[HN Gopher] Wg-access-server: An all-in-one WireGuard VPN soluti...
___________________________________________________________________
Wg-access-server: An all-in-one WireGuard VPN solution with a web
UI
Author : mmmmkay
Score : 71 points
Date : 2021-10-01 15:11 UTC (7 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| tveita wrote:
| Subspace is a similar project which is also quite easy to set up.
|
| https://github.com/subspacecommunity/subspace
| gertrunde wrote:
| That is nice to see, I was looking at subspace last week and
| the last commit to https://github.com/subspacecloud/subspace
| had led me to believe it had withered and died, I was guessing
| due to the primary backing company having died?
|
| So it is quite nice to see that it is living on as a fork.
| coretx wrote:
| Don't click if you hate yet another npm *
| liuliu wrote:
| How permission works (especially from Docker?)? I remember `wg-
| quick up` requires `sudo` to bring up the WG network interface.
| oauea wrote:
| > --cap-add NET_ADMIN
|
| > --device /dev/net/tun:/dev/net/tun
| stormbrew wrote:
| says in the readme basically: --cap-add
| NET_ADMIN \ --device /dev/net/tun:/dev/net/tun \
|
| that's giving it permission to administer the tunnel devices.
| johnchristopher wrote:
| Nice, I had forgotten about wireguard GUI but now that I have
| upgraded some VPS to Debian 11 I can use it without hassle.
| probotect0r wrote:
| Has anyone used this for internal company VPN for accessing
| resources on something like AWS VPC?
| arcticfox wrote:
| Not this specifically, but I use Tailscale for this use-case
| (as far as I can tell they're similar solutions) and it's
| fantastic
| nirav72 wrote:
| I second this. Tailscale is great. However, if you're someone
| that prefers a selfhosted option (and open source) - there is
| HeadScale. It lets you run your own coordination server
| locally.
|
| https://github.com/juanfont/headscale
| stormbrew wrote:
| I would _kill_ for this but integrated into home assistant. There
| is a wireguard add on but it 's really limited and requires going
| in by ssh to get people's qr codes.
| krupan wrote:
| If it's a single binary why do I need docker?
| tyingq wrote:
| There seems to be a relative explosion in end-user deployable
| overlay networks in the last few years. I wonder how many,
| especially non-tech companies, have end users routing the outside
| world in without company permission.
|
| I know it's not rocket science to watch for each one, or be more
| sophisticated with deep packet inspection. But, I've worked at
| some old stodgy companies, and I'm reasonably sure they aren't
| really watching for it in a lot of places.
| Spooky23 wrote:
| Depends on the company. Stuff like Crowdstrike and the more
| advanced Defender service spot this sort of thing.
|
| SSH is probably the best one, especially as you can usually get
| policy exceptions to access cloud resources.
| iso1210 wrote:
| This has been a threat for 20+ years, certainly everyone I
| worked with had outgoing ssh tunnels through the socks proxy,
| with reverse port forwarding, back then.
|
| If your network is reliant on a high firewall and nothing
| inside, you've already lost.
| tyingq wrote:
| Yes, I'm not saying it is a new threat. Just a broader threat
| now that there's a lot of ready made solutions that can run
| in user space. And in some cases, like this one, have very
| newbie friendly UIs.
___________________________________________________________________
(page generated 2021-10-01 23:00 UTC)