Sending just ssh traffic via wg

Matthias Urlichs matthias at
Fri Oct 5 18:32:44 CEST 2018

On 05.10.18 17:53, Konstantin Ryabitsev wrote:
> But should the admin need to bring up the OpenVPN link

This may be a stupid question, but why do you need OpenVPN any more, if
you have Wireguard?

I'd set up a simple server-side login page that allows people to use
their user+pass+TOTP to enable non-SSH traffic on "their" link for the
next N minutes, with an easily-clickable Refresh button (and a
browser-based notification that the timeout is imminent), plus a small
(= easily-verified-to-be-correct) backend that enables/disables your
link's iptables rules. Problem solved.

-- Matthias Urlichs

More information about the WireGuard mailing list