Hardware: BananaPi Internet access: ethernet at home YunoHost version:
yunohost: 2.7.12
yunohost-admin: 2.7.12
moulinette: 2.7.12
ssowat: 2.7.12 Have you personalized your yunohost with some specifics configurations or do you use only the yunohost cli/webadmin tool ? basic
Description of my problem
I’m using YunoHost 2.7.12 on a BananaPi. I’m using a FRITZ!Box 7490 as my router at home. I’would like to access YunoHost only via VPN (provided by FRITZ!Box) or on my local (W)LAN, i.e. I don’t want to open any ports (443, 22) on my router if possible.
I also registered at DynDNS services desec.io, so let’s say my DynDNS name is myname.dedyn.io. I update myname.dedyn.io through the FRITZ!Box and also use myname.dedyn.io as the default domain on the YunoHost and all apps use this domain. I also added myname.dedyn.io as exception to the router’s DNS Rebind protection.
My problem is that I cannot access YunoHost with myname.dedyn.io from my (W)LAN, neither locally nor through VPN. I can access through the IP address though, but that is not what I want because SSO does not work properly without using the domain name. If I open port 443 it works of course.
Any ideas how I can make my YunoHost accessible through its DynDNS name on my (W)LAN? Editing hosts files would be a bad option, because I would need to configure every client separately.
Do you mean lease time regarding to DHCP? This is set to 10 days (default). Not sure how editing this would help in any way, because I set the IP address fixed for the BananaPi/YunoHost.
Hm It’s not entirely clear to me what’s your setup … (especially the VPN part ?)
If I understand correctly, you have something like this ?
VPN <---> BananaPi
Internet <---> Fritz!Box <----> Other device (e.g. laptop)
<----> Other device (e.g. smartphone)
and I assume that your domain name myname.dedyn.io points to your VPN’s IP ?
Anyway I’m not sure to understand how you would expect the setup to work with a closed 443 (and others) port… At some point, packets arriving at your Fritz!boxed needs to be transmitted to your BananaPi ?
The way web browser works is precisely to establish a communication on port 80/443 with the server you are trying to contact, so this port needs to be opened somewhere, otherwise it just means that you don’t want to be contacted on this port
Let’s reduce the complexity of my question a bit and leave the VPN part out for the moment.
The setup in my LAN is as follows:
Router (192.168.178.1)
BananaPi/YunoHost (192.168.178.28)
PC (192.168.178.24)
From the PC I cannot access the YH with it’s domain name (myname.dedyn.io), only with its IP. But to my understanding this should be possible once I added the domain name to the router’s DNS Rebind protection exception list (which I did).
So it is only about a client-server connection within my private LAN, hence no ports need to be opened on my router. Or do I have a fundamental misunderstanding here?
Do you mean with “custom dns” a solution like this?
No, haven’t tried yet. Btw, in the meantime I learned that it seems not to be possible to point a FQDN (like mydomain.dedyn.io) to an internal IP address with the FRITZ!Box 7490. And it doesn’t support editing the DNS like it is described here: https://yunohost.org/#/dns_local_network_en
mr_smithers, thanks for the two links. The second one looks particularly interesting, I’ll try that approach.
Currently my setup is working with edited /etc/hosts on the clients, but I think about setting up a custom DNS with pi-hole.
Thanks for your help!
