Hardware: VPS bought online ( Contabo ) YunoHost version: 18.104.22.168 I have access to my server : Through SSH | through the webadmin Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
all i wanted to do was to start using a vpn and i thought it was something i could’ve done though my yunohost server, but i clearly don’t know what i’m doing.
i’ve installed Wireguard, created a client and downloaded the .conf file.
then, i’ve installed VPNClient which i wanted to setup with the freshly downloaded .con file, but this error occured:
Starting YunoHost VPN Client....
[CRIT] You need a CA server (you can add it through the web admin)
ynh-vpnclient.service: Main process exited, code=exited, status=1/FAILURE
ynh-vpnclient.service: Failed with result 'exit-code'.
Failed to start YunoHost VPN Client..
i thought that Neutrinet had something to do with this certificate, but i was clearly wrong since it doesn’t even get installed.
So to be clear, you installed Yunohost and Wireguard on your VPS.
You want to connect to this Yunohost/Wireguard VPS (A) from another machine (B)?
You can just use Wireguard.
Download the *.conf file to machine B.
Move it to /etc/wireguard/.
Run ‘sudo wg-quick up wg0.conf’ to connect to Yunohost A.
Your Yunohost A VPS is your own VPN. You connect machine B to A to route traffic through that.
I believe VPN Client app is to connect the Yunohost server to an OpenVPN server.
I’m not sure what you did. It looks like you tried to send the Wireguard .conf file to your Yunohost machine. That’s not what you want, I think. Yunohost should be fine with Wireguard if you
First check that Wireguard on Yunohost works. Make another profile at wireguard.mms.nothost.me (or wherever you installed the Wireguard UI) . Try to connect to it with your phone.
Confirm your phone can connect to Wireguard on Yunohost. Did it make a handshake? You can check for the handshake in the Wireguard app. Also you can login to Yunohost and check if it connected with sudo wg
If wireguard isn’t working. Check if the port (the endpoint) is open on Yunohost. Try sudo yunohost firewall list to see your open ports. It should be port 8095 in most setups.
When Wireguard works for sure, then on your laptop (machine B) copy the .conf file to /etc/wireguard. You will need to be root to do this.
On machine B, connect with Wireguard to Yunohost (machine A).
Ignore that message. I have that and mine works fine. This is a known issue with diagnosis for Wireguard.
Wireguard is tricky to diagnose what’s wrong.
(things you can try)
T1. Check the wireguard service logs. Any strange things there? sudo journalctl -u wg-quick@wg0
T2. If there isn’t anything there, try restarting the wireguard service. Working now? Try to connect with your phone to Yunohost A. sudo yunohost service restart wg-quick@wg0
T3. You need to check the configuration files.
What does /etc/wireguard/wg0.conf from Yunohost A look like? (redact private information)
What does your machine B .conf file look like? (redact private information)
T4. Maybe try uninstalling and reinstalling Wireguard? It’s a mysterious thing but sometimes after I update it with Yunohost it doesn’t work, and I have to start fresh every 6 months or so. I hope it works with T1 or T2. Or maybe somebody here can see something wrong with your configuration with info from T3.