Monday, November 07, 2022
support@conference.yunohost.org
November
Mon Tue Wed Thu Fri Sat Sun
  1
 2
 3
 4
 5
 6
7
 8
 9
 10
 11
 12
 13
14
 15
 16
 17
 18
 19
 20
21
 22
 23
 24
 25
 26
 27
28
 29
 30
        
             

[02:31:22] <LohanG> greetings! is there any known issue with admin user not being able to sign in to yunohost pleroma installations?
[02:31:49] <LohanG> I just attempted two installations, and I cannot log in on both instances
[02:33:28] <LohanG> it says "invalid credentials"
[03:02:28] <LohanG> I see there are forum discussions about it, no conclusive pointers though
[12:08:34] <zek> Ищу работу
[12:52:54] <undefined[m]> Guten Tag! :D What do I have to consider if I want to report issues for the testing version 11.1.02? Just create an issue on Github?
[13:43:17] <Kavelach> My diagnosis reports to me, that my port 8097 is not reachable. It is supposed to be used by wireguard. I tried adding clients to wireguard, but doing so results in them losing connection to the internet. Any ideas why it may be so? I applied the config after installation and rebooted to make sure modules are loaded, there are no errors in the installation log
[13:55:43] <nicofrand> Hi, there is a "Synapse Application" on my instance, which I did not create manually. I can't find anything about it on https://github.com/YunoHost-Apps/synapse_ynh. I find it weird. Is that legit?
[13:57:14] <Kavelach> did you set up a matrix server?
[14:05:30] <Kavelach> if yes (and I can see from your handle you are running one), then this is it
[14:05:37] <Kavelach> nicofrand:
[14:06:24] <nicofrand> OK, but that's new?
[14:06:54] <nicofrand> I had to reinstall my synapse server but before that I already was running synapse and did not have this user
[14:07:30] <nicofrand> Oops I meant I have a "Synapse Application" __user__
[14:07:38] <nicofrand> having the application itself is expected ofc
[14:47:41] <nolan[m]> If my YunoHost's default domain is example.com, but it also serves example.org, and I want to add support@example.org as an email alias, how do I do that? Adding it as an alias in the user interface gives me an "invalid domain" error even though example.org is set up to receive email and doesn't have diagnosis errors.
[14:59:06] <tituspijean> > <@undefined[m]:libera.chat> Guten Tag! :D What do I have to consider if I want to report issues for the testing version 11.1.02? Just create an issue on Github?

Report to the forum thread "YunoHost 11.1 spooky testing" ;)
[15:00:51] <tituspijean> > My diagnosis reports to me, that my port 8097 is not reachable. It is supposed to be used by wireguard. I tried adding clients to wireguard, but doing so results in them losing connection to the internet. Any ideas why it may be so? I applied the config after installation and rebooted to make sure modules are loaded, there are no errors in the installation log

Usually an open port being reported as not reachable means that the app behind it is not running. Can you check that wireguard is running?
[15:02:04] <tituspijean> > Oops I meant I have a "Synapse Application" __user__

It's a hack to allow synapse to send requests to LDAP. It is expected.
[15:02:59] <tituspijean> > <@nolan[m]:libera.chat> If my YunoHost's default domain is example.com, but it also serves example.org, and I want to add support@example.org as an email alias, how do I do that? Adding it as an alias in the user interface gives me an "invalid domain" error even though example.org is set up to receive email and doesn't have diagnosis errors.

Are you sure example.org is registered within YunoHost?
[15:04:04] <Kavelach> > <@titus:pijean.ovh> Usually an open port being reported as not reachable means that the app behind it is not running. Can you check that wireguard is running?

the wireguard web UI is running, but when I run `sudo systemctl status wireguard@wg0.service`, it shows this:
```
● wireguard@wg0.service - WireGuard on wg0
Loaded: loaded (/etc/systemd/system/wireguard@.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Mon 2022-11-07 13:39:37 UTC; 1h 23min ago
TriggeredBy: ● wireguard@wg0.path
Process: 6457 ExecStart=/bin/systemctl restart wg-quick@wg0.service (code=exited, status=0/SUCCESS)
Main PID: 6457 (code=exited, status=0/SUCCESS)
CPU: 9ms

Nov 07 13:39:37 yuno.grzybnia.de systemd[1]: Starting WireGuard on wg0...
Nov 07 13:39:37 yuno.grzybnia.de systemd[1]: wireguard@wg0.service: Succeeded.
Nov 07 13:39:37 yuno.grzybnia.de systemd[1]: Finished WireGuard on wg0.
```
[15:04:50] <tituspijean> Huh. What does `sudo wg` output?
[15:05:02] <Kavelach> If I do `sudo systemctl start wireguard@wg0.service` nothing really happes, and status shows the same info
[15:05:20] <Kavelach> ```
admin@yuno:~$ sudo wg
interface: wg0
public key: QgUGOAfrQuWVXAFimCnildFKz1QTz6VB3mrcMhXHu2Y=
private key: (hidden)
listening port: 8097

peer: P1Wk6Rs2cai7JY6h5MN5em2GL1jtU0S2puFFpsf8WXg=
preshared key: (hidden)
allowed ips: 10.10.10.1/32, fd42::1/128

peer: 5euzJStaPB06bkoWcoQEVBqYyzbfLhrbwi2o88kY3U8=
preshared key: (hidden)
allowed ips: 10.10.10.2/32, fd42::2/128
```
[15:07:06] <Kavelach> There is nothing that I can see in `dmesg` too
[15:07:15] <tituspijean> So it is running. I'm wondering if it's the issue that YunoHost does not test UDP ports being opened, but only TCP. And WireGuard uses UDP.
[15:07:41] <Kavelach> Yeah, but if I connect to the VPN on a client, it doesn't have an internet connection
[15:07:46] <tituspijean> I'll check on my server later. But i think it's a false positve
[15:08:18] <tituspijean> > Yeah, but if I connect to the VPN on a client, it doesn't have an internet connection

Onto this issue then. What's the AllowedIPs instruction for your clients?
[15:08:40] <nolan[m]> > <@titus[m]:libera.chat> > <@nolan[m]:libera.chat> If my YunoHost's default domain is example.com, but it also serves example.org, and I want to add support@example.org as an email alias, how do I do that? Adding it as an alias in the user interface gives me an "invalid domain" error even though example.org is set up to receive email and doesn't have diagnosis errors.
>
> Are you sure example.org is registered within YunoHost?

It's set up for receiving/sending emails, is hosting a website, and there are no diagnosis issues. Is there something else I should check?
[15:08:52] <Kavelach> > <@titus:pijean.ovh> Onto this issue then. What's the AllowedIPs instruction for your clients?

0.0.0.0/0
[15:10:33] <tituspijean> > 0.0.0.0/0

And have you set up the PostUp and PostDown commands in WireGuard UI, about ports redirection?
[15:11:49] <tituspijean> > <@nolan[m]:libera.chat> > <@titus[m]:libera.chat> > <@nolan[m]:libera.chat> If my YunoHost's default domain is example.com, but it also serves example.org, and I want to add support@example.org as an email alias, how do I do that? Adding it as an alias in the user interface gives me an "invalid domain" error even though example.org is set up to receive email and doesn't have diagnosis errors.
> >
> > Are you sure example.org is registered within YunoHost?
>
> It's set up for receiving/sending emails, is hosting a website, and there are no diagnosis issues. Is there something else I should check?

I guess that's a yes then. Anything special about example.org? Non-latin characters?
[15:12:09] <tituspijean> Is there a log being given in addition to "Invalid domain"?
[15:26:27] <Kavelach> > <@titus:pijean.ovh> And have you set up the PostUp and PostDown commands in WireGuard UI, about ports redirection?

Those were set up after I installed wireguard and I did not modify them
[15:50:16] <tituspijean> Can you ping the server while connected to the VPN?
[16:07:29] <nolan[m]> > <@titus[m]:libera.chat> Is there a log being given in addition to "Invalid domain"?

Where would I look for logs related to adding an email forward? I don't mean journalctl/varlog, but which component would log an error setting that up?
[16:10:13] <Kavelach> > <@titus:pijean.ovh> Can you ping the server while connected to the VPN?

Nope:
```
ping 10.10.10.0
PING 10.10.10.0 (10.10.10.0) 56(84) bytes of data.
^C
--- 10.10.10.0 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2036ms
```
[20:07:38] <webmink> 11.1 offered me an upgrade to Hedgedoc which then spectacularly crashed and burned. About to try to recover but here are the logs: https://paste.yunohost.org/raw/revofudori
[20:29:49] <Melchisedech[m]> Same here but it recovered automatically.
[20:36:53] <craigvb[m]> I must say... I do like the rescent changes in YunoHost control panel :)
[20:38:14] <webmink>

It's certainly still running so, so far so good...
[20:38:24] <eric_G> null?
[20:38:42] <webmink> Client didn't post the quote...
[20:39:41] <webmink> I found Hedgedoc running and apparently intact. I'll probably try restoring it later just to be sure
[21:08:51] <eric_G> This is the expected behavior. When an app fails to install, the app is restored as it was.
[21:14:52] <webmink> Right, but this failure looked very uncontrolled so I wanted to be sure!
[21:28:03] <tituspijean> > Nope:
> ```
> ping 10.10.10.0
> PING 10.10.10.0 (10.10.10.0) 56(84) bytes of data.
> ^C
> --- 10.10.10.0 ping statistics ---
> 3 packets transmitted, 0 received, 100% packet loss, time 2036ms
> ```

Hum... can you try `sudo wg-quick down wg0` then `sudo wg-quick up wg0` and try again?
[21:31:59] <Kavelach> Nope, doesn't work
[21:32:52] <Kavelach> ```
admin@yuno:~$ sudo wg-quick down wg0
[#] ip link delete dev wg0
[#] iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -D FORWARD -o wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
admin@yuno:~$ sudo wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.10.10.0/24 dev wg0
[#] ip -6 address add fd42::/112 dev wg0
[#] ip link set mtu 1450 up dev wg0
[#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -A FORWARD -o wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip link set multicast on dev wg0
admin@yuno:~$
logout
```
and
```
ping 10.10.10.0
PING 10.10.10.0 (10.10.10.0) 56(84) bytes of data.
^C
--- 10.10.10.0 ping statistics ---
31 packets transmitted, 0 received, 100% packet loss, time 30404ms
```
[21:33:21] <Kavelach> I am "connected" to the VPN, because I can do this:
```
ping 10.10.10.1
PING 10.10.10.1 (10.10.10.1) 56(84) bytes of data.
64 bytes from 10.10.10.1: icmp_seq=1 ttl=64 time=0.044 ms
64 bytes from 10.10.10.1: icmp_seq=2 ttl=64 time=0.090 ms
^C
--- 10.10.10.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1025ms
rtt min/avg/max/mdev = 0.044/0.067/0.090/0.023 ms
```
[21:33:28] <Kavelach> and pinging my local address works
[21:33:44] <tituspijean> Can the server ping itself?
[21:34:25] <Kavelach> Yes
```
admin@yuno:~$ ping 10.10.10.0
PING 10.10.10.0 (10.10.10.0) 56(84) bytes of data.
64 bytes from 10.10.10.0: icmp_seq=1 ttl=64 time=0.063 ms
64 bytes from 10.10.10.0: icmp_seq=2 ttl=64 time=0.067 ms
^C
--- 10.10.10.0 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1011ms
rtt min/avg/max/mdev = 0.063/0.065/0.067/0.002 ms
```
[21:36:00] <tituspijean> Can you confirm that the ListenPort in /etc/wireguard/wg0.conf is indeed 8097?
[21:37:21] <tituspijean> (And that it's opened on YunoHost's firewalland and that you have a VPS or that your port is opened on your router too?)
[21:39:22] <Kavelach> > <@titus:pijean.ovh> Can you confirm that the ListenPort in /etc/wireguard/wg0.conf is indeed 8097?

```
admin@yuno:~$ sudo cat /etc/wireguard/wg0.conf | grep 8097
ListenPort = 8097
```
[21:40:45] <Kavelach> > <@titus:pijean.ovh> (And that it's opened on YunoHost's firewalland and that you have a VPS or that your port is opened on your router too?)

```
admin@yuno:~$ sudo yunohost firewall allow Both 8097
Warning: Port 8097 is already opened for IPv4 connections
Warning: Port 8097 is already opened for IPv6 connections
Success! Firewall reloaded
```
[21:40:54] <Kavelach> and yes, I'm on a VPS (hosted on hetzner)
[21:43:00] <titus[m]> I'm... flabbergasted.
[21:44:48] <Kavelach> same, I had no idea what to do, so I decided to write in :D
[21:45:49] <tituspijean> Do the clients say they have a successful handshake with the server?
[21:47:48] <Kavelach> any idea how I can check that easily? I'm starting the connection using network manager's applet
[21:48:14] <tituspijean> Errr I actually don't know. Maybe from the CLi with `wg` ?
[21:56:30] <Kavelach> I tried using nmcli like so:
```
nmcli connection up wireguard
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
```
[22:01:29] <Kavelach> Okay, I reimported the connection and now I can ping the server
[22:13:23] <Kavelach> Another question, since I don't get wireguard too much; I want to create a VPN in a way, that devices connected to it will use that connection to talk to each other, but not use that connection to access the internet. I tried setting Allowed IPs to `10.10.10.0/0`, but it doesn't seem to work, since my IP changes to the one of the server
[22:53:58] <Kavelach> Okay, I'm stupid; after setting it up to `10.10.10.0/24` it started working as I expected
[22:54:44] <Kavelach> I will want to test how I can make it prefer local network over VPN server in cases when both devices are in the same network, but this is a task for me on another day
[23:46:41] <harce[m]> I'm increasingly conviced it's impossible to install Mastodon on yuno at the moment
[23:47:04] <harce[m]> can anyone with a spare moment attempt it on debian bullseye?
[23:48:17] <harce[m]> mind you, compilation nearly freezes my lo-powered server, and compiling ruby 3.0.3 and/or the app seems to be the culprint
[23:48:28] <centralscrutinizer> I tried the other day, even with the suggested screen software... no luck
[23:49:10] <centralscrutinizer> i tried several other social apps and finally settled with Pleroma
[23:49:57] <harce[m]> I've did quite a few attempts over last days, just got an extra VPS just to test it without any other apps, but was surprised by lack of bug reports/any forum comments on it
[23:50:26] <harce[m]> especially with current drive towards mastodon seems like yuno might be missing out big times
[23:50:54] <harce[m]> logs for anyone interested; https://paste.yunohost.org/raw/ipucedecig
[23:52:44] <harce[m]> in this case got much further, my main install would crash on compiling ruby 3.0.3 which seems to be a problem itself
[23:58:44] <harce[m]> btw downgrading also isnt an option
[23:58:50] <harce[m]> [FAIL] YunoHost is only available for the version 11 (Bullseye) of Debian, you are using '10.9'
[23:59:02] <harce[m]> * `\[FAIL\] YunoHost is only available for the version 11 (Bullseye) of Debian, you are using '10.9'`
[23:59:44] <harce[m]> * `[FAIL] YunoHost is only available for the version 11 (Bullseye) of Debian, you are using '10.9'.`