Tranquil IT Forum

Contact us
at https://forum.tranquil.it/

[SOLVED] Opening part of the WAPT server to the outside

https://forum.tranquil.it/viewtopic.php?t=3758

Page 1 of 1

[SOLVED] Opening part of the WAPT server to the outside

Published: January 25, 2024 - 3:47 PM
by guestben321
Hello,

I'm looking for a way to securely make the WAPT server accessible from the outside.

Currently, it's only accessible via local network or VPN. I was wondering if it's possible to make it accessible from the outside so I can push packets to machines that aren't connected to my local network.

Is it possible to make part of it accessible from the outside so client machines can update, without exposing, for example, the console to external access?

Has this been done before? What are the best methods? Is it a very bad idea?

Thank you. :)

Re: Opening part of the WAPT server to the outside

Published: January 25, 2024 - 4:30 PM
by dcardon
Hi Benoit,

with version 2.5, the server now requires client certificate authentication on all endpoints except the login/register. If you have enabled Kerberos authentication for the register, you should be able to expose it to the internet without any problems.

If you plan to use a reverse proxy, you must configure it in stream mode (i.e., the reverse proxy only tunnels the connection to the WAPT server) because it is the TLS endpoint that must perform the client certificate authentication.

Regards,

Denis
Time zone set to UTC+02:00
Page 1 of 1

Developed by phpBB® Forum Software © phpBB Limited

Official French translation © Qiaeru