Introduction
Letâs face it; online ads can be a major buzzkill. They clutter your favorite websites, slow down your page loads, and worst of all, theyâre just plain annoying.
But what if I told you that you could erase ads on the go? Thatâs right, no more pesky ads on your phone, tablet, or laptop. All you need is a Raspberry Pi (or any device in your homelab), AdGuard Home, and Tailscale.
In this blog, Iâll show you how to set up AdGuard Home and Tailscale to block ads on your phone, tablet, and laptop. Itâs a technical adventure thatâs worth every click.
AdGuard Home: Your Ad-Blocking Sentry
Before we dive into the technical wizardry of AdGuard Home, letâs start with the basics. AdGuard Home is a network-wide ad and tracker blocker. It operates at the DNS level, which means it intercepts and filters out those pesky ads before they even reach your device. Think of it as your personal guard, fending off ads and trackers like a digital knight in shining armor.
But whatâs even cooler is that AdGuard Home is not limited to just one device; it can cover your entire network. That means every device connected to your home network, from your laptop to your smartphone, can enjoy ad-free browsing.
I have a detailed guide explaining in much more detail and how I set it up for my homelab, you can read more about it at AdGuard Home â Network Wide Ad Blocking in your Homelab.
For quickstart, we can use the below command to install AdGuard Home on our Raspberry Pi.
curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -vOnce youâve installed AdGuard Home, you can access the web interface by visiting http://<ip-address>:3000 in your browser. Youâll be greeted with a setup wizard that will guide you through the process of setting up AdGuard Home.
Tailscale: The Magic of Secure Networking
Next on our list is Tailscale âď¸. Itâs a fantastic tool that creates secure, private networks with ease. Whether youâre at home, in a coffee shop, or halfway across the world, Tailscale keeps your devices connected as if they were on the same local network.
Tailscale is a great fit for our ad-blocking adventure because it allows you to access your AdGuard Home instance securely from anywhere. This means you can block ads even when youâre away from your home network. Pretty cool, right?
To get started, create a Tailscale account âď¸ and weâll install Tailscale on our devices.
Setting Up Tailscale
In my setup, I am using a Raspberry Pi Zero 2W which is running 64 bit debian in headless mode. I have also installed AdGuard Home on the same Raspberry Pi.
So I am following the linux installation setup for Tailscale. To do this, weâll use the following command:
curl -fsSL https://tailscale.com/install.sh | shOnce Tailscale is installed, weâll need to authenticate our Raspberry Pi with Tailscale. To do this, weâll use the following command:
sudo tailscale up --accept-dns=falseDonât forget to add the
--accept-dns=falseflag. This will ensure that Tailscale doesnât interfere with AdGuard Homeâs DNS server.
Next, weâll install tailscale on client devices. You can install the Android âď¸ or iOS âď¸ app. For desktop, you can download the macOS âď¸ or Windows âď¸ client.
Once youâve installed Tailscale on your client devices, youâll need to authenticate them with Tailscale. To do this, youâll need to log in to your Tailscale account and authorize your devices.
Connecting to AdGuard Home
Now that weâve installed Tailscale on our devices, we can connect to our AdGuard Home instance. For this we will edit the DNS settings for our Tailscale network.
Head to the DNS tab âď¸ and edit the âGlobal Nameserversâ option under âNameserversâ and add the IP address of your AdGuard Home instance.
You can find the IP address of your AdGuard Home instance by running the following command:
tailscale ipPick the 100.x.x.x IP address and add it to the âGlobal Nameserversâ option.
Once youâve added the IP address of your AdGuard Home instance, you can save your changes and youâre all set!
Now when you are connected to your Tailscale network, youâll be able to access your AdGuard Home instance. This means you can block ads even when youâre away from your home network.
Enjoying the content? Support my work! đ
Your support helps me create more high-quality technical content. Check out my support page to find various ways to contribute, including affiliate links for services I personally use and recommend.
Getting DNS Rewrites to Work
With Multiple DNS entries (Old Approach)
One thing that you might notice if you are using AdGuard Home with Tailscale is that DNS rewrites donât work out of the box if you have the mappings set to your local internal IP address.
For example I maintain 3 servers in my homelab at the moment and they have mapping like this
| Domain | Answer |
|---|---|
| sukuna.local | 192.168.0.110 |
| suguru.local | 192.168.0.111 |
| satoru.local | 192.168.0.112 |
In this the suguru.local server is the one running AdGuard Home.
Now if want to access these servers from my laptop, I can simply type suguru.local in my browser and it will take me to the server. But if I am connected to Tailscale, this wonât work.
To fix this, we need to add the rewrites from the tailscale assigned IP addresses to the DNS mappings as well.
Consider your tailscale IP address of the AdGuard Home server is 100.100.100.100 then you need to add the following mappings as well.
| Domain | Answer |
|---|---|
| sukuna.local | 192.168.0.110 |
| suguru.local | 192.168.0.111 |
| satoru.local | 192.168.0.112 |
| suguru.local | 100.100.100.100 |
This will ensure that you can access the server from both the internal network and the tailscale network.
Note
Since the same domain is not pointing to multiple IP addresses (local and tailscale) at the same time, you wonât run into any issues. This is because the DNS server will always return the first answer it finds for a domain.
So if you are on the local network, it will return the local IP address and if you are on the tailscale network, it will return the tailscale IP address.
However, it will perform that in round robin fashion, so you might see delayed responses when you are on the tailscale network.
Earlier I tried out a solution which worked in getting DNS rewrites to work with multiple DNS entries. However, I found the latency issue to be quite pain and it was also not full proof since it relied on DNS load balancing with round robin.
So I have been looking for a better solution and I think I have found one. Letâs understand that and how you can setup DNS rewrites to work with Tailscale.
Setup AdGuard Home Instance to Advertise Routes
If you followed along, you know we used the --accept-dns=false flag when we authenticated our Raspberry Pi with Tailscale to start it up.
Now along with that we are going to use the --advertise-routes flag.
Quick Note for Linux Users
For Linux users, before typing the tailscale command, you need to enable IP forwarding. We will add these following line in /etc/sysctl.d/99-tailscale.conf file.
Open the file in your preferred editor and add the following lines.
net.ipv4.ip_forward = 1net.ipv6.conf.all.forwarding = 1After this you need to reload the sysctl settings.
sudo sysctl -p /etc/sysctl.d/99-tailscale.confOnce the above configuration is done (in case you are using linux), you can start up the tailscale instance with the following command.
sudo tailscale up --accept-dns=false --advertise-routes=192.168.x.x/24Replace
192.168.x.x/24with your local network CIDR. For example, for my network I am using192.168.0.0/24.If you have multiple subnets then you can add them as comma separated values.
I would highly suggest to read more about subnets in the official documentation âď¸ to understand how it works since I wonât be covering that in this blog.
Once you have advertised the routes, you have to go to the Tailscale admin panel and edit the settings for the device which is running AdGuard Home.
Click on the Edit route settings button and then you can allow this device to advertise routes that you mentioned above.
Now with the instance advertising routes, and with the DNS settings configured as mentioned above in the Tailscale DNS settings, we can now access the AdGuard Home instance from the tailscale network.
Testing DNS Rewrites
If you are using any non linux client, you can simply test this by enabling tailscale network and try accessing some service using your local DNS mappings.
For example I connected my Android device with the tailscale network and tried accessing adguard.suguru.local and it worked. đ
Thatâs it, we have solved this problem in a much better and cleaner way. Did this work for you? Or did you face any issues? Let me know by reaching out to me on any of my social handles.
Conclusion
Thanks to AdGuard Home and Tailscale, you can say goodbye to annoying ads no matter where you are. Itâs a powerful combo that not only keeps your home network ad-free but extends that bliss to your devices on the move.
It was good learning experience for me as well while trying to find a solution for this. I hope you enjoyed this blog and found it helpful. If you have any questions or comments, please feel free to reach out to me on Twitter âď¸. Iâd love to hear from you!
Until next time, happy hacking!