[SOLVED] Trying to use a vpn

unmy · April 1, 2022, 10:16pm

Hardware: VPS bought online ( Contabo )
YunoHost version: 4.3.6.2
I have access to my server : Through SSH | through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

all i wanted to do was to start using a vpn and i thought it was something i could’ve done though my yunohost server, but i clearly don’t know what i’m doing.

i’ve installed Wireguard, created a client and downloaded the .conf file.

then, i’ve installed VPNClient which i wanted to setup with the freshly downloaded .con file, but this error occured:

Starting YunoHost VPN Client....
[CRIT] You need a CA server (you can add it through the web admin)
ynh-vpnclient.service: Main process exited, code=exited, status=1/FAILURE
ynh-vpnclient.service: Failed with result 'exit-code'.
Failed to start YunoHost VPN Client..

i thought that Neutrinet had something to do with this certificate, but i was clearly wrong since it doesn’t even get installed.

can anyone help me?

arkadi · April 2, 2022, 5:24am

So to be clear, you installed Yunohost and Wireguard on your VPS.

You want to connect to this Yunohost/Wireguard VPS (A) from another machine (B)?

You can just use Wireguard.
Download the *.conf file to machine B.
Move it to /etc/wireguard/.
Run ‘sudo wg-quick up wg0.conf’ to connect to Yunohost A.
Your Yunohost A VPS is your own VPN. You connect machine B to A to route traffic through that.

I believe VPN Client app is to connect the Yunohost server to an OpenVPN server.

unmy · April 2, 2022, 6:48am

thank you very much for your help (also in clarifying what i want and need lol).

so, i was following your steps, but i got a problem with this one

and the error showing up is

root@mms:/etc/wireguard# scp /home/mms/Desktop/um.conf admin@mms.nohost.me:.
ssh: connect to host mms.nohost.me port 22: Connection refused
lost connection

i checked the port in the firewall section and everything seems fine, i anything there’s a problem with the 8095.

arkadi · April 2, 2022, 11:27am

I’m not sure what you did. It looks like you tried to send the Wireguard .conf file to your Yunohost machine. That’s not what you want, I think. Yunohost should be fine with Wireguard if you

First check that Wireguard on Yunohost works. Make another profile at wireguard.mms.nothost.me (or wherever you installed the Wireguard UI) . Try to connect to it with your phone.
Confirm your phone can connect to Wireguard on Yunohost. Did it make a handshake? You can check for the handshake in the Wireguard app. Also you can login to Yunohost and check if it connected with sudo wg
If wireguard isn’t working. Check if the port (the endpoint) is open on Yunohost. Try sudo yunohost firewall list to see your open ports. It should be port 8095 in most setups.
When Wireguard works for sure, then on your laptop (machine B) copy the .conf file to /etc/wireguard. You will need to be root to do this.
On machine B, connect with Wireguard to Yunohost (machine A).

Hope that is more clear.

unmy · April 2, 2022, 8:32pm

it doesn’t work from phone.
when i do sudo wg, i get this result interface:

wg0
  public key: D/9oDqbrllnlbQKDSwENTzwMWSABnMU/SX8e6H36J1g=
  private key: (hidden)
  listening port: 8095

peer: XvGEpPmAwzwLluCQB/d03aUZ4eU3odYdFZTpxw5RnRE=
  preshared key: (hidden)
  allowed ips: 10.10.10.1/32, fd42::1/128

i do sudo yunohost firewall list and port 8095 is listed, however, on diagnosis, this is my only error:

Port 8095 is not reachable from outside.

Exposing this port is needed for [?] features (service wg-quick@wg0)

To fix this issue, you most probably need to configure port forwarding on your internet router as described in Configure port-forwarding | Yunohost Documentation

i did this anyway in the meantime, is it wrong?
how would i do that?

arkadi · April 3, 2022, 12:32am

Ok so now you need to troubleshoot this.
It’s not working. It should show something like this if a peer is connected to your Yunohost computer A.

peer: [peerkeyhere]
  preshared key: (hidden)
  endpoint: 192.168.0.1:45465
  allowed ips: 10.10.10.1/32, fd42::1/128
  latest handshake: 21 seconds ago
  transfer: 563.25 MiB received, 7.83 GiB sent

Ignore that message. I have that and mine works fine. This is a known issue with diagnosis for Wireguard.
Wireguard is tricky to diagnose what’s wrong.

Troubleshooting:
(things you can try)

T1. Check the wireguard service logs. Any strange things there?
sudo journalctl -u wg-quick@wg0

T2. If there isn’t anything there, try restarting the wireguard service. Working now? Try to connect with your phone to Yunohost A.
sudo yunohost service restart wg-quick@wg0

T3. You need to check the configuration files.
What does /etc/wireguard/wg0.conf from Yunohost A look like? (redact private information)
What does your machine B .conf file look like? (redact private information)

T4. Maybe try uninstalling and reinstalling Wireguard? It’s a mysterious thing but sometimes after I update it with Yunohost it doesn’t work, and I have to start fresh every 6 months or so. I hope it works with T1 or T2. Or maybe somebody here can see something wrong with your configuration with info from T3.

unmy · April 3, 2022, 8:47am

that’a relief

anyway, while trying your troubleshooting, i realised i didn’t copy the .conf file in my machine. i did that and now i can start running wireguard using the command sudo wg-quick up ${CONF_FILE}.

it works on my phone as well btw.

do you know if there’s any command to make wireguard start automatically when the machine turns on?

arkadi · April 3, 2022, 12:48pm

Glad to hear it!

This should get you sorted.

system · April 18, 2022, 12:49pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.