I am running wg-easy and there is a way to passport protect the GUI used for creating Wireguard connections. Is there a way to prohibit connection to be made if not a password is entered? I don’t want someone to be able to access my VPN if for example my phone would be stolen unlocked. I don’t mind if it is client side only

  • @[email protected]
    link
    fedilink
    English
    17 months ago

    Yo - absolutely!

    WG easy posts the GUI on a separate port than the primary Wireguard port you’d need to open in the firewall. I think it’s 51821 - but this can easily be changed depending on if you’re using docker-compose files or a gui like portainer to manage this.

    In my case - I am using Nginx Proxy Manager - and it even has it’s own basic password requirement “Access List” availability. With NPM I’m routing that gui over vpn (local dns) but you could put it behind a password with limite security via Access List, or the step beyond look into “middleware” like Keycloak.

    • @[email protected]OP
      link
      fedilink
      English
      17 months ago

      Hi, I’m not talking about the GUI. It is already behind a password and it is fine. I’m also using nginx for setting my the certs when connecting to nextcloud. What you are saying with Access List sounds very interesting but how does it work? How do you enter the password when you access nginx? Thanks for your reply