Hardware: Cloud VPS YunoHost version: 4.2.6 I have access to my server : SSH, webmin, virtual console Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : yes If yes, please explain: My provider only allows specific DNS servers so I had to add them to resolv.dnsmasq.conf
Description of my issue
The “Internet connectivity” diagnostic fails with “The server does not seem to be connected to the Internet at all!?” As a result no other Internet-related diagnostics are performed and I am unable to create LetsEncrypt certs.
As I mentioned above, my provider only allows their own DNS servers, so I had to update resolv.dnsmasq.conf accordingly. However, after making this change, connectivity and internet both inbound and outbound appear to be working as expected, so I’m not sure why this error is being generated.
If the diagnostic relies on a ping test, that might be why it’s failing, as my provider blocks ICMP.
I’m not really sure how to troubleshoot further or which logs might be helpful, but I’m happy to provide additional information as required.
I already had similar case with forced DNS resolver from VM providers (in an university). I am writting a tuto about this kind of context.
Are you with a public internet provider or is it an organization network ? In which country ?
To support your usecase about ICMP, we need to make some change in our way to test connectivity. As it’s the first time someone ask for this, we need to discuss this usecase.
On your side, if you want to fix it, you have several solutions:
Ask your provider for allowing outgoing ICMP
Change of ISP
Install a VPN with a dedicated public IP (and install it with vpnclient_ynh app (see in yunohost app list)
Thanks for the reply. It’s through coin.host, a swiss VPS provider. I inquired with them and they told me they block ICMP as part of their DDoS protection – valid, I guess, but suboptimal. Nevertheless, they won’t open the ports for me. Neither can I change providers as I’ve just paid for another year.
I should be able to make the specific test function just return true, if the VPN option doesn’t work for me. If the other sub-tests don’t rely on ICMP (and I assume they don’t), perhaps the appropriate change would be if the basic internet connectivity test is “ignored” then treat it as passed so the other tests can proceed as normal. Alternatively, a setting telling the service that ICMP is blocked and having it perform an alternate test (curl yunohost.org/testfile, e.g.) would be nice, but presumably a bigger change.
Providers that block ICMP aren’t super common but I’ve come across them a few times, so accounting for that circumstance would be prudent.
Modified the hooks/diagnostic/10-ip.py file by changing can_ping_ipv4 to True, and now the cli diagnostic passes and moves on to DNS but the gui version still fails with no connectivity detected. No idea why this is, either the cli and gui use different code or it’s gremlins, whatever. Tried the VPN option but couldn’t get the integrated VPN to, y’know, work.
I would sure like to know why the cli and gui diagnostics return different results but that’s more a curiosity thing and I guess there’s nothing preventing me from checking through the code myself. Been meaning to learn python anyway.