AdguardTeam / AdGuardHome

Network-wide ads & trackers blocking DNS server
https://adguard.com/adguard-home/overview.html
GNU General Public License v3.0
25.79k stars 1.85k forks source link

DNS over TLS not working on ARM #5047

Closed bruvv closed 2 years ago

bruvv commented 2 years ago

Prerequisites

Operating system type

Linux, Other (please mention the version in the description)

CPU architecture

ARMv7

Installation

Docker

Setup

On one machine

AdGuard Home version

v0.107.16

Description

What did you do?

Running on Oracle Cloud Free instance with Docker, everything is working fine apart from DNS over TLS. DNS over HTTPS is working fine but for some reason I cannot use private dns on android (DNS over TLS)

Expected result

Use Private DNS on android

Actual result

It is unable to connect to adguard Android.

Screenshots (if applicable)

n.a.p.

Additional information

I am also running it on a X64 machine and that is working fine. Made this using terraform and ansible. The engress rules is set to allow all and ingress rules is set to the specific ports that are found on: https://hub.docker.com/r/adguard/adguardhome

Ansible: https://github.com/bruvv/ansible-adguard-unbound

Terraform: https://github.com/bruvv/terraform-adguard-oracle-cloud-free

Current log:

2022/10/19 00:15:17.578516 [info] AdGuard Home, version v0.107.16
2022/10/19 00:15:17.581685 [error] creating dhcpv4 srv: dhcpv4: <nil> is not an IP address
2022/10/19 00:15:17.586581 [info] Initializing auth module: /opt/adguardhome/work/data/sessions.db
2022/10/19 00:15:17.586692 [info] auth: initialized.  users:1  sessions:1
2022/10/19 00:15:17.586835 [info] number of certs - 3
2022/10/19 00:15:17.586841 [info] got an intermediate cert
2022/10/19 00:15:17.586857 [info] got an intermediate cert
2022/10/19 00:15:17.599048 [info] web: initializing
2022/10/19 00:15:17.726622 [info] DNS cache is enabled
2022/10/19 00:15:17.726651 [info] MaxGoroutines is set to 50
2022/10/19 00:15:17.726657 [info] Fastest IP is enabled
2022/10/19 00:15:17.727189 [info] AdGuard Home is available at the following addresses:
2022/10/19 00:15:17.727283 [info] Go to https://publicurl.here.nl:443
2022/10/19 00:15:17.727415 [info] Go to http://127.0.0.1:8080
2022/10/19 00:15:17.727423 [info] Go to http://[::1]:8080
2022/10/19 00:15:17.727426 [info] Go to http://10.1.20.41:8080
2022/10/19 00:15:17.727429 [info] Go to http://172.17.0.1:8080
2022/10/19 00:15:17.727432 [info] Go to http://172.19.0.1:8080
2022/10/19 00:15:20.091369 [info] Starting the DNS proxy server
2022/10/19 00:15:20.091405 [info] Cache TTL override is enabled. Min=3600, Max=172800
2022/10/19 00:15:20.091409 [info] Ratelimit is enabled and set to 5 rps
2022/10/19 00:15:20.091412 [info] The server is configured to refuse ANY requests
2022/10/19 00:15:20.091415 [info] DNS cache is enabled
2022/10/19 00:15:20.091422 [info] MaxGoroutines is set to 50
2022/10/19 00:15:20.091427 [info] Fastest IP is enabled
2022/10/19 00:15:20.091437 [info] Creating the UDP server socket
2022/10/19 00:15:20.091516 [info] Listening to udp://[::]:53
2022/10/19 00:15:20.091522 [info] Creating a TCP server socket
2022/10/19 00:15:20.091545 [info] Listening to tcp://[::]:53
2022/10/19 00:15:20.091548 [info] Creating a TLS server socket
2022/10/19 00:15:20.091561 [info] Listening to tls://[::]:853
2022/10/19 00:15:20.091566 [info] Creating a QUIC listener
2022/10/19 00:15:20.091714 [info] Listening to quic://[::]:784
2022/10/19 00:15:20.091774 [info] Entering the UDP listener loop on [::]:53
2022/10/19 00:15:20.091802 [info] Entering the tcp listener loop on [::]:53
2022/10/19 00:15:20.091815 [info] Entering the tls listener loop on [::]:853
2022/10/19 00:15:20.091788 [info] Entering the DNS-over-QUIC listener loop on [::]:784
Bitcion commented 2 years ago

check data and certificate

bruvv commented 2 years ago

@Bitcion can you be a bit more specific on what to check?

ainar-g commented 2 years ago

This functionality is pretty much platform-agnostic.

Have you checked that your certificate is valid and that it contains the IP addresses of your AGH? Android devices are very strict when it comes to DoT.

bruvv commented 2 years ago

This was due to a certificate error in my let's encrypt cert. Fixed by switching to zerossl.