AdGuard Home + Tailscale = Erase Ads on the Go

📆 · ⏳ 8 min read · ·

Introduction

Let’s face it; online ads can be a major buzzkill. They clutter your favorite websites, slow down your page loads, and worst of all, they’re just plain annoying.

But what if I told you that you could erase ads on the go? That’s right, no more pesky ads on your phone, tablet, or laptop. All you need is a Raspberry Pi (or any device in your homelab), AdGuard Home, and Tailscale.

In this blog, I’ll show you how to set up AdGuard Home and Tailscale to block ads on your phone, tablet, and laptop. It’s a technical adventure that’s worth every click.

AdGuard Home: Your Ad-Blocking Sentry

Before we dive into the technical wizardry of AdGuard Home, let’s start with the basics. AdGuard Home is a network-wide ad and tracker blocker. It operates at the DNS level, which means it intercepts and filters out those pesky ads before they even reach your device. Think of it as your personal guard, fending off ads and trackers like a digital knight in shining armor.

But what’s even cooler is that AdGuard Home is not limited to just one device; it can cover your entire network. That means every device connected to your home network, from your laptop to your smartphone, can enjoy ad-free browsing.

I have a detailed guide explaining in much more detail and how I set it up for my homelab, you can read more about it at AdGuard Home — Network Wide Ad Blocking in your Homelab.

For quickstart, we can use the below command to install AdGuard Home on our Raspberry Pi.

Terminal window
curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v

Once you’ve installed AdGuard Home, you can access the web interface by visiting http://<ip-address>:3000 in your browser. You’ll be greeted with a setup wizard that will guide you through the process of setting up AdGuard Home.

Tailscale: The Magic of Secure Networking

Next on our list is Tailscale ↗️. It’s a fantastic tool that creates secure, private networks with ease. Whether you’re at home, in a coffee shop, or halfway across the world, Tailscale keeps your devices connected as if they were on the same local network.

Tailscale is a great fit for our ad-blocking adventure because it allows you to access your AdGuard Home instance securely from anywhere. This means you can block ads even when you’re away from your home network. Pretty cool, right?

To get started, create a Tailscale account ↗️ and we’ll install Tailscale on our devices.

Setting Up Tailscale

In my setup, I am using a Raspberry Pi Zero 2W which is running 64 bit debian in headless mode. I have also installed AdGuard Home on the same Raspberry Pi.

So I am following the linux installation setup for Tailscale. To do this, we’ll use the following command:

Terminal window
curl -fsSL https://tailscale.com/install.sh | sh

Once Tailscale is installed, we’ll need to authenticate our Raspberry Pi with Tailscale. To do this, we’ll use the following command:

Terminal window
sudo tailscale up --accept-dns=false

Don’t forget to add the --accept-dns=false flag. This will ensure that Tailscale doesn’t interfere with AdGuard Home’s DNS server.

Next, we’ll install tailscale on client devices. You can install the Android ↗️ or iOS ↗️ app. For desktop, you can download the macOS ↗️ or Windows ↗️ client.

Once you’ve installed Tailscale on your client devices, you’ll need to authenticate them with Tailscale. To do this, you’ll need to log in to your Tailscale account and authorize your devices.

Connecting to AdGuard Home

Now that we’ve installed Tailscale on our devices, we can connect to our AdGuard Home instance. For this we will edit the DNS settings for our Tailscale network.

Head to the DNS tab ↗️ and edit the “Global Nameservers” option under “Nameservers” and add the IP address of your AdGuard Home instance.

You can find the IP address of your AdGuard Home instance by running the following command:

Terminal window
tailscale ip

Pick the 100.x.x.x IP address and add it to the “Global Nameservers” option.

DNS settings for Tailscale
DNS settings for Tailscale

Once you’ve added the IP address of your AdGuard Home instance, you can save your changes and you’re all set!

Now when you are connected to your Tailscale network, you’ll be able to access your AdGuard Home instance. This means you can block ads even when you’re away from your home network.

Getting DNS Rewrites to Work

With Multiple DNS entries (Old Approach) One thing that you might notice if you are using AdGuard Home with Tailscale is that DNS rewrites don’t work out of the box if you have the mappings set to your local internal IP address.

For example I maintain 3 servers in my homelab at the moment and they have mapping like this

DomainAnswer
sukuna.local192.168.0.110
suguru.local192.168.0.111
satoru.local192.168.0.112

In this the suguru.local server is the one running AdGuard Home.

Now if want to access these servers from my laptop, I can simply type suguru.local in my browser and it will take me to the server. But if I am connected to Tailscale, this won’t work.

To fix this, we need to add the rewrites from the tailscale assigned IP addresses to the DNS mappings as well.

Consider your tailscale IP address of the AdGuard Home server is 100.100.100.100 then you need to add the following mappings as well.

DomainAnswer
sukuna.local192.168.0.110
suguru.local192.168.0.111
satoru.local192.168.0.112
suguru.local100.100.100.100

This will ensure that you can access the server from both the internal network and the tailscale network.

đź’ˇ

Note

Since the same domain is not pointing to multiple IP addresses (local and tailscale) at the same time, you won’t run into any issues. This is because the DNS server will always return the first answer it finds for a domain.

So if you are on the local network, it will return the local IP address and if you are on the tailscale network, it will return the tailscale IP address.

However, it will perform that in round robin fashion, so you might see delayed responses when you are on the tailscale network.


Earlier I tried out a solution which worked in getting DNS rewrites to work with multiple DNS entries. However, I found the latency issue to be quite pain and it was also not full proof since it relied on DNS load balancing with round robin.

So I have been looking for a better solution and I think I have found one. Let’s understand that and how you can setup DNS rewrites to work with Tailscale.

Setup AdGuard Home Instance to Advertise Routes

If you followed along, you know we used the --accept-dns=false flag when we authenticated our Raspberry Pi with Tailscale to start it up.

Now along with that we are going to use the --advertise-routes flag.

Quick Note for Linux Users

For Linux users, before typing the tailscale command, you need to enable IP forwarding. We will add these following line in /etc/sysctl.d/99-tailscale.conf file.

Open the file in your preferred editor and add the following lines.

Terminal window
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1

After this you need to reload the sysctl settings.

Terminal window
sudo sysctl -p /etc/sysctl.d/99-tailscale.conf

Once the above configuration is done (in case you are using linux), you can start up the tailscale instance with the following command.

Terminal window
sudo tailscale up --accept-dns=false --advertise-routes=192.168.x.x/24

Replace 192.168.x.x/24 with your local network CIDR. For example, for my network I am using 192.168.0.0/24.

If you have multiple subnets then you can add them as comma separated values.

I would highly suggest to read more about subnets in the official documentation ↗️ to understand how it works since I won’t be covering that in this blog.

Once you have advertised the routes, you have to go to the Tailscale admin panel and edit the settings for the device which is running AdGuard Home.

Click on the Edit route settings button and then you can allow this device to advertise routes that you mentioned above.

Edit route settings for a device in Tailscale
Edit route settings for a device in Tailscale

Now with the instance advertising routes, and with the DNS settings configured as mentioned above in the Tailscale DNS settings, we can now access the AdGuard Home instance from the tailscale network.

Testing DNS Rewrites

If you are using any non linux client, you can simply test this by enabling tailscale network and try accessing some service using your local DNS mappings.

For example I connected my Android device with the tailscale network and tried accessing adguard.suguru.local and it worked. 🎉

That’s it, we have solved this problem in a much better and cleaner way. Did this work for you? Or did you face any issues? Let me know by reaching out to me on any of my social handles.

Conclusion

Thanks to AdGuard Home and Tailscale, you can say goodbye to annoying ads no matter where you are. It’s a powerful combo that not only keeps your home network ad-free but extends that bliss to your devices on the move.

It was good learning experience for me as well while trying to find a solution for this. I hope you enjoyed this blog and found it helpful. If you have any questions or comments, please feel free to reach out to me on Twitter ↗️. I’d love to hear from you!

Until next time, happy hacking!

You may also like

  • # homelab# selfhosted# networking

    Setup Caddy with automatic SSL certificates with Cloudflare

    Recently I migrated my homelab from using Nginx with local domain certificates to using Caddy with automatic SSL certificates from Cloudflare. This post will go over the steps I took to set up Caddy with Cloudflare.

  • # homelab# selfhosted# networking

    Tailscale — Accessing Homelab services outside my network

    Tailscale is another service that I use in my homelab setup to access my services outside my network. It's a VPN service that makes it easy to access your devices, services, and networks securely.

  • # homelab# selfhosted# networking

    AdGuard Home — Network Wide Ad Blocking in your Homelab

    Let's talk about AdGuardHome, a network-wide ad blocking software that you can run in your homelab. It's a great way to block ads and trackers on your network without having to install ad blockers on every device.