Sending just ssh traffic via wg
Matthias Urlichs
matthias at urlichs.de
Fri Oct 5 18:32:44 CEST 2018
On 05.10.18 17:53, Konstantin Ryabitsev wrote:
> But should the admin need to bring up the OpenVPN link
This may be a stupid question, but why do you need OpenVPN any more, if
you have Wireguard?
I'd set up a simple server-side login page that allows people to use
their user+pass+TOTP to enable non-SSH traffic on "their" link for the
next N minutes, with an easily-clickable Refresh button (and a
browser-based notification that the timeout is imminent), plus a small
(= easily-verified-to-be-correct) backend that enables/disables your
link's iptables rules. Problem solved.
--
-- Matthias Urlichs
More information about the WireGuard
mailing list