Ok, I started WireGuard on both sides, but Yunohost appears to be offline.
I opened the suggested ports in the ionos firewall settings.
I entered the IPs of the VPS.
I can access my yunohost via the web interface and via ssh.
But there’s a timeout when I ping 8.8.8.8, and in the yunohost diagnostics it says it is not connected to the internet.
peer: XypWafYsppYXQfedVJcNA1OkO9hUKO6IjAXLS3AOVjc=
endpoint: [::1]:51820
allowed ips: 0.0.0.0/0, ::/0
transfer: 0 B received, 148 B sent
persistent keepalive: every 25 seconds
journalctl -xeu wg-quick@wg0.service
– Subject: A start job for unit wg-quick@wg0.service has begun execution
– Defined-By: systemd
– Support: Debian -- User Support
–
– A start job for unit wg-quick@wg0.service has begun execution.
–
– The job identifier is 1043.
Apr 03 10:46:41 ze.noho.st wg-quick[3521]: [#] ip link add wg0 type wireguard
Apr 03 10:46:41 ze.noho.st wg-quick[3521]: [#] wg setconf wg0 /dev/fd/63
Apr 03 10:46:41 ze.noho.st wg-quick[3521]: [#] ip -4 address add 10.6.0.2/24 dev wg0
Apr 03 10:46:41 ze.noho.st wg-quick[3521]: [#] ip -6 address add fd42:42:42::2/64 dev wg0
Apr 03 10:46:41 ze.noho.st wg-quick[3521]: [#] ip link set mtu 65456 up dev wg0
Apr 03 10:46:41 ze.noho.st wg-quick[3521]: [#] resolvconf -a tun.wg0 -m 0 -x
Apr 03 10:46:41 ze.noho.st wg-quick[3521]: [#] wg set wg0 fwmark 51820
Apr 03 10:46:41 ze.noho.st wg-quick[3521]: [#] ip -6 route add ::/0 dev wg0 table 51820
Apr 03 10:46:41 ze.noho.st wg-quick[3521]: [#] ip -6 rule add not fwmark 51820 table 51820
Apr 03 10:46:41 ze.noho.st wg-quick[3521]: [#] ip -6 rule add table main suppress_prefixlength 0
Apr 03 10:46:41 ze.noho.st wg-quick[3521]: [#] ip6tables-restore -n
Apr 03 10:46:41 ze.noho.st wg-quick[3521]: [#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
Apr 03 10:46:41 ze.noho.st wg-quick[3521]: [#] ip -4 rule add not fwmark 51820 table 51820
Apr 03 10:46:41 ze.noho.st wg-quick[3521]: [#] ip -4 rule add table main suppress_prefixlength 0
Apr 03 10:46:42 ze.noho.st wg-quick[3521]: [#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
Apr 03 10:46:42 ze.noho.st wg-quick[3521]: [#] iptables-restore -n
Apr 03 10:46:42 ze.noho.st wg-quick[3521]: [#] bash /etc/wireguard/PostUp.sh
Apr 03 10:46:42 ze.noho.st systemd[1]: Started WireGuard via wg-quick(8) for wg0.
– Subject: A start job for unit wg-quick@wg0.service has finished successfully
Apr 03 08:45:37 localhost systemd[1]: Starting WireGuard via wg-quick(8) for wg0…
░░ Subject: A start job for unit wg-quick@wg0.service has begun execution
░░ Defined-By: systemd
░░ Support: Debian -- User Support
░░
░░ A start job for unit wg-quick@wg0.service has begun execution.
░░
░░ The job identifier is 1789.
Apr 03 08:45:37 localhost wg-quick[2387]: [#] ip link add wg0 type wireguard
Apr 03 08:45:37 localhost wg-quick[2387]: [#] wg setconf wg0 /dev/fd/63
Apr 03 08:45:37 localhost wg-quick[2387]: [#] ip -4 address add 10.6.0.1/24 dev wg0
Apr 03 08:45:37 localhost wg-quick[2387]: [#] ip -6 address add fd42:42:42::1/64 dev wg0
Apr 03 08:45:37 localhost wg-quick[2387]: [#] ip link set mtu 1420 up dev wg0
Apr 03 08:45:37 localhost wg-quick[2387]: [#] bash /etc/wireguard/PostUp.sh
Apr 03 08:45:37 localhost systemd[1]: Finished WireGuard via wg-quick(8) for wg0.
░░ Subject: A start job for unit wg-quick@wg0.service has finished successfully
Bonjour merci pour ce tuto qui le donne envie de passer à l’achat
Question
SI dans le cas d’autres utilisateurs souhaiteraient s’y connecter pour l’utiliser comme simple VPN tout en gardant les règles pour le yunohost quelle tête aurai le postup et postdown ?
yes it’s possible.
You generate on every client a private and a public key.
On the VPS you add to wg0.cong the line
### begin new client ###
[Peer]
PublicKey = [insert public key of the new client]
AllowedIPs = 10.6.0.X/32,fd42:42:42::X/128 #with X = 3 then 4, 5, etc
### end new client###
On the VPS you add to PostUp
iptables -t nat -A POSTROUTING -s 10.6.0.X -j SNAT --to [insert public IPV4 of the VPS];
iptables -A FORWARD -s 10.6.0.X -j ACCEPT;
ip6tables -t nat -A POSTROUTING -s fd42:42:42::X -j SNAT --to [insert public IPV6 of the VPS];
ip6tables -A FORWARD -s fd42:42:42::X -j ACCEPT;
On the VPS you add to PostDown
iptables -t nat -D POSTROUTING -s 10.6.0.X -j SNAT --to [insert public IPV4 of the VPS];
iptables -D FORWARD -s 10.6.0.X -j ACCEPT;
ip6tables -t nat -D POSTROUTING -s fd42:42:42::X -j SNAT --to [insert public IPV6 of the VPS];
ip6tables -D FORWARD -s fd42:42:42::X -j ACCEPT;
wg0 of the new client
[Interface]
PrivateKey = [insert private key of the new client]
Address = 10.6.0.X/24, fd42:42:42::X/64
# choose your DNS - for instance FDN DNS resolver
DNS = 80.67.169.12, 2001:910:800::12
[Peer]
PublicKey = [insert public key of the VPS]
Endpoint = [insert your domain name (link to the ips of the VPS server)]:51820
AllowedIPs = 0.0.0.0/0, ::0/0
PersistentKeepalive = 25
Don’t forget to replace X with 3 then 4,5,6, etc everywhere
Enfin j’ai déjà wireguard à la maison en tant que serveur et je fais passer quelque client. Donc j’ai vraiment une configuration de base avec
J’aimerai faire évoluer tout ça en faisant passer plus de chose dans les tuyaux.
Je vais essayer en partant de zéro avec les clients (ce que je sais faire a peu près) et je rajouterai ta config.
de mémoire certains ports dont le 25 nécessite un appel au service client par téléphone pour être ouvert, on ne peut pas le faire directement sur l’interface web.