How to configure AdGuard Home with VPN?!

I live in a country where internet is highly restricted. Imagine something like firewall of china. Since a few months ago the government started DNS Hijacking! sometimes we can’t even access cloudflare dns.

So, yesterday i downloaded the adguard home for windows from github. It uses CMD to run. I added it’s ip to my router and to my network adapter. I’m using proton vpn ( custom dns disabled ). Now the problem is that my Average processing time is really high, like 200ms - 250ms and sometimes even higher, but sites load much faster. I know it’s because of the Optimistic Caching.

How should i fix the high processing time?

I want all the traffic to first go through Adguard Home But not upstream dns servers! ( just want to use the cache ), I want it to use my vpn and then dns. Adguard Home>VPN>DNS servers>

Does it make sense? Is it possible? Should i do this or just use adguard adblocker app or extension?

This has XY problem written all over it. Are you trying to bypass DNS censorship and blocking, or just increase page load times using the local cache?

For a moment, forget what you’re trying to do (AdGuard Home, DNS, VPN), and tell us what you want to actually achieve. For example “I’m trying to block ads, but I want to not have my DNS queries blocked by my government”, or “I’m trying to keep a cache of local DNS queries so my pages load faster, but the DNS queries are being blocked by my government”, or “I want to use my VPN but don’t know how to use my local AdGuard Home instance as its DNS”. It will be easier to help you when we know what problem you’re actually solving, rather than just hearing what convoluted fix you’re struggling to implement.

Why does AdGuard Home need to go via VPN? Is it to bypass the DNS blocks in your country? Why not just use encrypted DNS as upstream in AdGuard Home instead? Why are you avoiding upstream DNS servers? What upstream server is configured in AdGuard Home? Do you have access to a Linux machine or a Raspberry Pi or similar?

Doesn’t matter.

In short when you connect to VPN the ping is going to be between you and the server. Let’s say it’s 100ms. When you access a site then the VPN gets the DNS from adguard and then connects to the site,
Imagine your local adguard has 5ms ping and 100 for VPN and it’s 105 total for connecting to the site.

Now connect your vpn and ping any DNS provider and you’ll see that the ping from VPN to DNS is going to be less that 5ms or around that.
So the speed that you are trying to achieve is not there because whether you use local adguard or a remote server the ping is already low.

You can just use any online adblock server and get the same setup.

If you were running your computer without VPN then running a local adguard will be beneficial as ping will be very low since using any online provider will add at least 100ms

I want to use my VPN (proton vpn) but i don’t know how to use my local AdGuard Home instance as its DNS and i’m trying to keep a cache of local DNS queries so pages load faster, but the DNS queries and most of the sites ( youtube, twitter … ) are blocked by my government, So ADguard Home should go through a VPN.

First, I need a VPN to access blocked sites, Change my location and IP Address.

Then, I need Adguard home to block Ads and cache DNS queries so pages load faster.

I don’t want to use encrypted DNS as upstream because i don’t want sites to know my location and ip address.

Right now, i’m using adguard DNS, openDNS, quad9 and a few more as upstream dns.

I have linux server on VirtualBox.

Thanks. I just wanted to try it out and see if i can make pages load faster but now i know that with my current setup i can’t.

Sorry, I was called away.

I want to use my VPN (proton vpn) but i don’t know how to use my local AdGuard Home instance as its DNS

I don’t think Proton’s official app supports custom DNS? I may be wrong though, in which case just point it to the local IP of the server running AdGuard Home (eg 192.168.1.3). If not, generate a WireGuard config from Proton’s dashboard on the website (in your account) then import it to the official WireGuard app. That will allow you to specify DNS.

i’m trying to keep a cache of local DNS queries so pages load faster, but the DNS queries and most of the sites ( youtube, twitter … ) are blocked by my government, So ADguard Home should go through a VPN.

Using an encrypted upstream in AdGuard Home should help. Have you tried that? For example tls://one.one.one.one, tls://dns.quad9.net, https://dns.quad9.net/dns-query, or https://dns.cloudflare-dns.com/dns-query or even quic://dns-unfiltered.adguard.com? You should really generate SDNS stamps for those addresses, to avoid the need for a ‘bootstrap DNS’ (i.e. clearnet DNS with no encryption) to resolve the endpoints at the start of each session. For example, the SDNS stamp for AdGuard unfiltered (the last one I just linked) is sdns://BAcAAAAAAAAADTk0LjE0MC4xNC4xNDAAGmRucy11bmZpbHRlcmVkLmFkZ3VhcmQuY29t. You can verify that, or generate more for other providers, HERE.

You shouldn’t need a VPN for those to work (hopefully), but if your government is really on their game they will have blocked those well-known endpoints.

First, I need a VPN to access blocked sites, Change my location and IP Address.
Then, I need Adguard home to block Ads and cache DNS queries so pages load faster.

That much makes sense. Pointing your VPN client to the local AdGuard instance will achieve what you wish. You can also just use your provider’s built in adblocking DNS if they offer it (Mullvad, OVPN, maybe Proton?, NordVPN, PIA etc etc).

I don’t want to use encrypted DNS as upstream because i don’t want sites to know my location and ip address.

Encrypting the upstream DNS won’t change what sites see. I assume you mean ‘use encrypted DNS as upstream without also using a VPN’. In which case, see what I already wrote. Using both is good. Still encrypt your DNS - more layers are better, so encrypted DNS over VPN is better than plain DNS over VPN.

Right now, i’m using adguard DNS, openDNS, quad9 and a few more as upstream dns. I have linux server on VirtualBox.

That’s fine. So all you need to do is either instruct Proton’s client to use your AGH IP (if it allows it, but I don’t think they do) or, as I said, grab a WireGuard config and use the official app. Just insert DNS = (AGH IP) into the config in place of whatever DNS Proton put in there automatically, then import it to the WireGuard app and connect. You’re done!

Thank you so much. I learned a lot. I’ve added the stamps and so far it’s been working really good. Now i’m using vpn + encrypted DNS.

EDIT: By the way, there is an option to add custom DNS in proton.