I am running wg-easy and there is a way to passport protect the GUI used for creating Wireguard connections. Is there a way to prohibit connection to be made if not a password is entered? I don’t want someone to be able to access my VPN if for example my phone would be stolen unlocked. I don’t mind if it is client side only
Password protect your phone?
When a private key gets compromised just delete the public one from the allow list?
If it’s something you’re really worried about, maybe something like https://github.com/NHAS/wag will help along with your secure totp app.
Thanks, will look into it
wg-easy has this option wwhen you run the docker:
-e PASSWORD=YOUR_ADMIN_PASSWORD
which set an admin password when deploying the container.
If you didn’t put a password I guess you can add one in the admin settings
from https://github.com/wg-easy/wg-easy?tab=readme-ov-file#2-run-wireguard-easy
That’s for logging into the web GUI IIRC, not for authorizing a connection from wg client to wg server.