Help using Wireguard or Headscale for a VPN on yunohost

wbk · March 1, 2024, 10:34pm

Ah, great The industry isn’t called “Informationoverload & missCommunication Technology” without a reason.

How do you mean, gets cut off?

unable to reach it via SSH / webadmin (via the LAN)?
unable to ping sites on the internet while connected with keyboard / monitor?

The first case could ‘just’ mean that there is no LAN traffic, with the Wireguard tunnel still intact. Still inconvenient, as long as SSH/webadmin via LAN is your only access

Depending on the OS on your VPS, it will default to having no firewall installed and all ports open (just with nothing listening on it, so no open ports in effect)

Depending on the configuration of Wireguard, it will listen on zero or more ports.

Looking into the issue, I think I might have omitted a point in my list above

With help of @rungeard 's thread:

Homemade WireGuard VPN on a VPS server

Allow forwarding of IPV4 and IPV6 packets

sudo nano /etc/sysctl.conf
# Uncomment the following lines:
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
# Save and quit (CTRL+O, CTRL+X)
sudo sysctl -p

This bit is necessary to allow the forwarding of traffic (else the tunnel will only allow traffic originating at Yunohost to go to the VPS, or originating at the VPS to go to Yunohost, but not traffic coming in from the internet via the VPS through the tunnel).

Sorry for that!