How to make AdGuard only accessible via VPN and or private network
-
Hello folks.
I'm struggling with understanding how to lock down AdGuard to only allow clients via VPN or from permitted networks or even clients.
I found a helpful guide here but not sure how to implement it on a Cloudron box hosted in a DC (Hetzner VM in my case):
https://github.com/trinib/AdGuard-WireGuard-Unbound-DNScrypt/discussions/43
I don't want to brick my server as it's running important services I rather not have to restore
-
@3246 have you seen https://docs.cloudron.io/apps/openvpn/#custom-dns-server already? You just have to set the OpenVPN DNS to Adguard home .
-
@girish yup
It's pointing to my public IP. Should it be an internal one?I want to lock down the DNS, so I can avoid Hetzner's abuse warnings and keep non-family traffic out
-
@3246 Pointing to the public IP is correct... For the locking down of DNS, does Hetzner have a Cloud firewall or equivalent ? Maybe you can white list access to port 53 by IP?
-
@girish thanks. Yes, it was actually easier than my mind made it out to be! I just opened the ports I needed and set 53 only for the networks I wanted.
