Hardware: Raspberry Pi 4 (4gb) at home YunoHost version: 11.1.21.4 (stable) I have access to my server : Through SSH | through the webadmin Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no If yes, please explain: n.a If your request is related to an app, specify its name and version: ZeroTier 1.10.6~ynh1
Description of my issue
Hello, once again dear ZeroTier Wizards,
I have either a question about how to set up my ZeroTier network + devices in order to access my e.g. Nextcloud subdomain (or at least ZeroTier-IP/Nextcloud) from my phone when not in LAN,
In the end after setting up port forwarding from the LAN member and modifying iptables it guides to install iptables-persistent.
However until execution this package does not like other yunohost packages as I have received following query:
The following additional packages will be installed:
netfilter-persistent
The following packages will be REMOVED:
yunohost yunohost-admin
The following NEW packages will be installed:
iptables-persistent netfilter-persistent
WARNING: The following essential packages will be removed.
This should NOT be done unless you know exactly what you are doing!
yunohost
0 upgraded, 2 newly installed, 2 to remove and 0 not upgraded.
Need to get 23.4 kB of archives.
After this operation, 13.5 MB disk space will be freed.
You are about to do something potentially harmful.
To continue type in the phrase 'Yes, do as I say!'
?]
Abort.
I have not been digging into the iptables-persistent manual as I think there is probably an easier solution to set up ZeroTier with Yunohost as I have intended.
This will never work in the context of YunoHost. Apps can only be accessed from a domain or subdomain.
Oh wow stop indeed, that’s too hacky for YunoHost.
Simple solution
If you only try to access Nextcloud from your local network, or from outside always via ZeroTier, then consider installing Nextcloud on a .local domain. .local domains are well broadcast through ZeroTier.
this would make it necessary to direct ZeroTier to the Yunohost’s DNS server right?
I am also fine with this however I was yet not able to make it work with the subdomains since the IP behind the subdomain is different in the Zerotier network? (Pardon my naivity if thats bullshit)
consider installing Nextcloud on a .local domain
wouldnt this corrupt my Yunohost web interface links? or at least mess with younohost DNS capabilities?
If only your server “knows” what’s its IP address and the domains and subdomains it uses, then yeah, it needs to become a DNS server for your VPN.
Nah indeed, we will need to tweak dnsmasq, cf. below, to be active on the ZeroTier interface and to return a different IP address for that interface.
Absolutely not, if you use your server like I described earlier you wouldn’t need DNS, since .local domains are broadcast via mDNS. The tiles would link to whatever.local, or nextcloud.local and the broadcast IP addresses would vary upon the network you are on. (our magic happens there)
Advanced solution
If you want to use a custom domain or subdomain, let’s make your server a DNS server for your ZeroTier clients.
Check ZeroTier’s interface name and your server’s ZeroTier IP address with ip -br a. Mine are zt3jnskpna and 10.0.0.1, respectively
Create a new file for dnsmasq: sudo nano /etc/dnsmasq.d/zerotier. Copy and alter accordingly the following. titus.home.arpa will be the domain onto which Nextcloud is installed on the server.
On your ZeroTier clients, setup Custom DNS with your server’s ZeroTier IP address 10.0.0.1. I put an open resolver as secondary DNS server and left IPv6 ones empty.
Sorry for late reply, I did not find time to look into your guide.
Thanks for providing detailed instructions, I really appreciate the help here.
I tried at first the
Simple solution
however without the dnsmasq.d file it was not working.
Anyway using the Advanced solution you proposed I was able to connect to my nextcloud subdomain via ZeroTier.
I have tried it at first connecting my Android phone via the unofficial Zerotier client but I assume the allow DNS functionality is not included in this one (which is necessary, as mentioned in the ZeroTier knowledge base).
The official ZeroTier client (load via Aurora Store) allows this functionality and is therefore working.
The only thing I observed was that I have to disconnect and reconnect with the ZeroTier client once in a while when changing the “access method” to reach the Nextcloud subdomain.
As I have tested to reach my Nextcloud subdomain via my phone browser - I got to the Nextcloud login screen.
Then when I wanted to also configure the subdomain in the Nextcloud client the app gave me either “malfunctioned server” error or was not able to set up a connection.
Only a dis-/ reconnect resolved this and I was able to configure the Nextcloud client.
I do not know if this is an ZeroTier issue. But I am fine for now.
