Let’s face it; online ads can be a major buzzkill. They clutter your favorite websites, slow down your page loads, and worst of all, they’re just plain annoying.
But what if I told you that you could erase ads on the go? That’s right, no more pesky ads on your phone, tablet, or laptop. All you need is a Raspberry Pi (or any device in your homelab), AdGuard Home, and Tailscale.
In this blog, I’ll show you how to set up AdGuard Home and Tailscale to block ads on your phone, tablet, and laptop. It’s a technical adventure that’s worth every click.
Before we dive into the technical wizardry of AdGuard Home, let’s start with the basics. AdGuard Home is a network-wide ad and tracker blocker.
It operates at the DNS level, which means it intercepts and filters out those pesky ads before they even reach your device. Think of it as your personal guard, fending off ads and trackers like a digital knight in shining armor.
But what’s even cooler is that AdGuard Home is not limited to just one device; it can cover your entire network. That means every device connected to your home network, from your laptop to your smartphone, can enjoy ad-free browsing.
The installation instructions are pretty straightforward, just run their install script ↗️
Once you’ve installed AdGuard Home, you can access the web interface by visiting
http://<ip-address>:3000 in your browser. You’ll be greeted with a setup wizard that will guide you through the process of setting up AdGuard Home.
Next on our list is Tailscale ↗️. It’s a fantastic tool that creates secure, private networks with ease. Whether you’re at home, in a coffee shop, or halfway across the world, Tailscale keeps your devices connected as if they were on the same local network.
Tailscale is a great fit for our ad-blocking adventure because it allows you to access your AdGuard Home instance securely from anywhere. This means you can block ads even when you’re away from your home network. Pretty cool, right?
To get started, create a Tailscale account ↗️ and we’ll install Tailscale on our devices.
In my setup, I am using a Raspberry Pi Zero 2W which is running 64 bit debian in headless mode. I have also installed AdGuard Home on the same Raspberry Pi.
So I am following the linux installation setup for Tailscale. To do this, we’ll use the following command:
Once Tailscale is installed, we’ll need to authenticate our Raspberry Pi with Tailscale. To do this, we’ll use the following command:
Don’t forget to add the
--accept-dns=falseflag. This will ensure that Tailscale doesn’t interfere with AdGuard Home’s DNS server.
Once you’ve installed Tailscale on your client devices, you’ll need to authenticate them with Tailscale. To do this, you’ll need to log in to your Tailscale account and authorize your devices.
Now that we’ve installed Tailscale on our devices, we can connect to our AdGuard Home instance. For this we will edit the DNS settings for our Tailscale network.
Head to the DNS tab ↗️ and edit the “Global Nameservers” option under “Nameservers” and add the IP address of your AdGuard Home instance.
You can find the IP address of your AdGuard Home instance by running the following command:
100.x.x.x IP address and add it to the “Global Nameservers” option.
Once you’ve added the IP address of your AdGuard Home instance, you can save your changes and you’re all set!
Now when you are connected to your Tailscale network, you’ll be able to access your AdGuard Home instance. This means you can block ads even when you’re away from your home network.
With Multiple DNS entries (Old Approach)
One thing that you might notice if you are using AdGuard Home with Tailscale is that DNS rewrites don’t work out of the box if you have the mappings set to your local internal IP address.
For example I maintain 3 servers in my homelab at the moment and they have mapping like this
In this the
suguru.local server is the one running AdGuard Home.
Now if want to access these servers from my laptop, I can simply type
suguru.local in my browser and it will take me to the server. But if I am connected to Tailscale, this won’t work.
To fix this, we need to add the rewrites from the tailscale assigned IP addresses to the DNS mappings as well.
Consider your tailscale IP address of the AdGuard Home server is
100.100.100.100 then you need to add the following mappings as well.
This will ensure that you can access the server from both the internal network and the tailscale network.
Since the same domain is not pointing to multiple IP addresses (local and tailscale) at the same time, you won’t run into any issues. This is because the DNS server will always return the first answer it finds for a domain.
So if you are on the local network, it will return the local IP address and if you are on the tailscale network, it will return the tailscale IP address.
However, it will perform that in round robin fashion, so you might see delayed responses when you are on the tailscale network.
Earlier I tried out a solution which worked in getting DNS rewrites to work with multiple DNS entries. However, I found the latency issue to be quite pain and it was also not full proof since it relied on DNS load balancing with round robin.
So I have been looking for a better solution and I think I have found one. Let’s understand that and how you can setup DNS rewrites to work with Tailscale.
If you followed along, you know we used the
--accept-dns=false flag when we authenticated our Raspberry Pi with Tailscale to start it up.
Now along with that we are going to use the
For Linux Users
For Linux users, before typing the tailscale command, you need to enable IP forwarding.
We will add these following line in
Open the file in your preferred editor and add the following lines.
After this you need to reload the sysctl settings.
Once the above configuration is done (in case you are using linux), you can start up the tailscale instance with the following command.
192.168.x.x/24with your local network CIDR. For example, for my network I am using
If you have multiple subnets then you can add them as comma separated values.
I would highly suggest to read more about subnets in the official documentation ↗️ to understand how it works since I won’t be covering that in this blog.
Once you have advertised the routes, you have to go to the Tailscale admin panel and edit the settings for the device which is running AdGuard Home.
Click on the
Edit route settings button and then you can allow this device to advertise routes that you mentioned above.
Now with the instance advertising routes, and with the DNS settings configured as mentioned above in the Tailscale DNS settings, we can now access the AdGuard Home instance from the tailscale network.
If you are using any non linux client, you can simply test this by enabling tailscale network and try accessing some service using your local DNS mappings.
For example I connected my Android device with the tailscale network and tried accessing
adguard.suguru.local and it worked. 🎉
That’s it, we have solved this problem in a much better and cleaner way. Did this work for you? Or did you face any issues? Let me know by reaching out to me on any of my social handles.
Thanks to AdGuard Home and Tailscale, you can say goodbye to annoying ads no matter where you are. It’s a powerful combo that not only keeps your home network ad-free but extends that bliss to your devices on the move.
It was good learning experience for me as well while trying to find a solution for this. I hope you enjoyed this blog and found it helpful. If you have any questions or comments, please feel free to reach out to me on Twitter ↗️. I’d love to hear from you!
Until next time, happy hacking!