AIO Ep12. Configuring "Tencent Edition" AdguardHome + Secure Home Tunnel on AC2100 OpenWRT

I’m planning another upgrade for my home server setup this summer. I’ll keep the full architecture of the machine a small mystery for now — let’s first tweak the router configuration and lay a solid network foundation.

Originally, I considered going full All-In-One by virtualizing the router on the same host. After some deliberation, though, I decided against it. Still, I’m trying my best to minimize coupling between the router and the server.

Secure VPN Tunnel

I took the lazy route and went with WireGuard instead of OpenVPN — mainly because routing rules are simpler, the feature set is sufficient, and it’s lightweight and stealthy, making it less prone to network attacks.

For security, I used TLS with a self-signed certificate. The WireGuard config is straightforward, so I won’t paste it here. For a comparison with other connection methods, check this out.

For IPv6 DDNS, I’m using https://github.com/jeessy2/ddns-go, which runs stably on the AC2100 without consuming too many resources.

“Tencent Cloud” Version of AdguardHome

AdguardHome https://openwrt.org/docs/guide-user/services/dns/adguard-home is probably familiar to many.

I installed AdguardHome mainly to log internal network domain queries, block malicious and ad-serving domains, and prevent potential ISP-level DNS hijacking.

However, the AC2100’s legacy mt7621 CPU struggles to run AdguardHome smoothly — it often gets killed by OOM (Out of Memory). I didn’t want to move AdguardHome to my main server either, since that would mean my home network goes down whenever the server is offline, increasing unwanted coupling.

There’s an online AdguardHome-like service provided by Adguard DNS at https://adguard-dns.io/zh_cn/welcome.html, but DNS over TLS/HTTPS is heavily interfered with in mainland China, making it practically unusable.

Eventually, I found a decent alternative: Tencent Cloud’s Public DNS — https://console.dnspod.cn/publicdns/config.

This public resolver offers nearly identical functionality to AdguardHome, supports DNS over TLS/HTTPS within China, and provides three million free queries per month.

DnsPod

By installing SmartDNS on OpenWRT and setting the Public DNS addresses as the sole upstream servers, I can route all device DNS queries through it — achieving functionality very close to AdguardHome.

SmartDNS

This perfectly solves the performance issue, and the free quota is more than enough for typical usage.

p.s. Regarding privacy: Tencent Cloud’s service requires real-name verification, meaning your personal identity is directly linked to your DNS queries. If that concerns you, self-hosting AdguardHome might be a better choice. Personally, I route my own proxy traffic through a separate DNS, and most other household queries are for domestic websites — so I’m not too worried about data privacy in this case.