Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ad Guard with pfSense

    Scheduled Pinned Locked Moved General pfSense Questions
    16 Posts 5 Posters 10.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      Zululander @SteveITS
      last edited by

      @steveits, @Gblenn & @Cylosoft Thanks for that. I think I am nearly there.

      My router IP is 192.168.1.1 and it has the following DNS servers:

      • 9.9.9.10
      • 149.112.112.10

      pFsense has IP 192.168.1.5 and Adguard 192.168.10.15

      AD Guard settings:
      Upstream servers

      • [/home.local/]192.168.1.5
      • [/in-addr.arpa/]192.168.1.5
      • [//]192.168.1.5
      • https://security.cloudflare-dns.com/dns-query
      • https://dns.quad9.net/dns-query

      Parallel requests
      ff322945-6f32-4191-af8d-cf86d822cdaf-image.png

      ("And have Adguard use DNS over HTTPS", I will set this up later once I have sorted out everything else)

      pFsense settings
      f77ffcdb-538e-45bc-9c8d-39d14b3a0fd5-image.png

      035fe814-153c-4b3c-a100-4a03432a1cf9-image.png

      e938bac9-887c-418e-ab21-f8a7fd58c16b-image.png

      Adgaurd is now reporting more stats and blocking some adult sites, but not all i.e. it blocks www.peachesandcream.co.nz but not https://www.porn.com/

      Also it still only lists one client i.e. 192.168.0.0

      Also I had a host override (see below) which I can no longer browse to i.e. now need use the IP.

      b5fe332e-338a-4f42-b95b-e6aee3d009fc-image.png

      I am obviously still not understanding something :)

      P 1 Reply Last reply Reply Quote 0
      • P
        Patch @Zululander
        last edited by Patch

        @zululander said in Ad Guard with pfSense:

        My router IP is 192.168.1.1 and it has the following DNS servers:

        9.9.9.10
        149.112.112.10

        pFsense has IP 192.168.1.5 and Adguard 192.168.10.15

        You are making life harder than it needs to be.
        Clients on your network need to only see only he one DNS, which does your DNS filtering (Adguard). If your clients use any other DNS your filtering will not work reliably. Currently they can used

        • Adguard 192.168.10.15
        • pfsense 192.168.1.5
        • your router 192.168.1.1
        • internet DNS

        Imo I suggest

        • Put your ISP router in bridge mode and use pfsense as a router.
        • Connect all Lan & wifi defices to pfsense (not the ISP router)
        • in pfsense block DNS accesses except from Adguard 192.168.10.15
        • in pfsense DHCP set clients to used Adguard 192.168.10.15 for DNS
        • in pfsense leave DNS resolver with the default configure so it access appropriate internet sources
        Z 2 Replies Last reply Reply Quote 0
        • Z
          Zululander @Patch
          last edited by

          This post is deleted!
          1 Reply Last reply Reply Quote 0
          • Z
            Zululander @Patch
            last edited by Zululander

            @patch Thanks for this.

            • pFsense is using 192.168.10.15 (adguard) for DNS
            • pfsense DHCP setis clients to Adguard for DNS
            • I am forcing all DNS requests to go via Adguard using: https://docs.netgate.com/pfsense/en/latest/recipes/dns-redirect.html
            • I have left the DNS reolver with the default option.

            Relavent sites are now blocked although I am still only seeing one client (192.168.0.0) listed on the ADGuard dashboard.

            I am not to sure about setting up pFsense as the router. My ASUS-AC58U allows me to change operation mode from Router to AP mode. I am guessing I start with that.
            dafb661d-cae0-43c4-ad5e-c890b6d3929f-image.png

            Currently my router is set to WAN connection type: Automatic IP. Looking at pFsense I have the following options

            fcd4c186-1244-4651-8278-14a5acfd1998-image.png
            Looking at these options I cannot see where to set the following options required by my ISP:

            • WAN Connection Type: DHCP (Automatic IP/Dynamic IP/IP over Ethernet)
            • list item802.1Q: Enabled
            • list itemVLAN ID (802.1Q): 10
            • list item802.1P (Priority): 0
            • IP Version: IPv4 or IPv6
            • MTU Size: 1492 or 1500 (I can find this one)
            • NAT: Enabled
            P S 2 Replies Last reply Reply Quote 0
            • P
              Patch @Zululander
              last edited by Patch

              @zululander said in Ad Guard with pfSense:

              I am not to sure about setting up pFsense as the router. My ASUS-AC58U

              If you have a ADSL/VDSL wan connection you will need a modem to connect to your ISP.

              If you put your all in one router in bridge mode it will become just a modem and can be used for that purpose. (note you also loose access to most other function in your all in one router such as wifi). Your ISP wan parameters are then entered into pfsense Wan settings.

              If you put an all in one router in AP mode you can connect it to the LAN side of pfsense and wifi connected devices can be managed by pfsense like all other Lan devices. Note putting your all in one router in AP mode means it no longer needs nor has a wan interface settings

              Note the simplified configuration I'm recomending requires your modem is a different hardware device to your wifi AP

              Z 1 Reply Last reply Reply Quote 1
              • Z
                Zululander @Patch
                last edited by Zululander

                @patch I have fibre that comes to the ONT and then goes to the ASUS router. Can I plug the ONT directly into the pFsense WAN? If so, then I am battling to find where to put the settings the ISP gave to me.

                If not, what modem (make/model) do you recommend for a home lab?

                P 1 Reply Last reply Reply Quote 0
                • P
                  Patch @Zululander
                  last edited by Patch

                  @zululander said in Ad Guard with pfSense:

                  I have fibre that comes to the ONT and then goes to the ASUS router. Can I plug the ONT directly into the pFsense WAN?

                  Yes
                  How to do so will depend on:

                  • How many NIC does your computer running pfsense have? At least 2 makes things easiest.
                  • If only 1 do you will need to use Vlan and pfsense on a stick configuration. Do have a programmable switch (at least level 2)?

                  When you have at least 2 interfaces to pfsense, one will be Wan the other Lan. The ISP setting are entered via
                  Pfsense -> Interfaces -> Wan -> (See the Manual)

                  Your ASUS router can then be put in AP mode, connected to the pfsense Lan and used for wifi access.

                  Z 1 Reply Last reply Reply Quote 1
                  • S
                    SteveITS Galactic Empire @Zululander
                    last edited by

                    @zululander re: using a VLAN for WAN, I see posts here every few months. I’d search for your ISP and/or VLAN on WAN.

                    Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                    When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                    Upvote 👍 helpful posts!

                    1 Reply Last reply Reply Quote 0
                    • Z
                      Zululander @Patch
                      last edited by Zululander

                      @patch I have 3 nics i.e. WAN, LAN & OPT1.

                      I can only see MTU on the WAN interface and not the rest of

                      • WAN Connection Type: DHCP (Automatic IP/Dynamic IP/IP over Ethernet)
                      • list item802.1Q: Enabled
                      • list itemVLAN ID (802.1Q): 10
                      • list item802.1P (Priority): 0
                      • IP Version: IPv4 or IPv6
                      • NAT: Enabled

                      Can't see the above in the documents

                      14e268f2-cd44-4d84-97e3-c312cb8a8aee-image.png

                      Sorry for being a little slow with all of this.

                      Yes I do have a level 2 switch. VLAN 1 is for 192.168.1.0 (WAN)and VLAN10 for 192.168.10.0 (LAN). Lics are patched accordingly.

                      S 1 Reply Last reply Reply Quote 0
                      • S
                        SteveITS Galactic Empire @Zululander
                        last edited by

                        @zululander you’ll have to create it as a new interface
                        https://docs.netgate.com/pfsense/en/latest/vlan/configuration.html#web-interface-vlan-configuration

                        Then use that instead of WAN. I haven’t done that myself…see if you can find a thread for your ISP. Might be better to start another thread too, so people find it by title.

                        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                        Upvote 👍 helpful posts!

                        1 Reply Last reply Reply Quote 0
                        • L lightingman117 referenced this topic on
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.