My YunoHost server
Hardware: Mini-Desktop-PC (i5,6GB Ram…)
YunoHost version: current - installed this week
I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen | …
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
Description of my issue
Hey!
I try to update my Setup and want that my Yunohost Server is only reachable over local network. The only port I want to forward is the wireguard port. So - I hope - it is a secure way to have an Yunohost server without anyone else can access it.
At the moment I have some problems with wireguard but I addressed it in the wireguard topic.
I have two questions - because I am a noob 
- Does this setup sound like a good idea? Is it secure? Do I miss something?
- I tried it for one whole week and tried to read a lot in the forum (even translated some french) but somehow I am not getting mDSN to work. I cannot access yunohost.local, or test.local (added the domain). I am using a fritzbox as router. What can I do?
Thanks in advance!
Yes, yes, and apparently no. Except…
Sorry about that. mDNS does not go through WireGuard tunnels by default because they do not allow multicast. I am loosely investigating it whenever I have some time. My rough trials brought me to:
- CLI:
ip link set dev wg0 multicast on
- Add
224.0.0.251/32, ff02::fb/128 in the AllowedIPs of your WireGuard peers. These are the multicast addresses.
- Reinstall avahi (
sudo apt install avahi-utils and systemctl enable --now avahi-daemon)
- Tweak avahi configuration (
/etc/avahi/avahi-daemon.conf) to allow point-to-point and reflector, and list wg0 in the enabled interfaces.
- Restart
yunomdns and avahi-daemon services.
I would love a guinea pig to test it, since I am unsure how tweaked is my setup.
So far I can get .local domains published by the server, but not ones published by other peers.
Edit: oops I overlooked the “because I am a noob” part. 
I would totally be fine if you cannot try out these yourself. It’s good for me to have finally written it out so that other can investigate too.
1 Like
Hey Thanks for your answer!
I have a freshly installed Yunohost instance, be my guest and use it as a guinea pig.
Just one thing, I dont get the .local adresses running even without VPN.
Edit: I am not a total noob, I use Linux as my main OS and I am a developer, just not very familiar with Server and Network Stuff
Edit2: I will try it out, as soon as I fixed my wireguard connection
So Wireguard is now working
But before I can test mDNS/Bonjour over VPN, I should get it working without VPN first.
So whats the problem?
No matter what I do, whatever.local and yunohost.local (yunohost-2.local) are not working. I added mulitple .local domains in the WebUi, but they cannot be found by browser or by ping (and on mutliple devices).
Yunomdns is running: hastebin (at the moment the second yunohost is not running, but I had the same problem with it)
also mdns.yml looks like this
domains:
- yunohost.local
- bauerbyter.local
I added the addresses into the Fritzbox “DNS-Rebind-Schutz” to whitelist them.
What else can I do?
Tried it again several times, but still no luck. Can someone please point me in the right direction.
Let’s assess the situation:
- Your server is on address
192.168.178.50. Can you make sure it has a fixed address?
- Which device are you using to test the mDNS domains? (OS, version, if it is on the same network subnet)
- What is Fritzbox “DNS-Rebind-Schutz”? Are you sure your modem is not interfering with mDNS broadcast? (not sure how though)
On your laptop, can you make sure avahi-utils is installed and that the service avahi-daemon is running? If so, check if your server is listed with the command avahi-browse --all.
Is your phone running an Android version >= 12?
Okay you were right, it was an avahi problem (Windows is working fine with *.local adresses).
So now I will test mDNS over VPN!