Hardware: Mini-Desktop-PC (i5,6GB Ram…) YunoHost version: current - installed this week I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen | … Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
Description of my issue
Hey!
I try to update my Setup and want that my Yunohost Server is only reachable over local network. The only port I want to forward is the wireguard port. So - I hope - it is a secure way to have an Yunohost server without anyone else can access it.
At the moment I have some problems with wireguard but I addressed it in the wireguard topic.
I have two questions - because I am a noob
Does this setup sound like a good idea? Is it secure? Do I miss something?
I tried it for one whole week and tried to read a lot in the forum (even translated some french) but somehow I am not getting mDSN to work. I cannot access yunohost.local, or test.local (added the domain). I am using a fritzbox as router. What can I do?
Sorry about that. mDNS does not go through WireGuard tunnels by default because they do not allow multicast. I am loosely investigating it whenever I have some time. My rough trials brought me to:
CLI: ip link set dev wg0 multicast on
Add 224.0.0.251/32, ff02::fb/128 in the AllowedIPs of your WireGuard peers. These are the multicast addresses.
Tweak avahi configuration (/etc/avahi/avahi-daemon.conf) to allow point-to-point and reflector, and list wg0 in the enabled interfaces.
Restart yunomdns and avahi-daemon services.
I would love a guinea pig to test it, since I am unsure how tweaked is my setup.
So far I can get .local domains published by the server, but not ones published by other peers.
Edit: oops I overlooked the “because I am a noob” part. I would totally be fine if you cannot try out these yourself. It’s good for me to have finally written it out so that other can investigate too.
But before I can test mDNS/Bonjour over VPN, I should get it working without VPN first.
So whats the problem?
No matter what I do, whatever.local and yunohost.local (yunohost-2.local) are not working. I added mulitple .local domains in the WebUi, but they cannot be found by browser or by ping (and on mutliple devices).
Yunomdns is running: hastebin (at the moment the second yunohost is not running, but I had the same problem with it)
also mdns.yml looks like this
domains:
- yunohost.local
- bauerbyter.local
I added the addresses into the Fritzbox “DNS-Rebind-Schutz” to whitelist them.
I am using a Laptop with EndeavourOS ( Arch Linux) and my Android Smartphone
I tried to translate it: Some devices come with DNS rebind protection. This is intended to prevent a DNS query in the browser from being assigned to an IP address in the network of the requesting client. Because this is how DNS rebind attacks can be carried o
On your laptop, can you make sure avahi-utils is installed and that the service avahi-daemon is running? If so, check if your server is listed with the command avahi-browse --all.