Set Up DNS-over-HTTPS on TP-Link Omada with AdGuard

I finally got DNS-over-HTTPS (DoH) working with Cloudron AdGuard Home. The key issue is that AdGuard Home will not accept connections on the encrypted DNS port until you add an IP address or Client ID to the Allowed Clients list. In this guide I use a Client ID. Follow the steps below to configure DoH on your TP-Link Omada controller with AdGuard Home as your upstream DNS resolver.

What Are Client IDs?

AdGuard Home supports Client IDs as a way to identify devices or services that are allowed to use its encrypted DNS endpoints. DNS-over-HTTPS is especially useful on internal networks when you already hold a wildcard TLS certificate, because every client can reach the resolver over a secure, authenticated channel.

Step 1 — Add a Client ID in AdGuard Home

Open AdGuard Home and sign in to your admin account. Navigate to Settings → DNS Settings and locate the Allowed Clients field. Enter the Client ID you want to use for your Omada controller — in this example the ID is laketapp (a nickname for the store). Click Save when finished.

AdGuard Home DNS Settings page showing the Allowed Clients field with the Client ID 'laketapp' entered

AdGuard Home Allowed Clients list saved with the 'laketapp' Client ID

Step 2 — Log In to the TP-Link Omada Controller

Open the TP-Link Omada Controller web GUI and log in with your admin credentials. Select the site (location) where you want to enable DNS-over-HTTPS.

Step 3 — Navigate to Services → DNS Proxy

In the left-hand navigation panel, click Services, then select DNS Proxy. Enable the DNS Proxy toggle, choose DoH (DNS-over-HTTPS) as the protocol, and enter your AdGuard Home DoH server URL. In this example the URL is:

https://laketapp.dns195.richardapplegate.io

The Client ID (laketapp) is embedded in the subdomain, which is how AdGuard Home identifies and authorises the request.

TP-Link Omada DNS Proxy settings page with DoH enabled and the AdGuard Home DoH URL configured

Step 4 — Verify Queries Are Reaching AdGuard Home

Return to the AdGuard Home dashboard and open the Query Log. You should immediately see queries appearing from your Omada router, confirming that all DNS traffic is now flowing through AdGuard Home over an encrypted DoH connection.

AdGuard Home Query Log showing DNS queries arriving from the Omada router

Your TP-Link Omada router is now communicating with your self-hosted AdGuard Home DNS server over an encrypted, authenticated DoH connection.

Set Up DNS-over-HTTPS on TP-Link Omada with AdGuard

What Are Client IDs?

Step 1 — Add a Client ID in AdGuard Home

Step 2 — Log In to the TP-Link Omada Controller

Step 3 — Navigate to Services → DNS Proxy

Step 4 — Verify Queries Are Reaching AdGuard Home

Comments

Leave a Reply Cancel reply

More posts

How to Fix VMware Module Errors When Secure Boot Is Enabled on Linux

Watchtower Fork: Fixing Abandoned Docker Auto-Update Tool

Install Docker & Docker Compose on Ubuntu 24.04

Speed Up AppImages on Ubuntu: GPU Acceleration Guide

T7 GSC Injector Black Ops 3 GoldHEN PS4 Guide