My YunoHost server
Hardware: Mini-Desktop-PC (i5,6GB Ram…)
YunoHost version: current - installed this week
I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen | …
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
Description of my issue
I try to update my Setup and want that my Yunohost Server is only reachable over local network. The only port I want to forward is the wireguard port. So - I hope - it is a secure way to have an Yunohost server without anyone else can access it.
At the moment I have some problems with wireguard but I addressed it in the wireguard topic.
I have two questions - because I am a noob
- Does this setup sound like a good idea? Is it secure? Do I miss something?
- I tried it for one whole week and tried to read a lot in the forum (even translated some french) but somehow I am not getting mDSN to work. I cannot access yunohost.local, or test.local (added the domain). I am using a fritzbox as router. What can I do?
Thanks in advance!
Yes, yes, and apparently no. Except…
Sorry about that. mDNS does not go through WireGuard tunnels by default because they do not allow multicast. I am loosely investigating it whenever I have some time. My rough trials brought me to:
ip link set dev wg0 multicast on
184.108.40.206/32, ff02::fb/128 in the AllowedIPs of your WireGuard peers. These are the multicast addresses.
- Reinstall avahi (
sudo apt install avahi-utils and
systemctl enable --now avahi-daemon)
- Tweak avahi configuration (
/etc/avahi/avahi-daemon.conf) to allow point-to-point and reflector, and list
wg0 in the enabled interfaces.
I would love a guinea pig to test it, since I am unsure how tweaked is my setup.
So far I can get .local domains published by the server, but not ones published by other peers.
Edit: oops I overlooked the “because I am a noob” part. I would totally be fine if you cannot try out these yourself. It’s good for me to have finally written it out so that other can investigate too.
Hey Thanks for your answer!
I have a freshly installed Yunohost instance, be my guest and use it as a guinea pig.
Just one thing, I dont get the .local adresses running even without VPN.
Edit: I am not a total noob, I use Linux as my main OS and I am a developer, just not very familiar with Server and Network Stuff
Edit2: I will try it out, as soon as I fixed my wireguard connection
So Wireguard is now working
But before I can test mDNS/Bonjour over VPN, I should get it working without VPN first.
So whats the problem?
No matter what I do, whatever.local and yunohost.local (yunohost-2.local) are not working. I added mulitple .local domains in the WebUi, but they cannot be found by browser or by ping (and on mutliple devices).
Yunomdns is running: hastebin (at the moment the second yunohost is not running, but I had the same problem with it)
also mdns.yml looks like this
I added the addresses into the Fritzbox “DNS-Rebind-Schutz” to whitelist them.
What else can I do?
Tried it again several times, but still no luck. Can someone please point me in the right direction.
Let’s assess the situation:
- Your server is on address
192.168.178.50. Can you make sure it has a fixed address?
- Which device are you using to test the mDNS domains? (OS, version, if it is on the same network subnet)
- What is Fritzbox “DNS-Rebind-Schutz”? Are you sure your modem is not interfering with mDNS broadcast? (not sure how though)
On your laptop, can you make sure
avahi-utils is installed and that the service
avahi-daemon is running? If so, check if your server is listed with the command
Is your phone running an Android version >= 12?
Okay you were right, it was an avahi problem (Windows is working fine with *.local adresses).
So now I will test mDNS over VPN!