Hi, it’s me again, I figured that my current issue is different enough from my previous one that I should make a new thread.
My YunoHost server
Hardware: ODROID-HC4 I have access to my server : Through SSH and webadmin Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : Yes If yes, please explain: I’m working to set it up so that it’s using a VPS I’m renting as a VPN server for security.
Description of my issue
I rented a VPS as I was suggested to, and have set up Wireguard on the VPS as a server (using this script) and set my YunoHost server up to use said Wireguard server as a client, using the Wireguard Client app. Everything appears to be working in that respect, but from my understanding, I have to open ports on the VPS, right? I’ve tried using iptables to do so, and successfully set rules for port 25 on both UDP and TCP, but after running the diagnosis, YunoHost still says that port 25 isn’t open! It only says port 22 is open.
Here’s the command I used to set the iptables rule: iptables --append FORWARD --protocol tcp --sport 25 --dport 25 --jump ACCEPT I also tried INPUT instead of FORWARD and udp instead of tcp.
Update: A friend of mine who doesn’t have experience with yunohost or using a VPS but much more general Linux experience than me tried to help me debug stuff. We figured out that the ports probably are already open, the VPN just isn’t set up correctly somehow. I’ve uninstalled Wireguard on both machines and am trying to follow this guide from the beginning, I’ll update on how it goes.
Further update: I attempted to do things by using the road warrior script I linked and the Wireguard client Yunohost app again, and it still won’t work. I tried to follow the tutorial as well as possible and apply it to the app and script, but the webadmin still says every port except for port 22 is blocked. Could I be approaching this from the wrong angle? I would really prefer to use the app and script combo than do everything manually haha.
Yes I saw your sudo. But it is not one command. It is three commands in one row. So one sudo is not enough because it will only apply to the first command and not the three of them.
Try
sudo su
cd path/to/wireguard/install
wg genkey | tee privatekey | wg pubkey > publickey
That worked! I managed to follow the tutorial all the way to the end. I’m pretty sure I did everything correctly, substituting your DNS for another DNS, inserting the IP addresses, and changing ens192 to eth0.
However, I now get this error when running the diagnosis: The server does not seem to be connected to the Internet at all!? which is obviously not ideal. Not sure what to do, can you help? Should I move to the thread for your guide?
Edit: Also changed instances of port 140 to port 22 and restarted wg-quick@wg0 via systemctl restart on both machines. Still the same error.
root@vps:/etc/wireguard# systemctl status wg-quick@wg0
● wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0
Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor preset: enabled)
Active: active (exited) since Wed 2024-02-28 15:42:25 GMT; 29min ago
Docs: man:wg-quick(8)
man:wg(8)
https://www.wireguard.com/
https://www.wireguard.com/quickstart/
https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
Process: 5838 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=0/SUCCESS)
Main PID: 5838 (code=exited, status=0/SUCCESS)
Feb 28 15:42:25 vps.dragonsnest.icu wg-quick[5838]: [#] wg setconf wg0 /dev/fd/63
Feb 28 15:42:25 vps.dragonsnest.icu wg-quick[5838]: [#] ip -4 address add 10.6.0.1/24 dev wg0
Feb 28 15:42:25 vps.dragonsnest.icu wg-quick[5838]: [#] ip -6 address add fd42:42:42::1/64 dev wg0
Feb 28 15:42:25 vps.dragonsnest.icu wg-quick[5838]: [#] ip link set mtu 1420 up dev wg0
Feb 28 15:42:25 vps.dragonsnest.icu wg-quick[5838]: [#] bash /etc/wireguard/PostUp.sh
Feb 28 15:42:25 vps.dragonsnest.icu wg-quick[5886]: ip6tables v1.8.4 (legacy): Bad IP address "[VPS public IPv6]/64"
Feb 28 15:42:25 vps.dragonsnest.icu wg-quick[5886]: Try `ip6tables -h' or 'ip6tables --help' for more information.
Feb 28 15:42:25 vps.dragonsnest.icu wg-quick[5890]: ip6tables v1.8.4 (legacy): Bad IP address "[VPS public IPV6]/64"
Feb 28 15:42:25 vps.dragonsnest.icu wg-quick[5890]: Try `ip6tables -h' or 'ip6tables --help' for more information.
Feb 28 15:42:25 vps.dragonsnest.icu systemd[1]: Finished WireGuard via wg-quick(8) for wg0.
On my home server:
myuser@yunohost:~$ systemctl status wg-quick@wg0
● wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0
Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor preset: enabled)
Active: active (exited) since Wed 2024-02-28 09:42:49 CST; 30min ago
Docs: man:wg-quick(8)
man:wg(8)
https://www.wireguard.com/
https://www.wireguard.com/quickstart/
https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
Process: 44954 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=0/SUCCESS)
Main PID: 44954 (code=exited, status=0/SUCCESS)
CPU: 551ms
Again, username and host name changed for privacy.
Both pings returned with 0% packet loss, so I think we’re good on that end.
Edit: Didn’t realize my IPv6 address showed up in the first status, oops! Edited them out. Going to try removing the /64 in the scripts to see if that helps.
Edited out the /64s. Still the same error from the diagnosis. systemctl status wg-quick@wg0 on the VPS now gives:
root@vps:/etc/wireguard# systemctl status wg-quick@wg0
● wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0
Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor preset: enabled)
Active: active (exited) since Wed 2024-02-28 16:20:51 GMT; 5min ago
Docs: man:wg-quick(8)
man:wg(8)
https://www.wireguard.com/
https://www.wireguard.com/quickstart/
https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
Process: 6058 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=0/SUCCESS)
Main PID: 6058 (code=exited, status=0/SUCCESS)
Feb 28 16:20:51 vps.dragonsnest.icu systemd[1]: wg-quick@wg0.service: Succeeded.
Feb 28 16:20:51 vps.dragonsnest.icu systemd[1]: Stopped WireGuard via wg-quick(8) for wg0.
Feb 28 16:20:51 vps.dragonsnest.icu systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Feb 28 16:20:51 vps.dragonsnest.icu wg-quick[6058]: [#] ip link add wg0 type wireguard
Feb 28 16:20:51 vps.dragonsnest.icu wg-quick[6058]: [#] wg setconf wg0 /dev/fd/63
Feb 28 16:20:51 vps.dragonsnest.icu wg-quick[6058]: [#] ip -4 address add 10.6.0.1/24 dev wg0
Feb 28 16:20:51 vps.dragonsnest.icu wg-quick[6058]: [#] ip -6 address add fd42:42:42::1/64 dev wg0
Feb 28 16:20:51 vps.dragonsnest.icu wg-quick[6058]: [#] ip link set mtu 1420 up dev wg0
Feb 28 16:20:51 vps.dragonsnest.icu wg-quick[6058]: [#] bash /etc/wireguard/PostUp.sh
Feb 28 16:20:51 vps.dragonsnest.icu systemd[1]: Finished WireGuard via wg-quick(8) for wg0.
Sooooo, I think my problem is when I configure /etc/network/interfaces. Whenever I do so as described in the guide, the next time I restart the VPS, I can’t connect to the VPS at all and have to reinstall!
Here’s what the default config looks like:
# Generated by SolusVM
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address [private]
gateway [private]
netmask 255.255.255.0
dns-nameservers 8.8.8.8 8.8.4.4
up ip addr add [private]::4db9/64 dev eth0
up ip -6 route add [private]:0000:0000:0000:0000:0001 dev eth0
up ip -6 route add default via [private]:0000:0000:0000:0000:0001