Pangolin
[FR] Public Resource accessible only if client is connected to VPN #2335
Replies: 1 comment
-
|
In fact when the VPN feature and all platform clients were released, I thought the goal could achieve this result. I also self-host some apps (Immich/Jellyfin) exposed as public resource in Pangolin, for which I expect strong security. Now their respective Mobile Apps do not play well with Pangolin (they don't work at all). So, as a solution, for fixed clients (TVs) or when at home (on Wifi/eth) I defined a bypass rule based on my IPv6 address. The issue is when being outside (mobile data, or in external countries still on IPv4/CGNAT with variable IPs), here there is no solutions. If we could have a bypass rules possible for public resources as well based on the Pangolin VPN connectivity, this would be awesome! |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Summary
I self-host several applications that I want to be accessible only when the client is connected to Pangolin via VPN. While this is partially possible today using Private Resources, it doesn’t fully align with the behaviour I’m aiming for.
Ideally, I’d like to define a resource with the following characteristics:
Motivation
This would allow to serve some apps via TLS, skip Pangolin SSO, while the user is connected to Pangolin via VPN.
Proposed Solution
Under Resources -> Public -> Resource -> Authentication, a new option other than "Use Pangolin SSO" could be made available.
Roles/Users should still be applicable, so that only devices owned by those roles/users can access the resource.
Alternatives Considered
No response
Additional Context
No response
Beta Was this translation helpful? Give feedback.
All reactions