How to make AdGuard only accessible via VPN and or private network

3246

Hello folks.

I'm struggling with understanding how to lock down AdGuard to only allow clients via VPN or from permitted networks or even clients.

I found a helpful guide here but not sure how to implement it on a Cloudron box hosted in a DC (Hetzner VM in my case):

https://github.com/trinib/AdGuard-WireGuard-Unbound-DNScrypt/discussions/43

I don't want to brick my server as it's running important services I rather not have to restore

girish

@3246 have you seen https://docs.cloudron.io/apps/openvpn/#custom-dns-server already? You just have to set the OpenVPN DNS to Adguard home .

3246

@girish yup It's pointing to my public IP. Should it be an internal one?

I want to lock down the DNS, so I can avoid Hetzner's abuse warnings and keep non-family traffic out

girish

@3246 Pointing to the public IP is correct... For the locking down of DNS, does Hetzner have a Cloud firewall or equivalent ? Maybe you can white list access to port 53 by IP?

3246

@girish thanks. Yes, it was actually easier than my mind made it out to be! I just opened the ports I needed and set 53 only for the networks I wanted.