie01

https://www.boards.ie/discussion/comment/121483388#Comment_121483388

I spent a little bit of time this morning poking around inside my Router. I've used AsusWRT-Merlin for years, originally because it used to allow you to tweak radio TX output. That ended years ago when Merlin became a defacto official Asus FW. So I'm ashamed to say that in the interim, whilst I always flashed AsusWRT, I paid little heed to the new developments in scripts, tools and cronjobs.

Regarding what can be added to an Asus router with a USB key. AdGuard home is an option, aswell as Diversion and a couple of other router level adblockers. The catalogue of software available for install on AsusWRT routers is available over on SNB and using the amtm script makes management of installs very straight forward.

https://www.snbforums.com/threads/asuswrt-merlin-addon-software-catalog.82059/

I've installed amtm, then via that script manager, installed diversion and diversion UI, and set it up to use Steven Black's list and will spend some time logging the DNS requests to see what needs to be added or deleted.

Long story short, if you have an Asus router, the level of granular control and pihole level functionality already available via using the merlin firmware could well save one buying a raspberry for Pihole.