I wasn’t sure if I should put this under support or here, but being cautious.
I have a yunohost hosted on RaspberryPi 4. My ISP is blocking most ports from looks of it. So I decided to use the vpn client. (I am using the test version as the release one doesn’t connect to my server for some reason)
I have an openvpn server (community edition) is hosted on a vps that I know allows has ports open. (I host a yunohost on a vps there with no problems)
I am completely confused as to how to forward the ports on server side. The vpn-server app seems to be very much abandoned, and I cannot tell how to adapt wireguard tutorial to my use case. Has anyone done this before or could offer some advice for a newbie?
I made this test on a server with 2 public IP : one for the server and another dedicated to the VPN CLIENT. The second one is called PUBLIC_IP_FROM_VPN_SERVER
Just 1 Public IP for all the server (and clients)
In this case i think the rules could be like:
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination PRIVATE_IP_OF_THE_CLIENT:443
iptables -A FORWARD -p tcp -d PRIVATE_IP_OF_THE_CLIENT --dport 443 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
Alright so unfortunately these commands somehow manages to block completely the internet connection of the yunohost (and anyone else connected to that VPN). I am not entirely sure why. However, thanks very much for taking the time to try to help
Also as a side note, based on what ljf wrote I also tried some of the postUp.sh commands from here that seems to be work a bit better, but I am beginning to run into the issue that all 443 traffic (including those that are going to other clients) also gets redirected. (I think)
To the risk of asking something stupid, is this supposed to happen?
I think part of the issue is that I don’t understand what my setup is enough to explain (I set up my vpn with the help of angristan’s github script) or to know what to share to help explaining.
Your comment did help through, enough to help me narrow down what I need to look into. So again, thanks
I am in a similar situation as you. We should collaborate, In the end, I will write up the documentation that is missing. I setup my VPS with OpenVPN for a layer of obscurity and protection that many people should like to use.
Sorry to get back so late. Maybe you have made progress since then. I think the problem I had was with the firewall configuration on the server. Then I realized that Wireguard client is now available in Yunohost apps. So I am doing that now. I am learning as I go but will document what I learn here .
If you want to use OpenVPN install the OpenVPN Access server on your VPS so you can access your Yunohost behing a restrictive firewall. It’s very easy to accomplish what you need. I did this a while ago.
the problem is that not everyone’s use case fits that. Open access is not entirely free for example (unless I am mistaken). Still thanks for the suggestion.
Bithost I too got distracted with other work. California evening time is unfortunately very late night for me, but I will check the written progress and share here when I have a chance to test things
