What type of hardware are you using: Raspberry Pi 3, 4+ What YunoHost version are you running: YunoHost 12.1.39 (stable) How are you able to access your server: SSH
Describe your issue
Hi!
I have two problems:
I get diagnostics on
Port ** is not reachable from the outside in IPv6.
Domain ******.nohost.me appears unreachable through HTTP from outside the local network in IPv6, though it works in IPv4.
I think is a problem with my internet provider cause I tried to configure it several times. I’m going by the way through a VPN tunnel.
In general I don’t really know what implies, and also, should I ignore the problem to install the Lets Encrypt certificates?
Also, this is worrying me:
There’s been a suspiciously high number of authentication failures recently. You may want to make sure that fail2ban is running and is correctly configured, or use a custom port for SSH as explained in ***
Don’t understand how I can fix this one too.
Thank you so much for your work, I’m running YUNOHOST since some months and besides this warnings is working everything amazingly and I’m so happy to be much more autonomous on Internet <3
This is usual when you internet service provider box is not configured to allow incoming traffic in IPv6. IPv4 is legacy so it is commonly documented, while ipv6 is often left behind. Setting Ipv6 is a matter of activating a firewall in your box to accept incoming connections on various ports.
In your case you have a VPN so you might want to see with your VPN provider if it supports Ipv6 and how.
here’s been a suspiciously high number of authentication failures recently. You may want to make sure that fail2ban is running and is correctly configured, or use a custom port for SSH as explained in ***
Using SSH on default port 22 expose it to more tentatives than on another port.
This is usual to have many failes attempts on ssh when keeping this port. fail2ban is already setup. So this is not that worysome, still it is far better to not be poluted by using a non standard port.
When doing so you will have to specify the port whenever your will have to connect through ssh. Since you are using a VPN your host is not externally firewalled in and then fully contactable though its VPN public ip, then changing ssh port won’t require external adaptation, unless you want to expose it from your ISP box.
Please take a look at yunohsot documentation for SSH custom Port topic :
should I ignore the problem to install the Lets Encrypt certificates?
If you provide any service accessible from outside, your certainly will need a valid certificate. : Certificate | Yunohost
You should not require user to accept a certificate that is reporting a selfsigned yunohost.org. In normal conditions letencrypt should work, especially if you are using nohost.me like domain ( Nohost.me domains | Yunohost ).
If you operate your own domain you will have to set it correctly in your DNS. To get letsencrypt working port 80 should be contactable with your domain name.
For the ipv6 issue, go to the webadmin >tools >YunoHost settings >others >network > IP versions to consider for DNS configuration and diagnosis> set it to ipv4 only
For the ssh issue, go to the security tab on the same page and change the ssh port to a random port number of your choice
I had a similar hiccup once and it turned out my box was silently blocking IPv6 while IPv4 was wide open, so checking the ISP dashboard saved me a lot of head scratching. For the SSH noise, switching to a non default port cut the logs down to almost nothing on my side. For Let’s Encrypt, as long as ports 80 and 443 reach your server directly, the certs usually sort themselves out.