Hardware: Old laptop or computer (16gb RAM/2TB HDD) YunoHost version: 11.0.10.2 (stable) I have access to my server : Through SSH | through the webadmin Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
Description of my issue
I have the yunohost server up and running successfully and have installed Mastodon on it and everything works fine. I am using a nohost.me domain.
Before I put it live I’d like to be able to hide my IP address as supplied by my broadband provider ISP.
I cannot alter the DNS on my router as my ISP doesn’t allow this.
I cannot use a 3rd party router as my username/password is hardwired to the router they provide.
I cannot install a VPN on the router.
I cannot make my main PC a virtual hotspot and connect to that as my PC hardware does not support this.
As I understand it, Mastodon requires root domain access and therefore I assume this means I cannot install a VPN on the server too. Is that right?
What options (if any) do I have?
I am quite new to networking so please go easy
I also hope this is the correct category to post this topic. If it’s not, please tell me which category it should go in.
In fact you can. I’m not sure why the first part of you sentence implies the second. Two things :
Mastodon require a root domain but not necessarily your highest level domain. You can create a subdomain dedicated to mastodon. (I don’t know how that works out for .nohost.me though…)
Even is for some reason you cannot do, it would not prevent you from installing the VPN client on your server, so go for it ! It is directly configurable from the webadmin or the command line.
It does! I installed the VPN Client with seemingly no issues using Neutrinet but when trying to turn it on and config it, I get:
Starting YunoHost VPN Client....
[CRIT] You need a CA server (you can add it through the web admin)
ynh-vpnclient.service: Main process exited, code=exited, status=1/FAILURE
ynh-vpnclient.service: Failed with result 'exit-code'.
Failed to start YunoHost VPN Client..
Neutrinet provide you with a .ovpn file, plus two .crt files (one for server which I think is somehow causing the error and one for client) and a client key like so:
Yeah sorry I don’t know what’s wrong. But Neutrinet should be able to help you, since they provide internet cubes I think, they should have some expérience configuring their VPS with YUNOHOST.
i got the same error with my vpn as i claimed before on this thread:
its just doesn’t works anymore with the new version of the vpn on yunohost,
in the old version it was working well, now i am just using a native ways for connecting the server to the vpn with command line, no choice.
every vpn its different, and the reason for that is,
what vpn server is in use, wireguard or openvpn
then what protocol and other parameters are in use,
every vpn provider should have their own instructions for how to use their vpn on each different operating system, aside from the official apps they did make for that purpose.
but the best thing to do is just to ask your provider how to connect on debian with command line, just explain your situation.
Now, this is a general way to add an openvpn client on debian with command line, but that will require you to have all the vpn server details, otherwise there will be some options you will not know if to enable them or not, so again that requires you to ask your vpn provider,
For me, for example, because i have my own vpn server as well on my machine, so such a tutorial is important. but if you don’t have your own vpn server, you can skip it or for a general knowledge keep it somewhere,.
The old version of the vpn on yunohost was working as a charm for me before in old days, too bad it doesn’t work anymore as it used to.
I cannot alter the DNS on my router as my ISP doesn’t allow this.
DNS are not related to your ISP, they do provide their own dnsdns,ats right, but i dont understand what do you mean they will not allow to alter the dns,
do you mean by that you don’t have an option on your router?
in general they dont have a control, at dns you will use it all depends on your system,
in yunohost if you want to change the dns forwarder and encrypt the traffic you can use pihole for that,
I cannot use a 3rd party router as my username/password is hardwired to the router they provide.
if the username and password is integrated on the router’s interface without any ability to change it, I don’t see any reason why you will not be able to change that router to your own one, there are some cheap routers with many options available you can purchase and throw your ISP’s router through the window, which will provide you freedom and privacy,
the ISP must, and have to provide you the connection details otherwise you can change them as well to another provider, don’t tell me in your country nor any ISP will provide you username and password, you probably don’t live in north Korea, so to get the username and password for use in another router should be not a problem,
I cannot install a VPN on the router.
there is no router you can set a VPN connection exists, that possible only with WRT based routers which are extremely expansive and to my opinion useless due to that to use OPNsense will be much in sense,
I cannot make my main PC a virtual hotspot and connect to that as my PC hardware does not support this.
you probably did try to use your own hoc as a receiver, your wireless card already in use by your server to connect to the router so it cant be used as a spot,
or, you mean you are connected with ethernet and did try to use the wireless as a “hotspot” but it didn’t work for you, the reason and the solution is this:
not every wireless can be used as an access point, the same not every wireless can be used to hijack a router in penetration, to hack a router you will need a wireless what will support injection, and for an access point so called (hot spot) you need a dual RXD/TXD in a quad transcoding, which require an ECPT chip in it,
so for that you can purchase a cheap USB based wireless card on ebay and solve that problem,
As I understand it, Mastodon requires root domain access and therefore I assume this means I cannot install a VPN on the server too. Is that right?
you can install VPN and there is no connection or any relations to mastodon no any script what runs on the server.
@leraje
I almost forgot completely from the initial issue you were referring to,
= Before I put it live I’d like to be able to hide my IP address as supplied by my broadband provider ISP. =
you replied this to aleks:
Hide it generally - to prevent attacks, people knowing geographically where the server is located etc.
so the thing is this,
first your vpn provider need to provide you a port forwarding option, to the best i know there are no many vpn providers who will have such an option on their account management, in my case i do, here you can take a look on it how its look like,
that option is never free, its always cost, so i am in doubt your vpn provide port forwarding but you can ask them,
if they are not, you have nothing to do against this you cant use this vpn for your server casue all ports will be closed from the outside,
to your opinion “why to hide and use vpn”
i am doing security for a long time and you can be guaranteed,
once you will use vpn you will get attacks increased by 5000%
all the morons out there so called “hackers”, governments, agencies, police, testers who watch youtube how to use kali linux and feel like a hackers in their imagination, and a lot of idiots who tries to break your VPN provider will be redirected into your machine, and then you will the one who will need to deal with them, that’s the case with me, but for me, my server is behind 5 firewalls and many security steps being taken including some security modules and programs i wrote myself running inside the server and especially outside the server on my windows, as you probably already understand my yunohost is on virtual machine so i can defend it easier,
I don’t recommend you, or any other person who hosts their server in the first line to open ports and use a remote corporate vpn, unless you want to be under the whole world attack on a secondly basis.
There’s a lot to think about there, that’s for sure. I totally get your point about every script kiddie seeing a server behind a VPN as a challenge. I’m really not happy about my ISP and location details being freely available to everyone though.
Maybe I should consider a VPS. Pretty expensive though
there is no reason in the world you will consider a VPS if you have your own computer at home you have an internet access, that should be fine to host your own server,
its all depends what is the purpose of it all,
for me, for example, i found yunohost several years ago while i were looking how to make my own email server, that was the most important for me, once i realized that we are under surveillance by all techs, google, facebook, the govs, and we have 0 privacy, especially after the so called pandemic which i claimed straight from the beginning its all fake and they are just trying to control us, i deleted my facebook account, and i will never go back, i have my own email, my own chat apps, everything my own, yunohost is the one of the biggest gifts we got ever in humanity, not because its easier to use but because its important to have freedom and privacy,
all these apps around yunohost are really not the most important they are easy to install in other ways , the most important which are the most complicated is the mail server, and the matrix, and of course they provide you a free domain with privacy protection, that’s the hugest benefit of yunohost, its a like a dream for many people,
if you have this you have everything, if you want to host your own social network, that shouldn’t be a problem at all with your current situation, it really doesn’t matter if your ip isn’t hidden, your server is your own server that what is important,
begin from small and grow slowly,
do it to your budget, and slowly you will get more experience and knowledge + better hardware,
if you can invest a little bit money for a new router what will give you some flexibility, you don’t have to buy a new one from the shop though some are cheap, you can look in your local second hand website, some people sometimes sell crazy things in a crazy price, extremely cheap and you can save money, give it a shot look in your second hand website you might find something really good there, sometimes people don’t think about it, the instinct is straight running into checking in shops, which to my opinion there is no reason,
yesterday the whole day I tried to convert pihole into a Doh (DNS over https), but unsuccess,
but i did success to do finally is convert that into my main remote dns proxy, for my cellphone,
i use an app i found several days ago extremely crazy app that everybody should have in their phone, its called “Rethink”
what so special with this app? this app is not only a firewall its a combination of firewall + dns + traffic dumper + vpn all in one app,
for years i was looking a way to combine a vpn + firewall which are not possible by any way on android, once you activate a firewall, it will be impossible to activate a vpn, cause all of these apps, firewall, vpn, traffic analyzers, advertisements blockers, and so on and so forth, all of the do use the same way to operate, they are activating an local “vpn” network to their job, so once you enable a firewall you are not able to enable a vpn at the same time,
an so on,
so this Rethink can do all of these things in one app, which is completely crazy ,
it gives me the ability to change the DNS server with ip of my own so i did open port 53 for pihole, and because my ip is dynamic and can be changed i wrote a small php page just to know what my ip is any time, i converted that into an android app, if ever i need to change it i just open my app on my android to see what’s my server ip, copy it, and set it into Rethink, so all my traffic goes through my pihole from anywhere remotely, i can see all what i does on the cellphone is on my pihole query list,
blocking telemetry, a lot… of how i will call it, spies of google blocked and many other trackers, and so on, you should check that app,
and you should get into pihole,
once you have all these things you will not be worried about vpn and hiding your ip much,
i hope i gave you some ideas what will help you, so just to opinion begin from looking for a router in second hand website and from there things will be better,
if you want a vpn for your phone for free, and believe me, i mean believe me for reall better than your vpn provider, dont trust them too much they are a lot of telemetry and wierd things goes with all of these vpn providers, i dont trust mine much, i do analyze traffic on a regular basis with wireshark and i often sees things i don’t like, so i am not using the vpn much just in rare cases, i have a life time account, i don’t pay for it, because i purchased an account before the vpn company were established as a investor, so now i am using my own vpn server,
anyway you have Orbot for android and i think its available for iphone, you can download it here:
if you download a version of orbot that doesn’t works on your current android version, go back in time on the release page and find a version what will fit your phone just try several months back till you will find the one that works,
orbot can be download and used by Rethink as well but for me it doesnt works cause my phone is from 2017 and there are some compatibility issues with the latest orbot, so give it a try,
thats a Tor vpn completely free and stable,
Rethink looks awesome! I’m already using Orbot I also have GrapheneOS on my phone so I’m pretty happy with the mobile setup. I just wish Android supported more than one VPN connection, then I could have Orbot and Rethink both running.
As for Wireshark, it’s a great tool but what I’d really love is something like OpenSnitch that monitored all network traffic AND let me block it - so a combo of wireshark and OpenSnitch.
i think you didnt got me about rethink i didn’t explained well,
rethink use Orbot, you dont have to install orbot alone, you can, but there is an option on rethink to use orbot along, i don’t use it cause the latest orbot version cant be installed on my phone,
I just wish Android supported more than one VPN connection, then I could have Orbot and Rethink both running.
go to setting you will find the Orbot option on rethink:
while i did took screenshots to show you i had a small issue which i needed to reboot my phone then i discovered Orbot is now works!!! … all i needed is to reboot
i can use both too now
dont forget to install the “Ip” database so you have the country flags on the network logs besides all of the ips/dns requests, its somewhere just look for it.
I’m not an expert either. 
… all i needed is to reboot