[HN Gopher] Wg-access-server: An all-in-one WireGuard VPN soluti... ___________________________________________________________________ Wg-access-server: An all-in-one WireGuard VPN solution with a web UI Author : mmmmkay Score : 71 points Date : 2021-10-01 15:11 UTC (7 hours ago) (HTM) web link (github.com) (TXT) w3m dump (github.com) | tveita wrote: | Subspace is a similar project which is also quite easy to set up. | | https://github.com/subspacecommunity/subspace | gertrunde wrote: | That is nice to see, I was looking at subspace last week and | the last commit to https://github.com/subspacecloud/subspace | had led me to believe it had withered and died, I was guessing | due to the primary backing company having died? | | So it is quite nice to see that it is living on as a fork. | coretx wrote: | Don't click if you hate yet another npm * | liuliu wrote: | How permission works (especially from Docker?)? I remember `wg- | quick up` requires `sudo` to bring up the WG network interface. | oauea wrote: | > --cap-add NET_ADMIN | | > --device /dev/net/tun:/dev/net/tun | stormbrew wrote: | says in the readme basically: --cap-add | NET_ADMIN \ --device /dev/net/tun:/dev/net/tun \ | | that's giving it permission to administer the tunnel devices. | johnchristopher wrote: | Nice, I had forgotten about wireguard GUI but now that I have | upgraded some VPS to Debian 11 I can use it without hassle. | probotect0r wrote: | Has anyone used this for internal company VPN for accessing | resources on something like AWS VPC? | arcticfox wrote: | Not this specifically, but I use Tailscale for this use-case | (as far as I can tell they're similar solutions) and it's | fantastic | nirav72 wrote: | I second this. Tailscale is great. However, if you're someone | that prefers a selfhosted option (and open source) - there is | HeadScale. It lets you run your own coordination server | locally. | | https://github.com/juanfont/headscale | stormbrew wrote: | I would _kill_ for this but integrated into home assistant. There | is a wireguard add on but it 's really limited and requires going | in by ssh to get people's qr codes. | krupan wrote: | If it's a single binary why do I need docker? | tyingq wrote: | There seems to be a relative explosion in end-user deployable | overlay networks in the last few years. I wonder how many, | especially non-tech companies, have end users routing the outside | world in without company permission. | | I know it's not rocket science to watch for each one, or be more | sophisticated with deep packet inspection. But, I've worked at | some old stodgy companies, and I'm reasonably sure they aren't | really watching for it in a lot of places. | Spooky23 wrote: | Depends on the company. Stuff like Crowdstrike and the more | advanced Defender service spot this sort of thing. | | SSH is probably the best one, especially as you can usually get | policy exceptions to access cloud resources. | iso1210 wrote: | This has been a threat for 20+ years, certainly everyone I | worked with had outgoing ssh tunnels through the socks proxy, | with reverse port forwarding, back then. | | If your network is reliant on a high firewall and nothing | inside, you've already lost. | tyingq wrote: | Yes, I'm not saying it is a new threat. Just a broader threat | now that there's a lot of ready made solutions that can run | in user space. And in some cases, like this one, have very | newbie friendly UIs. ___________________________________________________________________ (page generated 2021-10-01 23:00 UTC)