If I am understanding your question correctly, tailscale has that built in. Look into "tailnet lock".
Self-Hosted Main
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
For Example
- Service: Dropbox - Alternative: Nextcloud
- Service: Google Reader - Alternative: Tiny Tiny RSS
- Service: Blogger - Alternative: WordPress
We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.
Useful Lists
- Awesome-Selfhosted List of Software
- Awesome-Sysadmin List of Software
In NetMaker and WG-easy the admin has to create and send the connection link, and can kick them at any point
Firezone can be helpful for this
Thank you, thats exactly what I was looking for!
Maybe with wireguard and some scripting? But I haven't heard of anything like this.
Setup otp auth, and do people connecting ask you the code.
don't know if it's exactly what you're looking for:
zerotier needs you (as the admin) to approve a new client that tries to join a network.
I'm a smidge confused on what you are trying to achieve and how you think it will work.
As I understand you, you want to connect "embedded" devices where you do not control the software to a VPN network?
VPNs do need some kind of client (otherwise how does the network stack know to use the VPN protocol?) so how do you envisage this working without an app?
What is your desired topology like? Do you just want your smart TV/etc to connect to a remote media library over a VPN? If that's the case, then you are overthinking it with approvals etc.
You can achieve most of what you want with router configuration. Just define routes saying "Traffic from IP address 10.20.30.40 (TV) should go to 10.20.30.30 (gateway)" and then have the "gateway" handle the tunnel.
You can also look at tailscale's subnet routing (should work with headscale backend too).
Good luck.
Not exactly clear what you mean.
But to use Jellyfin on a SmartTV through Tailscale you can simply use a device that runs as Tailscale subnet router and correctly set up the routes.
Twingate
Access Control is what you’re talking about.
I think tailscale has this feature, Look at the admin panel
Zerotier has WebUI where you can allow/disallow clients
I use zerotier myself, works the same as tailscale but any device that’s added has to be given permission trough their web ui
Tailscale?
ZeroTier does this, and it’s self hosted. Yay
keep eyeing it, I'm also interested!
I'll let you know when I look into it more, but it seems like firezone is pretty close to what I wanted