starred/AdGuardHome

Fork 0

mirror of https://github.com/AdguardTeam/AdGuardHome.git synced 2026-03-04 00:01:12 -05:00

DHCP Server do not works when running AdGuard with non-priviledged user #3805

New issue

Open

opened 2026-03-04 04:20:50 -05:00 by deekerman · 8 comments

deekerman commented

2026-03-04 04:20:50 -05:00

Owner

Originally created by @peracchi on GitHub (Jul 18, 2022).

I found some tips to run AdGuard Home with non-priviledged user.

After install it with

curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sudo sh -s -- -v

I accessed the web interface, made all configurations and then

sudo chown -R admin:admin /opt/AdGuardHome /var/log/AdGuardHome*

followed by changing /etc/systemd/system/AdGuardHome.service to

[Unit]
Description=AdGuard Home: Network-level blocker
ConditionFileIsExecutable=/opt/AdGuardHome/AdGuardHome
After=syslog.target network-online.target

[Service]
User=admin
Group=admin
StartLimitInterval=5
StartLimitBurst=10
ExecStartPre=+/sbin/setcap CAP_NET_BIND_SERVICE=+eip /opt/AdGuardHome/AdGuardHome
ExecStart=/opt/AdGuardHome/AdGuardHome "-s" "run"

WorkingDirectory=/opt/AdGuardHome

StandardOutput=file:/var/log/AdGuardHome.out
StandardError=file:/var/log/AdGuardHome.err

Restart=always

RestartSec=10
EnvironmentFile=-/etc/sysconfig/AdGuardHome

[Install]
WantedBy=multi-user.target

Rebooted and everything works fine except the DHCP server. None of my devices can get an IP address.

I reverted to the original /etc/systemd/system/AdGuardHome.service because I need the DHCP server working.

Any ideas of what can be the problem?

admin@proxmox:/opt/AdGuardHome$ ll
total 35M
-rwxrwxrwx 1 admin admin  35M Jul 13 10:16 AdGuardHome
-rw-rw-rw- 1 admin admin  331 Jul 13 10:16 AdGuardHome.sig
-rw-r--r-- 1 root  root  4.8K Jul 18 16:18 AdGuardHome.yaml
-rw-r--r-- 1 admin admin  44K Jul 13 10:16 CHANGELOG.md
drwxr-xr-x 3 admin admin 4.0K Jul 18 02:18 data
-rw-r--r-- 1 root  root  1.3K Jul 18 16:36 leases.db
-rw-r--r-- 1 admin admin  35K Jul 13 10:16 LICENSE.txt
-rw-r--r-- 1 admin admin  23K Jul 13 10:16 README.md
admin@proxmox:/opt/AdGuardHome$
admin@proxmox:/opt/AdGuardHome$ ./AdGuardHome -v --version
AdGuard Home
Version: v0.107.8
Channel: release
Go version: go1.17.12
Commit time: 2022-07-13 09:24:17 -0300 -03
GOOS: linux
GOARCH: amd64
Race: false
Dependencies:
        github.com/AdguardTeam/dnsproxy@v0.43.1 (sum: h1:E777KfQAi+VurOoWEdGQ5iqjSOOAzzbTfLOEzj8heCs=)
        github.com/AdguardTeam/golibs@v0.10.8 (sum: h1:diU9gP9qG1qeLbAkzIwfUerpHSqzR6zaBgzvRMR/m6Q=)
        github.com/AdguardTeam/urlfilter@v0.16.0 (sum: h1:IO29m+ZyQuuOnPLTzHuXj35V1DZOp1Dcryl576P2syg=)
        github.com/NYTimes/gziphandler@v1.1.1 (sum: h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=)
        github.com/aead/chacha20@v0.0.0-20180709150244-8b13a72661da (sum: h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY=)
        github.com/aead/poly1305@v0.0.0-20180717145839-3fee0db0b635 (sum: h1:52m0LGchQBBVqJRyYYufQuIbVqRawmubW3OFGqK1ekw=)
        github.com/ameshkov/dnscrypt/v2@v2.2.3 (sum: h1:X9UP5AHtwp46Ji+sGFfF/1Is6OPI/SjxLqhKpx0P5UI=)
        github.com/ameshkov/dnsstamps@v1.0.3 (sum: h1:Srzik+J9mivH1alRACTbys2xOxs0lRH9qnTA7Y1OYVo=)
        github.com/beefsack/go-rate@v0.0.0-20220214233405-116f4ca011a0 (sum: h1:0b2vaepXIfMsG++IsjHiI2p4bxALD1Y2nQKGMR5zDQM=)
        github.com/cheekybits/genny@v1.0.0 (sum: h1:uGGa4nei+j20rOSeDeP5Of12XVm7TGUd4dJA9RDitfE=)
        github.com/digineo/go-ipset/v2@v2.2.1 (sum: h1:k6skY+0fMqeUjjeWO/m5OuWPSZUAn7AucHMnQ1MX77g=)
        github.com/fsnotify/fsnotify@v1.5.4 (sum: h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI=)
        github.com/go-ping/ping@v0.0.0-20211130115550-779d1e919534 (sum: h1:dhy9OQKGBh4zVXbjwbxxHjRxMJtLXj3zfgpBYQaR4Q4=)
        github.com/google/go-cmp@v0.5.7 (sum: h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o=)
        github.com/google/gopacket@v1.1.19 (sum: h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=)
        github.com/google/renameio@v1.0.1 (sum: h1:Lh/jXZmvZxb0BBeSY5VKEfidcbcbenKjZFzM/q0fSeU=)
        github.com/google/uuid@v1.3.0 (sum: h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=)
        github.com/insomniacslk/dhcp@v0.0.0-20220405050111-12fbdcb11b41 (sum: h1:Yg3n3AI7GoHnWt7dyjsLPU+TEuZfPAg0OdiA3MJUV6I=)
        github.com/josharian/native@v1.0.0 (sum: h1:Ts/E8zCSEsG17dUqv7joXJFybuMLjQfWE04tsBODTxk=)
        github.com/kardianos/service@v1.2.1 (sum: h1:AYndMsehS+ywIS6RB9KOlcXzteWUzxgMgBymJD7+BYk=)
        github.com/lucas-clemente/quic-go@v0.27.1 (sum: h1:sOw+4kFSVrdWOYmUjufQ9GBVPqZ+tu+jMtXxXNmRJyk=)
        github.com/marten-seemann/qtls-go1-17@v0.1.1 (sum: h1:DQjHPq+aOzUeh9/lixAGunn6rIOQyWChPSI4+hgW7jc=)
        github.com/mdlayher/ethernet@v0.0.0-20220221185849-529eae5b6118 (sum: h1:2oDp6OOhLxQ9JBoUuysVz9UZ9uI6oLUbvAZu0x8o+vE=)
        github.com/mdlayher/netlink@v1.6.0 (sum: h1:rOHX5yl7qnlpiVkFWoqccueppMtXzeziFjWAjLg6sz0=)
        github.com/mdlayher/raw@v0.0.0-20211126142749-4eae47f3d54b (sum: h1:MHcTarUMC4sFA7eiyR8IEJ6j2PgmgXR+B9X2IIMjh7A=)
        github.com/mdlayher/socket@v0.2.3 (sum: h1:XZA2X2TjdOwNoNPVPclRCURoX/hokBY8nkTmRZFEheM=)
        github.com/miekg/dns@v1.1.49 (sum: h1:qe0mQU3Z/XpFeE+AEBo2rqaS1IPBJ3anmqZ4XiZJVG8=)
        github.com/patrickmn/go-cache@v2.1.0+incompatible (sum: h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=)
        github.com/pkg/errors@v0.9.1 (sum: h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=)
        github.com/ti-mo/netfilter@v0.4.0 (sum: h1:rTN1nBYULDmMfDeBHZpKuNKX/bWEXQUhe02a/10orzg=)
        github.com/u-root/uio@v0.0.0-20220204230159-dac05f7d2cb4 (sum: h1:hl6sK6aFgTLISijk6xIzeqnPzQcsLqqvL6vEfTPinME=)
        go.etcd.io/bbolt@v1.3.6 (sum: h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU=)
        golang.org/x/crypto@v0.0.0-20220411220226-7b82a4e95df4 (sum: h1:kUhD7nTDoI3fVd9G4ORWrbV5NY0liEs/Jg2pv5f+bBA=)
        golang.org/x/net@v0.0.0-20220425223048-2871e0cb64e4 (sum: h1:HVyaeDAYux4pnY+D/SiwmLOR36ewZ4iGQIIrtnuCjFA=)
        golang.org/x/sync@v0.0.0-20210220032951-036812b2e83c (sum: h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=)
        golang.org/x/sys@v0.0.0-20220422013727-9388b58f7150 (sum: h1:xHms4gcpe1YE7A3yIllJXP16CMAGuqwO2lX1mTyyRRc=)
        golang.org/x/text@v0.3.7 (sum: h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=)
        gopkg.in/natefinch/lumberjack.v2@v2.0.0 (sum: h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8=)
        gopkg.in/yaml.v2@v2.4.0 (sum: h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=)
        howett.net/plist@v1.0.0 (sum: h1:7CrbWYbPPO/PyNy38b2EB/+gYbjCe2DXBxgtOOZbSQM=)
admin@proxmox:/opt/AdGuardHome$
admin@proxmox:/opt/AdGuardHome$ neofetch
         .://:`              `://:.            admin@proxmox
       `hMMMMMMd/          /dMMMMMMh`          -------------
        `sMMMMMMMd:      :mMMMMMMMs`           OS: Proxmox VE 7.2-7 x86_64
`-/+oo+/:`.yMMMMMMMh-  -hMMMMMMMy.`:/+oo+/-`   Host: Nitro AN515-51 V1.22
`:oooooooo/`-hMMMMMMMyyMMMMMMMh-`/oooooooo:`   Kernel: 5.15.39-1-pve
  `/oooooooo:`:mMMMMMMMMMMMMm:`:oooooooo/`     Uptime: 7 hours, 20 mins
    ./ooooooo+- +NMMMMMMMMN+ -+ooooooo/.       Packages: 697 (dpkg)
      .+ooooooo+-`oNMMMMNo`-+ooooooo+.         Shell: bash 5.1.4
        -+ooooooo/.`sMMs`./ooooooo+-           Resolution: 1920x1080
          :oooooooo/`..`/oooooooo:             Terminal: /dev/pts/0
          :oooooooo/`..`/oooooooo:             CPU: Intel i7-7700HQ (8) @ 3.800GHz
        -+ooooooo/.`sMMs`./ooooooo+-           GPU: NVIDIA GeForce GTX 1050 Ti Mobile
      .+ooooooo+-`oNMMMMNo`-+ooooooo+.         GPU: Intel HD Graphics 630
    ./ooooooo+- +NMMMMMMMMN+ -+ooooooo/.       Memory: 1210MiB / 15886MiB
  `/oooooooo:`:mMMMMMMMMMMMMm:`:oooooooo/`
`:oooooooo/`-hMMMMMMMyyMMMMMMMh-`/oooooooo:`
`-/+oo+/:`.yMMMMMMMh-  -hMMMMMMMy.`:/+oo+/-`
        `sMMMMMMMm:      :dMMMMMMMs`
       `hMMMMMMd/          /dMMMMMMh`
         `://:`              `://:`

Originally created by @peracchi on GitHub (Jul 18, 2022). I found some tips to run AdGuard Home with non-priviledged user. After install it with `curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sudo sh -s -- -v` I accessed the web interface, made all configurations and then `sudo chown -R admin:admin /opt/AdGuardHome /var/log/AdGuardHome*` followed by changing `/etc/systemd/system/AdGuardHome.service` to ``` [Unit] Description=AdGuard Home: Network-level blocker ConditionFileIsExecutable=/opt/AdGuardHome/AdGuardHome After=syslog.target network-online.target [Service] User=admin Group=admin StartLimitInterval=5 StartLimitBurst=10 ExecStartPre=+/sbin/setcap CAP_NET_BIND_SERVICE=+eip /opt/AdGuardHome/AdGuardHome ExecStart=/opt/AdGuardHome/AdGuardHome "-s" "run" WorkingDirectory=/opt/AdGuardHome StandardOutput=file:/var/log/AdGuardHome.out StandardError=file:/var/log/AdGuardHome.err Restart=always RestartSec=10 EnvironmentFile=-/etc/sysconfig/AdGuardHome [Install] WantedBy=multi-user.target ``` Rebooted and everything works fine except the DHCP server. None of my devices can get an IP address. I reverted to the original `/etc/systemd/system/AdGuardHome.service` because I need the DHCP server working. Any ideas of what can be the problem? ``` admin@proxmox:/opt/AdGuardHome$ ll total 35M -rwxrwxrwx 1 admin admin 35M Jul 13 10:16 AdGuardHome -rw-rw-rw- 1 admin admin 331 Jul 13 10:16 AdGuardHome.sig -rw-r--r-- 1 root root 4.8K Jul 18 16:18 AdGuardHome.yaml -rw-r--r-- 1 admin admin 44K Jul 13 10:16 CHANGELOG.md drwxr-xr-x 3 admin admin 4.0K Jul 18 02:18 data -rw-r--r-- 1 root root 1.3K Jul 18 16:36 leases.db -rw-r--r-- 1 admin admin 35K Jul 13 10:16 LICENSE.txt -rw-r--r-- 1 admin admin 23K Jul 13 10:16 README.md admin@proxmox:/opt/AdGuardHome$ admin@proxmox:/opt/AdGuardHome$ ./AdGuardHome -v --version AdGuard Home Version: v0.107.8 Channel: release Go version: go1.17.12 Commit time: 2022-07-13 09:24:17 -0300 -03 GOOS: linux GOARCH: amd64 Race: false Dependencies: github.com/AdguardTeam/dnsproxy@v0.43.1 (sum: h1:E777KfQAi+VurOoWEdGQ5iqjSOOAzzbTfLOEzj8heCs=) github.com/AdguardTeam/golibs@v0.10.8 (sum: h1:diU9gP9qG1qeLbAkzIwfUerpHSqzR6zaBgzvRMR/m6Q=) github.com/AdguardTeam/urlfilter@v0.16.0 (sum: h1:IO29m+ZyQuuOnPLTzHuXj35V1DZOp1Dcryl576P2syg=) github.com/NYTimes/gziphandler@v1.1.1 (sum: h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=) github.com/aead/chacha20@v0.0.0-20180709150244-8b13a72661da (sum: h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY=) github.com/aead/poly1305@v0.0.0-20180717145839-3fee0db0b635 (sum: h1:52m0LGchQBBVqJRyYYufQuIbVqRawmubW3OFGqK1ekw=) github.com/ameshkov/dnscrypt/v2@v2.2.3 (sum: h1:X9UP5AHtwp46Ji+sGFfF/1Is6OPI/SjxLqhKpx0P5UI=) github.com/ameshkov/dnsstamps@v1.0.3 (sum: h1:Srzik+J9mivH1alRACTbys2xOxs0lRH9qnTA7Y1OYVo=) github.com/beefsack/go-rate@v0.0.0-20220214233405-116f4ca011a0 (sum: h1:0b2vaepXIfMsG++IsjHiI2p4bxALD1Y2nQKGMR5zDQM=) github.com/cheekybits/genny@v1.0.0 (sum: h1:uGGa4nei+j20rOSeDeP5Of12XVm7TGUd4dJA9RDitfE=) github.com/digineo/go-ipset/v2@v2.2.1 (sum: h1:k6skY+0fMqeUjjeWO/m5OuWPSZUAn7AucHMnQ1MX77g=) github.com/fsnotify/fsnotify@v1.5.4 (sum: h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI=) github.com/go-ping/ping@v0.0.0-20211130115550-779d1e919534 (sum: h1:dhy9OQKGBh4zVXbjwbxxHjRxMJtLXj3zfgpBYQaR4Q4=) github.com/google/go-cmp@v0.5.7 (sum: h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o=) github.com/google/gopacket@v1.1.19 (sum: h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=) github.com/google/renameio@v1.0.1 (sum: h1:Lh/jXZmvZxb0BBeSY5VKEfidcbcbenKjZFzM/q0fSeU=) github.com/google/uuid@v1.3.0 (sum: h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=) github.com/insomniacslk/dhcp@v0.0.0-20220405050111-12fbdcb11b41 (sum: h1:Yg3n3AI7GoHnWt7dyjsLPU+TEuZfPAg0OdiA3MJUV6I=) github.com/josharian/native@v1.0.0 (sum: h1:Ts/E8zCSEsG17dUqv7joXJFybuMLjQfWE04tsBODTxk=) github.com/kardianos/service@v1.2.1 (sum: h1:AYndMsehS+ywIS6RB9KOlcXzteWUzxgMgBymJD7+BYk=) github.com/lucas-clemente/quic-go@v0.27.1 (sum: h1:sOw+4kFSVrdWOYmUjufQ9GBVPqZ+tu+jMtXxXNmRJyk=) github.com/marten-seemann/qtls-go1-17@v0.1.1 (sum: h1:DQjHPq+aOzUeh9/lixAGunn6rIOQyWChPSI4+hgW7jc=) github.com/mdlayher/ethernet@v0.0.0-20220221185849-529eae5b6118 (sum: h1:2oDp6OOhLxQ9JBoUuysVz9UZ9uI6oLUbvAZu0x8o+vE=) github.com/mdlayher/netlink@v1.6.0 (sum: h1:rOHX5yl7qnlpiVkFWoqccueppMtXzeziFjWAjLg6sz0=) github.com/mdlayher/raw@v0.0.0-20211126142749-4eae47f3d54b (sum: h1:MHcTarUMC4sFA7eiyR8IEJ6j2PgmgXR+B9X2IIMjh7A=) github.com/mdlayher/socket@v0.2.3 (sum: h1:XZA2X2TjdOwNoNPVPclRCURoX/hokBY8nkTmRZFEheM=) github.com/miekg/dns@v1.1.49 (sum: h1:qe0mQU3Z/XpFeE+AEBo2rqaS1IPBJ3anmqZ4XiZJVG8=) github.com/patrickmn/go-cache@v2.1.0+incompatible (sum: h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=) github.com/pkg/errors@v0.9.1 (sum: h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=) github.com/ti-mo/netfilter@v0.4.0 (sum: h1:rTN1nBYULDmMfDeBHZpKuNKX/bWEXQUhe02a/10orzg=) github.com/u-root/uio@v0.0.0-20220204230159-dac05f7d2cb4 (sum: h1:hl6sK6aFgTLISijk6xIzeqnPzQcsLqqvL6vEfTPinME=) go.etcd.io/bbolt@v1.3.6 (sum: h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU=) golang.org/x/crypto@v0.0.0-20220411220226-7b82a4e95df4 (sum: h1:kUhD7nTDoI3fVd9G4ORWrbV5NY0liEs/Jg2pv5f+bBA=) golang.org/x/net@v0.0.0-20220425223048-2871e0cb64e4 (sum: h1:HVyaeDAYux4pnY+D/SiwmLOR36ewZ4iGQIIrtnuCjFA=) golang.org/x/sync@v0.0.0-20210220032951-036812b2e83c (sum: h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=) golang.org/x/sys@v0.0.0-20220422013727-9388b58f7150 (sum: h1:xHms4gcpe1YE7A3yIllJXP16CMAGuqwO2lX1mTyyRRc=) golang.org/x/text@v0.3.7 (sum: h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=) gopkg.in/natefinch/lumberjack.v2@v2.0.0 (sum: h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8=) gopkg.in/yaml.v2@v2.4.0 (sum: h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=) howett.net/plist@v1.0.0 (sum: h1:7CrbWYbPPO/PyNy38b2EB/+gYbjCe2DXBxgtOOZbSQM=) admin@proxmox:/opt/AdGuardHome$ admin@proxmox:/opt/AdGuardHome$ neofetch .://:` `://:. admin@proxmox `hMMMMMMd/ /dMMMMMMh` ------------- `sMMMMMMMd: :mMMMMMMMs` OS: Proxmox VE 7.2-7 x86_64 `-/+oo+/:`.yMMMMMMMh- -hMMMMMMMy.`:/+oo+/-` Host: Nitro AN515-51 V1.22 `:oooooooo/`-hMMMMMMMyyMMMMMMMh-`/oooooooo:` Kernel: 5.15.39-1-pve `/oooooooo:`:mMMMMMMMMMMMMm:`:oooooooo/` Uptime: 7 hours, 20 mins ./ooooooo+- +NMMMMMMMMN+ -+ooooooo/. Packages: 697 (dpkg) .+ooooooo+-`oNMMMMNo`-+ooooooo+. Shell: bash 5.1.4 -+ooooooo/.`sMMs`./ooooooo+- Resolution: 1920x1080 :oooooooo/`..`/oooooooo: Terminal: /dev/pts/0 :oooooooo/`..`/oooooooo: CPU: Intel i7-7700HQ (8) @ 3.800GHz -+ooooooo/.`sMMs`./ooooooo+- GPU: NVIDIA GeForce GTX 1050 Ti Mobile .+ooooooo+-`oNMMMMNo`-+ooooooo+. GPU: Intel HD Graphics 630 ./ooooooo+- +NMMMMMMMMN+ -+ooooooo/. Memory: 1210MiB / 15886MiB `/oooooooo:`:mMMMMMMMMMMMMm:`:oooooooo/` `:oooooooo/`-hMMMMMMMyyMMMMMMMh-`/oooooooo:` `-/+oo+/:`.yMMMMMMMh- -hMMMMMMMy.`:/+oo+/-` `sMMMMMMMm: :dMMMMMMMs` `hMMMMMMd/ /dMMMMMMh` `://:` `://:` ```

deekerman added the

help wanted

cannot reproduce

labels

2026-03-04 04:20:50 -05:00

deekerman commented

2026-03-04 04:20:58 -05:00

Author

Owner

@ainar-g commented on GitHub (Jul 28, 2022):

Apologies for the delay. Can you configure AdGuard Home to collect logs by setting verbose to true and inspect them for dhcp errors? Also, are you sure that no firewall is blocking ports 57 and 58?

@ainar-g commented on GitHub (Jul 28, 2022): Apologies for the delay. Can you [configure][1] AdGuard Home to collect logs by setting `verbose` to `true` and inspect them for `dhcp` errors? Also, are you sure that no firewall is blocking ports 57 and 58? [1]: https://github.com/AdguardTeam/AdGuardHome/wiki/FAQ#verboselog

deekerman commented

2026-03-04 04:21:02 -05:00

Author

Owner

@peracchi commented on GitHub (Jul 28, 2022):

Apologies for the delay.

No problem!

Can you configure AdGuard Home to collect logs by setting verbose to true and inspect them for dhcp errors?

Sure, will do this later.

Also, are you sure that no firewall is blocking ports 57 and 58?

I suppose no, because if it were firewall, blocking will occur with either user as AdGuard do not mess with firewall

@peracchi commented on GitHub (Jul 28, 2022): > Apologies for the delay. No problem! > Can you configure AdGuard Home to collect logs by setting `verbose` to `true` and inspect them for `dhcp` errors? Sure, will do this later. > Also, are you sure that no firewall is blocking ports 57 and 58? I suppose no, because if it were firewall, blocking will occur with either user as AdGuard do not mess with firewall

deekerman commented

2026-03-04 04:21:02 -05:00

Author

Owner

@yscialom commented on GitHub (Aug 2, 2022):

Might be related (whild guess): #4728

@yscialom commented on GitHub (Aug 2, 2022): Might be related (whild guess): #4728

deekerman commented

2026-03-04 04:21:02 -05:00

Author

Owner

@peracchi commented on GitHub (Oct 10, 2022):

I am reinstalling my Proxmox server.

At the moment DHCP server is running on my router but I will reinstall and activate DHCP on AdguardHome to try to get more info with the logs.

Obviously I will disable DHCP on my router to conduct the tests.

@peracchi commented on GitHub (Oct 10, 2022): I am reinstalling my Proxmox server. At the moment DHCP server is running on my router but I will reinstall and activate DHCP on AdguardHome to try to get more info with the logs. Obviously I will disable DHCP on my router to conduct the tests.

deekerman commented

2026-03-04 04:21:02 -05:00

Author

Owner

@peracchi commented on GitHub (Oct 10, 2022):

Just tried "Check for DHCP servers" and got "operation not permitted".

Nothing on log file.

admin@pve:~$ clear ; tail -f /tmp/aghlog.txt
2022/10/10 20:05:11.023657 795#47 [debug] started POST adguard.local:5353 /control/dhcp/find_active_dhcp
2022/10/10 20:05:11.024235 795#47 [debug] DHCPv6: Listening to udp6 [fe80::9a29:a6ff:fe46:31e]:546
2022/10/10 20:05:11.024617 795#47 [debug] github.com/AdguardTeam/AdGuardHome/internal/aghnet.tryConn6(): dhcpv6: waiting 3s for an answer
2022/10/10 20:05:14.024901 795#47 [debug] dhcpv6: didn't receive dhcp response
2022/10/10 20:05:14.025089 795#47 [debug] finished POST adguard.local:5353 /control/dhcp/find_active_dhcp in 3.001439429s

admin@pve:/opt/AdGuardHome$ cat AdGuardHome.yaml
bind_host: 0.0.0.0
bind_port: 5353
beta_bind_port: 0
users:
  - name: agh
    password: $2a...
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
language: ""
debug_pprof: false
web_session_ttl: 720
dns:
  bind_hosts:
    - 0.0.0.0
  port: 53
  statistics_interval: 1
  querylog_enabled: true
  querylog_file_enabled: true
  querylog_interval: 2160h
  querylog_size_memory: 1000
  anonymize_client_ip: false
  protection_enabled: true
  blocking_mode: default
  blocking_ipv4: ""
  blocking_ipv6: ""
  blocked_response_ttl: 10
  parental_block_host: family-block.dns.adguard.com
  safebrowsing_block_host: standard-block.dns.adguard.com
  ratelimit: 20
  ratelimit_whitelist: []
  refuse_any: true
  upstream_dns:
    - https://dns10.quad9.net/dns-query
  upstream_dns_file: ""
  bootstrap_dns:
    - 9.9.9.10
    - 149.112.112.10
    - 2620:fe::10
    - 2620:fe::fe:10
  all_servers: false
  fastest_addr: false
  fastest_timeout: 1s
  allowed_clients: []
  disallowed_clients: []
  blocked_hosts:
    - version.bind
    - id.server
    - hostname.bind
  trusted_proxies:
    - 127.0.0.0/8
    - ::1/128
  cache_size: 0
  cache_ttl_min: 0
  cache_ttl_max: 0
  cache_optimistic: false
  bogus_nxdomain: []
  aaaa_disabled: false
  enable_dnssec: false
  edns_client_subnet: false
  max_goroutines: 300
  handle_ddr: true
  ipset: []
  ipset_file: ""
  filtering_enabled: true
  filters_update_interval: 24
  parental_enabled: false
  safesearch_enabled: false
  safebrowsing_enabled: false
  safebrowsing_cache_size: 1048576
  safesearch_cache_size: 1048576
  parental_cache_size: 1048576
  cache_time: 30
  rewrites: []
  blocked_services: []
  upstream_timeout: 10s
  private_networks: []
  use_private_ptr_resolvers: true
  local_ptr_upstreams: []
  serve_http3: false
  use_http3_upstreams: false
tls:
  enabled: false
  server_name: ""
  force_https: false
  port_https: 443
  port_dns_over_tls: 853
  port_dns_over_quic: 853
  port_dnscrypt: 0
  dnscrypt_config_file: ""
  allow_unencrypted_doh: false
  strict_sni_check: false
  certificate_chain: ""
  private_key: ""
  certificate_path: ""
  private_key_path: ""
filters:
  - enabled: true
    url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
    name: AdGuard DNS filter
    id: 1
  - enabled: false
    url: https://adaway.org/hosts.txt
    name: AdAway Default Blocklist
    id: 2
whitelist_filters: []
user_rules: []
dhcp:
  enabled: false
  interface_name: ""
  local_domain_name: lan
  dhcpv4:
    gateway_ip: ""
    subnet_mask: ""
    range_start: ""
    range_end: ""
    lease_duration: 86400
    icmp_timeout_msec: 1000
    options: []
  dhcpv6:
    range_start: ""
    lease_duration: 86400
    ra_slaac_only: false
    ra_allow_slaac: false
clients:
  runtime_sources:
    whois: true
    arp: true
    rdns: true
    dhcp: true
    hosts: true
  persistent: []
log_file: "/tmp/aghlog.txt"
log_max_backups: 0
log_max_size: 100
log_max_age: 3
log_compress: false
log_localtime: false
verbose: true
os:
  group: ""
  user: ""
  rlimit_nofile: 0
schema_version: 14

admin@pve:/opt/AdGuardHome$ sudo cat /etc/systemd/system/AdGuardHome.service
[Unit]
Description=AdGuard Home: Network-level blocker
ConditionFileIsExecutable=/opt/AdGuardHome/AdGuardHome
After=syslog.target network-online.target

[Service]
User=admin
Group=admin
StartLimitInterval=5
StartLimitBurst=10
ExecStartPre=+/sbin/setcap CAP_NET_BIND_SERVICE=+eip /opt/AdGuardHome/AdGuardHome
ExecStart=/opt/AdGuardHome/AdGuardHome "-s" "run"

WorkingDirectory=/opt/AdGuardHome

StandardOutput=file:/var/log/AdGuardHome.out
StandardError=file:/var/log/AdGuardHome.err

Restart=always

RestartSec=10
EnvironmentFile=-/etc/sysconfig/AdGuardHome

[Install]
WantedBy=multi-user.target

Using AdGuardHome v0.107.16.

@peracchi commented on GitHub (Oct 10, 2022): Just tried _"Check for DHCP servers"_ and got _"operation not permitted"_. ![ksnip_20221010-202151](https://user-images.githubusercontent.com/1372058/194966487-adeff10b-205f-41ef-bf53-43f68ab1e6e1.png) Nothing on log file. ``` admin@pve:~$ clear ; tail -f /tmp/aghlog.txt 2022/10/10 20:05:11.023657 795#47 [debug] started POST adguard.local:5353 /control/dhcp/find_active_dhcp 2022/10/10 20:05:11.024235 795#47 [debug] DHCPv6: Listening to udp6 [fe80::9a29:a6ff:fe46:31e]:546 2022/10/10 20:05:11.024617 795#47 [debug] github.com/AdguardTeam/AdGuardHome/internal/aghnet.tryConn6(): dhcpv6: waiting 3s for an answer 2022/10/10 20:05:14.024901 795#47 [debug] dhcpv6: didn't receive dhcp response 2022/10/10 20:05:14.025089 795#47 [debug] finished POST adguard.local:5353 /control/dhcp/find_active_dhcp in 3.001439429s ``` ``` admin@pve:/opt/AdGuardHome$ cat AdGuardHome.yaml bind_host: 0.0.0.0 bind_port: 5353 beta_bind_port: 0 users: - name: agh password: $2a... auth_attempts: 5 block_auth_min: 15 http_proxy: "" language: "" debug_pprof: false web_session_ttl: 720 dns: bind_hosts: - 0.0.0.0 port: 53 statistics_interval: 1 querylog_enabled: true querylog_file_enabled: true querylog_interval: 2160h querylog_size_memory: 1000 anonymize_client_ip: false protection_enabled: true blocking_mode: default blocking_ipv4: "" blocking_ipv6: "" blocked_response_ttl: 10 parental_block_host: family-block.dns.adguard.com safebrowsing_block_host: standard-block.dns.adguard.com ratelimit: 20 ratelimit_whitelist: [] refuse_any: true upstream_dns: - https://dns10.quad9.net/dns-query upstream_dns_file: "" bootstrap_dns: - 9.9.9.10 - 149.112.112.10 - 2620:fe::10 - 2620:fe::fe:10 all_servers: false fastest_addr: false fastest_timeout: 1s allowed_clients: [] disallowed_clients: [] blocked_hosts: - version.bind - id.server - hostname.bind trusted_proxies: - 127.0.0.0/8 - ::1/128 cache_size: 0 cache_ttl_min: 0 cache_ttl_max: 0 cache_optimistic: false bogus_nxdomain: [] aaaa_disabled: false enable_dnssec: false edns_client_subnet: false max_goroutines: 300 handle_ddr: true ipset: [] ipset_file: "" filtering_enabled: true filters_update_interval: 24 parental_enabled: false safesearch_enabled: false safebrowsing_enabled: false safebrowsing_cache_size: 1048576 safesearch_cache_size: 1048576 parental_cache_size: 1048576 cache_time: 30 rewrites: [] blocked_services: [] upstream_timeout: 10s private_networks: [] use_private_ptr_resolvers: true local_ptr_upstreams: [] serve_http3: false use_http3_upstreams: false tls: enabled: false server_name: "" force_https: false port_https: 443 port_dns_over_tls: 853 port_dns_over_quic: 853 port_dnscrypt: 0 dnscrypt_config_file: "" allow_unencrypted_doh: false strict_sni_check: false certificate_chain: "" private_key: "" certificate_path: "" private_key_path: "" filters: - enabled: true url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt name: AdGuard DNS filter id: 1 - enabled: false url: https://adaway.org/hosts.txt name: AdAway Default Blocklist id: 2 whitelist_filters: [] user_rules: [] dhcp: enabled: false interface_name: "" local_domain_name: lan dhcpv4: gateway_ip: "" subnet_mask: "" range_start: "" range_end: "" lease_duration: 86400 icmp_timeout_msec: 1000 options: [] dhcpv6: range_start: "" lease_duration: 86400 ra_slaac_only: false ra_allow_slaac: false clients: runtime_sources: whois: true arp: true rdns: true dhcp: true hosts: true persistent: [] log_file: "/tmp/aghlog.txt" log_max_backups: 0 log_max_size: 100 log_max_age: 3 log_compress: false log_localtime: false verbose: true os: group: "" user: "" rlimit_nofile: 0 schema_version: 14 ``` ``` admin@pve:/opt/AdGuardHome$ sudo cat /etc/systemd/system/AdGuardHome.service [Unit] Description=AdGuard Home: Network-level blocker ConditionFileIsExecutable=/opt/AdGuardHome/AdGuardHome After=syslog.target network-online.target [Service] User=admin Group=admin StartLimitInterval=5 StartLimitBurst=10 ExecStartPre=+/sbin/setcap CAP_NET_BIND_SERVICE=+eip /opt/AdGuardHome/AdGuardHome ExecStart=/opt/AdGuardHome/AdGuardHome "-s" "run" WorkingDirectory=/opt/AdGuardHome StandardOutput=file:/var/log/AdGuardHome.out StandardError=file:/var/log/AdGuardHome.err Restart=always RestartSec=10 EnvironmentFile=-/etc/sysconfig/AdGuardHome [Install] WantedBy=multi-user.target ``` Using AdGuardHome v0.107.16.

deekerman commented

2026-03-04 04:21:02 -05:00

Author

Owner

@ainar-g commented on GitHub (Oct 11, 2022):

I'm not sure what could be the reason, sorry. It's most likely some setting in the system. I've added the help wanted label, so perhaps other people could chime in.

@ainar-g commented on GitHub (Oct 11, 2022): I'm not sure what could be the reason, sorry. It's most likely some setting in the system. I've added the `help wanted` label, so perhaps other people could chime in.

deekerman commented

2026-03-04 04:21:02 -05:00

Author

Owner

@peracchi commented on GitHub (Oct 11, 2022):

I'm not sure what could be the reason

Yes, I am curious about what can be the problem. I think that is not a firewall problem because only variable is the user (root / not root) and this do not change firewall rules.

I suspect something about the ExecStartPre=+/sbin/setcap CAP_NET_BIND_SERVICE=+eip /opt/AdGuardHome/AdGuardHome.

I will also ask in Proxmox forum -> AdGuardHome running alongside Proxmox 7.2

@peracchi commented on GitHub (Oct 11, 2022): > I'm not sure what could be the reason Yes, I am curious about what can be the problem. I think that is not a firewall problem because only variable is the user (root / not root) and this do not change firewall rules. I suspect something about the `ExecStartPre=+/sbin/setcap CAP_NET_BIND_SERVICE=+eip /opt/AdGuardHome/AdGuardHome`. I will also ask in Proxmox forum -> [AdGuardHome running alongside Proxmox 7.2](https://forum.proxmox.com/threads/adguardhome-running-alongside-proxmox-7-2.116469/)

deekerman commented

2026-03-04 04:21:02 -05:00

Author

Owner

@CRTified commented on GitHub (Jan 1, 2023):

You need CAP_NET_BIND_SERVICE for opening ports <1024 (DNS server, for example).

But DHCP additionally requires a raw socket (I'm unsure whether this is always the case or just specific to AGH). These require CAP_NET_RAW as capability (For more information on capabilities, check this page). So you'd need to add this capability to the AdGuardHome binary, as well.

But I want to add another thing: systemd allows setting capabilities within the [Service] section using AmbientCapabilities:

AmbientCapabilities=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_RAW

With these, I was able to resolve the problem. For me, the pointer was the MAC address in your screenshot, where you'd normally expect an IP address (due to it mentioning sockets).

@CRTified commented on GitHub (Jan 1, 2023): You need `CAP_NET_BIND_SERVICE` for opening ports <1024 (DNS server, for example). But DHCP *additionally* requires a raw socket (I'm unsure whether this is always the case or just specific to AGH). These require `CAP_NET_RAW` as capability (For more information on capabilities, check [this page](https://man7.org/linux/man-pages/man7/capabilities.7.html)). So you'd need to add this capability to the `AdGuardHome` binary, as well. But I want to add another thing: systemd allows setting capabilities within the `[Service]` section using [`AmbientCapabilities`](https://www.freedesktop.org/software/systemd/man/systemd.exec.html#AmbientCapabilities=): ```ini AmbientCapabilities=CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_RAW ``` With these, I was able to resolve the problem. For me, the pointer was the MAC address in your screenshot, where you'd normally expect an IP address (due to it mentioning sockets).

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/AdGuardHome#3805

No description provided.

Rows
Columns