Hi, downloaded latest version of freedombox as VDI image and run it in latest version of virtualbox for MacOS (High Sierra).
Launches ok, but asking for username and password.
Guess there must be some default, but am unable to find out what it is…
Thanks for any help on this !
1 Like
There is no default user name and password for security reasons. You need to use the web interface provides to finish the first wizard and create an admin account. If you are using NAT for networking on the VM (default) you need to add port forwarding to access the web interface which is available on port 443. Forward the port from say 4430 to 443 and then access the web interface as https://localhost:4430/
Thanks for the hint, but I still must be doing stg wrong. In vbox, network settings, NAT is checked by default alright, but then when I create a rule for port forwarding, I put the following values :
protocol : TCP
Host ip : localhost
Host port : 443
Guest ip : localhost
guest port : 4430
and when I hit ok, getting following message :
the current port forwarding rules are not valid. All of the host or guest address values should be correct or empty.
Then, changing both addresses to 127.0.0.1, vbox accepted to register the configuration, but got error log during boot up. Then I pointed my host web browser (chrome) to https://localhost:4430/ but didn’t accept ; changed localhost to 127.0.0.1, and still doesn’t accept… So I’m stuck…
I actually dragged the original VDI image on the desktop when installing in vbox. Did I maybe have to burn it on a usb stick and boot from there?
Try this:
Protocol: TCP
Host IP:
Host Port: 4430
Guest IP:
Guest Port: 443
URL in the browser: https://localhost:4430/
This is not needed for VirtualBox. If you want to use a USB stick on your machine or VirtualBox, then use the regular amd64 image instead of VDI.
1 Like
Ok, getting halfway to success… that configuration did the job so thanks for that, but when installing the matrix synapse app, progress bar went ok till the end but then getting error msg :
(had to upload pic because not entitled to post more than 2 links as new user lol)
This problem has been fixed with latest version of freedombox. Trigger a manual update or wait for a day for updates to get installed.
ok just tried again and now it works ! Thanks. Just a small question : in order to add a layer of security, would it be worthwhile to add a reverse proxy to matrix/riot and if so, does freedombox provide a prebuilt solution such as traefik f.ex. ?
prefer adding other point rather than just editing post. Ok, so I was following the “FreedomBox Tutorial- Setting Up a Chat Server with Matrix and Riot” tutorial for doing this and got to the point of the GnuDIP section. Creation of matrix address was ok, but then got following error (I’m editing some parts) :
Hostname ****.freedombox.rocks Currently Points to 0.0.0.0
(Updated at 2020-04-27 11:04:15)
The computer that connected to GnuDIP has IP address $$$$
GnuDIP cannot determine if $$$$ is the IP address of your computer.
Java is not enabled in your browser.
The IP address being the public IP address of our corporation.
(I obviously have an individual ip behind the corporate proxy/firewall, which is different).
So where do I go from here?
Do I need to put this public address in the port forwarding section of the host we left blank or my (different) individual IP address ?
This is a headache with setting setting up LetsEncrypt certificates, etc. I don’t think it bring enough security to justify the effort.
Since you are unlikely to control the corporate firewall, this means that you can’t can forward incoming traffic to your FreedomBox. Dynamic DNS (GNUDip) is not useful in your case. You need a solution like Pagekite or Tor Hidden Service to reach FreedomBox. Unfortunately, in either case, it won’t be possible to support matrix-synapse (which needs port 8448 to be accessible from outside). However, other web based services should be available.
Since you are unlikely to control the corporate firewall, this means that you can’t can forward incoming traffic to your FreedomBox.
Well, I can ask the IT guy what’s possible. If forwarding would be possible, what does the configuration look like ?
Basically, I just need Riot clients being able to connect to my matrix-synapse, nothing more than that…
Found following discussion (seems to me you also answered in it). Could reply of Jonas be of any help ? https://alioth-lists.debian.net/pipermail/freedombox-discuss/2019-March/008850.html
If you only need internal clients to be able to connect then you can simply use the IP address of freedombox.local domain and none of the below applies.
If you don’t need federation from other servers then you don’t need to worry about port 8448. Federation means users from your server talking to users on other servers on the Internet (like the one on matrix.org).
You need to ask the administrator to forward two ports 443 and 8448 from external IP address of the corporation to your FreedomBox’s local IP address.
If this is not possible because they are using it to say host a web server already, then you can ask them to reverse proxy these two ports to your FreedomBox. Note then when reading this documentation 8008 port is already reverse proxied from port 443 on FreedomBox. So, you need to forward HTTPS traffic from external 443 to FreedomBox port 443.
You also need to setup Dynamic DNS as usual. Let’s Encrypt certificates will be successfully obtained only after the port forwarding setup is successfully done.
I am also unable to confirm Jonas’ statement that Federation can be done on port 443.
You need to ask the administrator to forward two ports 443 and 8448 from external IP address of the corporation to your FreedomBox’s local IP address.
This is my default personal IP address inside the LAN right ? For the sake of argument, let’s say it’s 192.165.0.1. Do I still leave the port forwarding settings in vbox blank as we did or must I put this value in it ?
Yes, this is the personal IP address inside the LAN.
BTW, if you are going to use your VM for serving an important service that is available most of the time, then perhaps you should switch your network mode to ‘Bridge Adapter’. It will behave as a new machine connected to your corporate network. With help from your network administrator, you can then get a static IP address assigned to it. In this way, you won’t have to worry about port forwarding in VirtualBox anymore. It is also level of simplification.
1 Like
ok will take that into consideration. On the other hand, I’m not sure this service will be a permanent one. I’d like to serve it up only when needed. In that case, what settings do I need to put in the forwarding dialogue in vbox? Is this correct :
Protocol: TCP
Host IP: 192.165.0.1
Host Port: 4430
Guest IP: 192.165.0.1
Guest Port: 443
URL in the browser: https://192.165.0.1:4430/
Security question : will this not in fact expose my private IP address to the outside world ? If so, would something like a reverse proxy be advisable in such a case ?
As to GNUDip : what will change here in my scenario ? Will my created freedombox.rocks address still work ? According to the tutorial I was following, the URL for searching the public IP address is myip.datasystems24.de. Is this still the correct solution ? Thanks for all your help…
Thanks in advance for helping me sort out the last steps…
For guest IP always leave blank.
For host IP use 0.0.0.0 or leave blank if you wish to expose the service outside the host machine (such as peer machine on the network or to your router which is forwarding connections). In this case everyone can use the URL https://host_ip:4430/ . If you wish for the service to only be available to the host machine, then use the address 127.0.0.1 and use the URL https://127.0.0.1:4430/.
You private IP address is not exposed the to the world (on the internet) due to this VirtualBox port forwarding. Your VM and host machine as exposed on the Internet when your network administrators starts fowarding ports to your machine. Even then the service is exposed and not your local IP address (some protocol such as STUN do expose your private IPs on the Internet).
This is still correct and works.
Thanks for the feedback. Obviously the odds are against me because I still don’t manage to make it work. Gave it a new run with the latest testing image (stable image dates back to 2019) and I’m still getting stuck in the GnuDIP setup.
In port forwarding I did as you said : leaving host blank and guest too, but when trying to configure the dynamic DNS part, GnuDIP gave me following error :
Hostname ****.freedombox.rocks Currently Points to OUR CORPORATE PUBIC IP ADDRESS
(Updated at 2020-04-27 11:24:03)
The computer that connected to GnuDIP has IP address OUR CORPORATE PUBIC IP ADDRESS
GnuDIP cannot determine if OUR CORPORATE PUBIC IP ADDRESS is the IP address of your computer.
Java is not enabled in your browser.
So what do I do next ?
Just to make sure I made myself understood: accessibility for my freedombox is not just limited to inside-LAN clients, I do wish it to be accessible from outside the LAN, although not from other federated Matrix servers…
Thanks for your light on this.
It looks like the GnuDIP is working as expected. The domain is supposed to point to your corporate address and it seems have done that.
At that is left to do now (to achieve access from outside LAN) is that your network administrator forwards the 80 and 443 ports to your FreedomBox. If this can’t be done, try using the Pagekite solution instead of Dynamic DNS solution.
1 Like
ok, so that’s some good news then actually !
At that is left to do now (to achieve access from outside LAN) is that your network administrator forwards the 80 and 443 ports to your FreedomBox
How exactly is he supposed to do that ? Does it suffice that he redirects these ports to the personal IP I have inside the LAN ?
And what should the ruleset look like ? I mean, is this a general rule, kind of a wildcard ? Any request on ports 80 and 443 (obviously these ports are being used not just for freedombox)? Or just the ones coming from http://myip.datasystems24.de or ****.freedombox.rocks ?
LBNL, I believe our proxy/firwall doesn’t use port 80 but some modified one (8000 or 8080 or so). What does this change for the setup ? Thanks again for your help.
I tried to set up letsencrypt with the current settings and this yields an error :
Failed to obtain the certificat for the domain ****.freedombox.rocks : Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for ****.freedombox.rocks Using the webroot path /var/www/html for all unmatched domains. Waiting for verification… Challenge failed for domain ****.freedombox.rocks http-01 challenge for ****.freedombox.rocks Cleaning up challenges Some challenges have failed.
When trying to run the Matrix Synapse server, I’d like to know whether I have to activate the public registration or not. My user case is only to let in people to whom I sent an invitation.