Yes @rungeard I know that there is no VPN provider. I was asking if by installing wireguard in the VPS somehow this can play the role of our own VPN provider instead of using lets say express vpn or mullvad or any other provider.
Hi,
Im trying this but still no luck, a bit frustrating but interesting!
My first two questions:
- How to disable ip6 in best way?
- Im confused on the VPS interface setting? (and I missed it for many hours
)
iface ens192 inet static
address [my static ip-address on VPS]
netmask 255.255.255.0
gateway [which one is this?]
I have connection on between VPS and YH but no access - “The server does not seem to be connected to the Internet at all!?”
VPS is hetzner.com
On the YunoHost Side just ignore the diagnosis message aout ipv6
On both side, don’t take into account every command or line with a 6 on it (inet6, ipv6, ip6tables, etc) or any ipv6 related things (for instance replace Address = 10.6.0.2/24, fd42:42:42::2/64 with Address = 10.6.0.2/24)
This settings should be given to you by you VPS provider. If you only use ipv4, you can try to use DHCP (replace ens192 with the name of your network interface) :
# The loopback network interface
auto lo
iface lo inet loopback
auto ens192
# IPV4 Setup
iface ens192 inet dhcp
Are you sure about your internet connexion on the VPS side, try ping 8.8.8.8 ?
Hope it will solve your troubles !
1 Like
Thanks rungeard!
I can ping 8.8.8.8 from the VPS and also over the WG network from both sides (and “wg show” is correct).
I think I found the gateway info, but no luck. Didnt work with DHCP either 
I also have connection to the internet from YH if I stop the WG interface.
Strange!
After an exchange of private messages we found the source of the problems. Be careful to replace ens192 by the name of your network interface (it can be found with ip addr). You should also be careful to set the ip addresses of the VPS before activating forwarding. Finally replace the [insert something] with the something in question (beware of quick copy and paste)!
For Hetzner the gateway info is here for information.
1 Like
2 Likes
There is an issue in the first rule of the postup? iGuess…
sudo nano /etc/wireguard/PostDown.sh MUST BE >>>> sudo nano /etc/wireguard/PostUp.sh
1 Like
You are right of course! An unfortunate mistake of copy and paste for sure! I corrected it in the initial post.
Could you please make an edit with the required ports?
I’m able to set a the reverse DNS for IPV4 with Ionos. Could you please check again
For the default YunoHost setup (with no app that required other port) it’s TCP ports
25 80 443 587 993 5222 5269 + the ssh port of the VPS + the ssh port of the YH server (client) +WireGuard UDP port 51820 in this case
I’m able too and it’s required. But I was talking about IPV6 not IPV4 in this mention. To be more specific, I can only setup the reverse DNS of one IPV6 address and not of the all /64 submask.
Hi.
I configured everything. The VPS runs Debian 11. I get this error:
peer@vps:~$ sudo systemctl start wg-quick@wg0
Job for wg-quick@wg0.service failed because the control process exited with error code.
See "systemctl status wg-quick@wg0.service" and "journalctl -xe" for details.
peer@vps:~$ systemctl status wg-quick@wg0.service
● wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0
Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sun 2022-02-20 00:47:50 CET; 3min 43s ago
Docs: man:wg-quick(8)
man:wg(8)
https://www.wireguard.com/
https://www.wireguard.com/quickstart/
https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
Process: 793 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=127)
Main PID: 793 (code=exited, status=127)
CPU: 62ms
Any suggestion on how to troubleshoot?
Thanks.
I need some more logs if you want me to help you !
What give
journalctl -xeu wg-quick@wg0.service
1 Like
Thank you @rungeard!
I feel embarrassed, I did not check the logs or did not read them properly. I clearly see now that my Debian 11 does not have iptables : o
I have tried to migrate your rules to nftables with iptables-translate (installing iptables-nftables-compat) but i don’t manage to make it work (I get the error Translation not implemented).
So now I was about to remove nftables and install iptables instead, but I think I will rather delete the whole VPS and get a Debian 10 from the provider.
2 Likes
Thank you
I have a vps at ionos (Debian 11) and a yunohost on a raspi (raspbian 10 an Curl install after wireguard).
I installed the WG Tunnel first and than yunohost.
Sometimes out of the blue it does not work. If I type in wg it shows the following.
wg on yunohost:
interface: wg0
public key: [public key YunoHost]
private key: (hidden)
listening port: 59697
fwmark: 0xca6c
peer: [public key vps]
endpoint: [ipv4vps]:51820
allowed ips: 0.0.0.0/0, ::/0
latest handshake: 30 seconds ago
transfer: 968.50 KiB received, 2.03 MiB sent
persistent keepalive: every 25 seconds
wg on vps shows:
interface: wg0
public key: [public key vps]
private key: (hidden)
listening port: 51820
peer: [public key YunoHost]
allowed ips: 10.6.0.2/32, fd42:42:42::2/128
Why is the YunoHost listening on a Port 59697?
Is it right that Wireguard is rewriting the wg0.conf on the vps?
Here follows the conf how it changed after the first tunneling. Problems were that it did not work with the domain just with the IP address. The wg0.conf in YunoHost did not change. One time it also added the IpAdress of the YunoHost Server to the wg0.conf
wg0.conf of vps
[Interface]
Address = 10.6.0.1/24
Address = fd42:42:42::1/64
SaveConfig = true
PostUp = bash /etc/wireguard/PostUp.sh
PostDown = bash /etc/wireguard/PostDown.sh
ListenPort = 51820
PrivateKey = [private key vps]
[Peer]
PublicKey = [public key of YunoHost]
AllowedIPs = 10.6.0.2/32, fd42:42:42::2/128
Could you elaborate ?
Because you do not set it up as a server but as a client so it keeps the default config. It’s normal.
No
Try to replace this with
Address = 10.6.0.1/24, fd42:42:42::1/64
It is not clear, often after a reboot. Wireguard puts in wg0.conf on vps an Endpoint with my private IP with another port when I delete this it works again, of course. I think for a stable version it is probably good to configure it as a client Server. What could I change for that?
Wireguard changes wg0.conf with this addresses again and again.
I now installed it again with the original img Before I tryed 64bit.
Except if you want to setup a Wireguard relay, a physical machine should be configured as a client or as a server. Not both. Moreover if I well understand your problem, it’s on the VPS side (wg0.conf being modified for no reason there). So let the YH wg0.conf as it is. It seems to be fine.
Reboot on which side VPS or YH ?
Endpoint is a configuration for a client. But your VPS is a server, this shouldn’t happen.
I have some difficulties sometime to understand if you are speaking of the YH or of the VPS side. If you want, you can send me in PM your two wg0.conf, PostUp and PostDown and I can check if everything looks good.
1 Like
Hello,
thanks for the guide and some feedback / questions:
Tip: ionos.fr is 1 € all time, while ionos.de is 2 € from the 7th month on, so if you can navigate a french website…
More explanation for a beginner like me:
- IPv6
Request an IPV6 address if necessary: For ionos.fr, this can be done via the UI by clicking on “Réseau → IP publique” where you can create an IPv6 address and assign it to your server.
Ionos also has a written guide up about that which I followed which is completely unnecessary (Adding a Public IPv4 and IPv6 Address to a Linux Server (Ubuntu and Debian) - IONOS Help)
- Configurer le VPS - configure the VPS
I needed to google how to find out Gateway and Netmask, would be nice to have that in the tutorial. I tried it like this and got some error, so please correct me:
# You can get the IPs and IPv4 netmask via
ifconfig
# The gateways can be obtained via these commands in the line starting with "default":
ip route
ip -6 route
# The IPv6 gateway depends on the length of your IPv6, if your IPv6 is 2001:a61:24b5:b2::/64, it will be ffff:ffff:ffff:ffff::
And then give an example for the /etc/network/interfaces file, e.g. what format the IPv6 stuff has.
I did something wrong and lost connection and ssh access with /etc/init.d/networking restart.
Edit: and maybe a section about “Requirements”, e.g.
- knowledge of IPv6 address format (so now finally I understand “::”, but probably require more knowledge of gateway, netmask, …): IPv6 - Address Types & Formats
This is a way to have it, but this is often a data written in the VPS provider doc.
For instance for ionos it’s always in ipv4 :
netmask 255.255.255.255
gateway 10.255.255.1
in ipv6:
netmask 64
gateway fe80::1
Note that I also wanted to make a guide that does not depend on the provider. That’s why I didn’t specify the specific actions for Ionos.
2 Likes