WireGuard Client: how to unblock webadmin access when VPN is connected?

:uk: :us:

Hardware: amd64
YunoHost version: 11.0.9
I have access to my server : direct access via keyboard / screen + webadmin
Special context or some particular tweaking on my instance: no
About: Wireguard Client (0.3~ynh1)

Description of my issue


I’m currently using a generic noho.st sub-domain to access my webadmin. When I activate a Wireguard connection, it’s no longer possible to connect using this method (only CLI), but I want to be able to continue using the webadmin while connected to WG. WG access itself is operational, as I’ve been able to check via CLI (ip addr, ping, curl…), but only blocks webadmin access, which may be normal…

The WG profile I’m using includes a rule AllowedIPs =, ::/0 and I’ve seen that there’s a warning about this on the basic instructions for the WG app, so maybe that’s the cause, since I suppose that this global rule doesn’t exclude webadmin and blocks it.

But how do you free up access to the webadmin while still allowing all traffic to pass through the WG tunnel (maybe apart from this app)? And don’t I need to open new ports or redirects from the router in addition to the traditional ports 80 and 443 for webadmin? And what about the Yunohost firewall?

Browser still infinite load and fails to access the webadmin after a while (timeout) with a fairly generic error like make sure the URL is correct, something like that. When I do a wg-quick down, if the page is still trying to load at that moment, webadmin access unblocks immediately.

There are no documentation about this. I’m no expert in networking, so a little help would be greatly welcome!

Thanks! :crossed_fingers:


Description du problème


J’utilise pour l’instant un sous-domaine générique en noho.st pour accéder à mon webadmin. Lorsque j’active une connexion Wireguard, plus possible de me connecter par ce biais (seulement CLI), hors je veux pouvoir continuer à utiliser le webadmin tout en étant connecté sur WG. L’accès WG en soit est opérationnel, j’ai pu le vérifier via CLI (ip addr, ping, curl…), mais ne bloque bien que l’accès webadmin, ce qui est peut être normal…

Le profil WG utilisé inclut une règle AllowedIPs =, ::/0 et j’ai vu qu’il y a un warning là dessus sur les instructions de base de l’appli WG, c’est peut être la cause, puisque j’imagine que cette règle globale n’exclue pas le webadmin et le bloque.

Mais alors comment libérer l’accès au webadmin tout en continuant à faire passer tout le (reste du) trafic par tunnel WG (hors cette exception) ? Et n’y a t-il pas besoin d’une nouvelle ouverture de ports ou redirection depuis le routeur en plus des traditionnels ports 80 et 443 ? Et côté firewall de Yunohost ?

Le navigateur mouline et ne parvient pas à acceder à la page webadmin au bout d’un moment (timeout) avec une erreur assez générique du genre assurez-vous que l’URL soit correcte, quelque chose comme ça. Quand je fais un wg-quick down si la page est encore en train de tenter de charger à ce moment, l’accès webadmin se débloque immédiatement.

Il n’y a pas de documentation pour cette application. Je ne suis pas expert en réseaux, donc un peu d’aide serait superbement la bienvenue !

Merci d’avance ! :crossed_fingers:

It’s definitely not normal that you cannot access the webadmin with WireGuard on. (I’ve just checked myself). Some questions:

  • Does Internet access work beside the webadmin timing out?
  • Does the YunoHost user portal, with the colored app tiles work?
  • Can you access the webadmin with the server’s internal VPN address at ?
  • Have you enabled a whitelist access to the webadmin?

Does Internet access work beside the webadmin timing out?

  • Yes, I can ping, curl, etc from CLI

Does the YunoHost user portal, with the colored app tiles work?

  • No admin UI and no user UI

Can you access the webadmin with the server’s internal VPN address at ?

  • I used “Address” value’s field under “[Interface]” from profile file
  • not work too.

Have you enabled a whitelist access to the webadmin?

  • I don’t find whitelist interface.

Precision: after new interface “switzerland2” added, I upload profile file (same name), and process freeze and doesn’t finish, maybe because connection timeout…

But when wg show from CLI, state of connection looks normal.

I meant this address from the server:


I guess it’s a no then. However, it’s still good to check. It is in Tools > YunoHost settings, item is under Webadmin.

Can you elaborate on what you did? There was no previous interface? (the file name is not an issue, the file gets renamed anyways).
There should be a log of that in the webadmin, Tools > Logs. Can you share it with the green “Share with YunoPaste” button?

I use public VPN service, so I can’t set this. :pensive:

Yes (according Network tab of my browser inspector).

It is on OFF ; never used.

Session log from wireguard_client@switzerland2 service : hastebin
Session (previous day, today is not available) from Tools / Log / 20230709-131135-app_config_set-wireguard_client : https://paste.yunohost.org/raw/esozafirom

Thank you.

I notice a Temporary failure in name resolution at the beginning. Can you usually ping that server when the VPN is off?

Another thing, when the VPN is on, can you access any other app installed on the server, or is it only the SSO and webadmin that are not responding?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.