|
|
|
|
|
|
by mbreese
763 days ago
|
|
|
Why even have the first tunnel? You could do the entire thing out of hand over a web interface or other mechanism. If the public address of the WG server (or the authn server) is known and available, then there’s no real difference in setting up the connection over a persistent WG channel vs an HTTPS service. Both solutions are custom for that VPN, so I’d just have one WG tunnel that’s controlled through a secured (web)service. The bonus is that you wouldn’t need a hard coded initial key. (You’d still need some authentication mechanism, but it could be more than fixed public/private key pairs). |
|
|