Par contre petit soucis.
Étant connecté au vpn, je ne peux accéder à YnH et utiliser tout ce qui va avec.
Par contre, une fois déco pas de soucis Oo.
Si tu veux de l’aide il va falloir être plus précis. As-tu aussi des logs à partager ?
Bonjour, désolé pour la réponse tardive
En fait je ne sais pas trop où te trouver des logs mais concrètement, lorsque je suis connecté en tant que client au vpn il est impossible d’accéder à yunohos de l’extérieur , en passant par l’URL habituel l’erreur que j’ai dans le navigateur est ERR_CONNECTION_REFUSED.
Voilou , ça doit être tout bête certainement.
Edit:
Je suis client de du VPN et je souhaite accéder depuis l’extérieur sur port 80 par exemple et c’est impossible.
Edit 2:
comme si tous les ports depuis l’exterieur étaient bloqués pour les clients.
Hi
i would like to add a Fileserver and a backupserver to this wireguard setting. Still using the vps as Server and 1. Yunohost 2. Fileserver 3. Backupserver as clients. Kommunikation between clients should be possible over IP Adress and ports and the funktionality of the yunohost server should stay.
Can anybody help with the config?
Greets mima
Thanks @rungeard for this tutorial.
I am thinking to re-localize at home my other Yunohost server with several applications (Synapse, Nextcloud, some Dokuwiki, etc.). I don’t have a fixed IP so I am looking at the possibility you offer to connect my home Yunohost server to my VPS Yunohost server in order to solve this issue.
I didn’t know a VPN could solve lack of fixed IP and I find it a really relevant solution, and even more when you took time to describe how to do it 
.
Maybe one day this will be integrated in Yunohost to help even more home based homeserver 
I have some basic question to be sure I understand your advises.
Currently I have a VPS at IONOS on which in installed Yunohost with only a Wireguard application (through Yunohost applications). I use it to connect mobile phone and computer on this VPN when on the move.
I understand that the main issue on my current VPS Yunohost is to configure port forwarding, and you do that with the files PostUp and Postdown.
So I need to create a new Wireguard client config for my Home Yunohost (the same when I create client config for my mobile phone or my computer) and then to tune my current Wireguard configuration on my VPS Yunohost with these two file, PostUp and Postdown, to guarantee correct port forwarding.
And then on my Home Yunohost, I need to install Wireguard as a client and to configure the client with information from the VPN Yunohost (local IP, server keys,…) and also to ensure correct port forwarding through VPN with two other files PostUp and Postdown.
Am I correct ?
But I understand I should also set properly the reverse DNS, and this I have no idea how to do it. Is this to be done on IONOS administration webpage, or a server config?
And finally, I understand I need to make additional tweaks for Matrix coturn to properly function, isn’t it ?
For Nextcloud, Dokuwiki or FreshRSS, no need additional tweak, am I correct?
Thanks again for your time and your advises 
Yes
Correct. You can try to use WiregGuard client App from @tituspijean for that (see [WireGuard Client] Call for testers). But you will need some PostUp and PostDown script in any case.
It should be setup on the IONOS administration webpage indeed.
Exactly !
Great, hundred thanks @rungeard for your answers
I feel confident to try it.
May I abuse of your kindness and give me some more details about the reverse DNS things.
I guess understand a little bit what this is about but I am not clear at all how to implement it. This is in the zone DNS of IONOS, isn’t it?
Could you give me a fake example I can use to adapt to my situation (on the same yunohost server : one domain and three subdomains of another domain and one IP)?
Hi @croulibri !
I don’t know how it looks in your langage, but in the french interface it looks like that :
Where a DNS record allows you to associate a domain to an IP, reverse DNS allows the opposite: to associate a domain to an IP address.
You can only associate one domain to a given IP address, in your case, you associate your domain linked to your mails to the IP address of your VPS at Ionos, because the reverse DNS is mainly used to avoid that your mails get considered as spam. If you also use the subdomains of the other domain to send mails, then theoretically you have to add an extra IP to your VPS for the domain concerned and set up the DNS and reverse DNS accordingly…
Thanks for this detailed information.
But I am not using Email and XMPP on my Yunohost home server (these services are stopped), so do I need reverse DNS for Synapse/Matrix, Nextcloud, FreshRSS, and some Dokuwiki ?
I have never set up reverse DNS on my server and I never face any problem with my current use, could this be different with this “VPN set up” ?
No I don’t think it makes any difference with a VPN setup. Reverse DNS is a nice feature but I don’t think in your case it is needed.
Fantastic, I’ll keep it simple, so.
A huge thanks for your advices, let’s do it now!
1 Like
Hello,
I am trying to implement this option (some month later…) so
(1)I have a Yunohost with Wireguard on Ionos VPS
(2) and I am installing a Home Yunohost with Wireguard at home. The idea is to benefit from the fix IP of IONOS VPS.
But I am lost how to connect to my Home Yunohost by SSH. If I do “ssh adminaccount@IONOS_IP” then I am connected to the Yunohost at Ionos VPS. So I am unable to connect by SSH to my home Yunohost during the installation (no domain so far). (of course I can do it directly with a keyboard and a screeen…)
Have I done something wrong?
Hi @croulibri !
The easiest way to SSH to your YH at home, if you are at home on the same local network is to use its local IP address. Indeed, your YH at home has at least two IPs:
- its local IP address (often in the form 192.168.X.X)
- a public IP address (eventually the one provided by Ionos)
So you can connect with SSH to YH at home with ssh adminaccount@local_ip.
If you are not at home, what I personally use is to have two different SSH ports, one associated to the Ionos server and not routed to the server at home, and one for the server at home, routed through the Ionos server. So I connect by doing ssh -p my_port adminaccount@IONOS_IP.
Another solution if you support IPV6 is to assign an extra ipV6 to this effect on the Ionos server which will only be used to connect to the server in SSH.
I hope to have answered your questions.
Hello, great job.
I finally managed to make it work.
I had to tweak the wg0.conf on the Yunohost side. I’m posting my solution in order to help others and to ask the community to help me understand.
The tutorial says that, on the ‘peer’ section the endpoint has to be specified with the domain name:
Endpoint = [insert your domain name (link to the ips of the VPS server)]:51820
So, I set it like this:
Endpoint = domain.tld:51820
In that way the client (Yunohost) was offline, unable to ping whatever.
After many attempts I modified the endpoint using the public IP of the VPS server:
Endpoint = xxx.xxx.xxx.xxx:51820
And finally it worked!
However I’d like to better understand, did I misunderstand the original instructions? Or maybe there is something wrong in my configuration?
1 Like
Hi @bionick !
I’m very happy that my tuto could help you and that you managed to make your setup work !
Concerning the problem you encountered, it could come from several places according to me :
- your YunoHost server could not resolve the domain (bad DNS configuration or DNS that did not have time to propagate)
- the domain was pointing to the wrong IP
- YunoHost was resolving the domain in IPV6 but your VPS had a bad IPV6 configuration
Only the analysis of the logs would allow to know what was not working and on which side.
I can confirm that using a domain in endpoint works without any problem on my side, even if setting the IP is quite effective too.
As a matter of fact your tutorial has been pure gold 
Of course it was, my Yunohost server was previously running directly connected from my home, so the domain was pointing to my home’s IP.
Thanks for your support.
1 Like
I don’t understand why we have to install the wireguard server on the YNH client ?
There is only one debian wireguard packet. It’s the same no matter if you want to configure a server or a client
1 Like
Hello I follow this guide but am aving some troubles with this comand: sudo systemctl start wg-quick@wg0.service
What could it be?
# sudo systemctl start wg-quick@wg0.service
Job for wg-quick@wg0.service failed because the control process exited with error code.
See "systemctl status wg-quick@wg0.service" and "journalctl -xe" for details.
root@napase:~# systemctl status wg-quick@wg0.service
● wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0
Loaded: loaded (/lib/systemd/system/wg-quick@.service; disabled; vendor preset: enabled)
Active: *failed* (Result: exit-code) since Wed 2023-12-06 14:44:43 UTC; 39s ago
Docs: man:wg-quick(8)
man:wg(8)
https://www.wireguard.com/
https://www.wireguard.com/quickstart/
https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
Process: 120 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=1/FAILURE)
Main PID: 120 (code=exited, status=1/FAILURE)
CPU: 34ms
Dec 06 14:44:43 napase systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Dec 06 14:44:43 napase wg-quick[120]: [#] ip link add wg0 type wireguard
Dec 06 14:44:43 napase wg-quick[120]: [#] wg setconf wg0 /dev/fd/63
Dec 06 14:44:43 napase wg-quick[130]: Key is not the correct length or format: `[insertprivatekeyoftheVPS]'
Dec 06 14:44:43 napase wg-quick[130]: Configuration parsing error
Dec 06 14:44:43 napase wg-quick[120]: [#] ip link delete dev wg0
Dec 06 14:44:43 napase systemd[1]: wg-quick@wg0.service: Main process exited, code=*exited, status=1/FAILURE*
Dec 06 14:44:43 napase systemd[1]: *wg-quick@wg0.service: Failed with result 'exit-code'.*
Dec 06 14:44:43 napase systemd[1]: *Failed to start WireGuard via wg-quick(8) for wg0.*
Did you replace [insertprivatekeyoftheVPS] with the private key of the VPS?