Web app "wrapper" for OPNSense possibly using Wireguard?

[shanelord]

Update: Use the Wireguard app to do it.

As per below:
1. Set the client profile "Allowed IPs" to your OPNsense Management IP (ie 192.168.1.1/32)
2. Do not include anything in the "DNS Servers" section of the Client config.
3. Enable Cellular and Wi-Fi "On-Demand Activation"
4. Under On-Demand Wi-Fi section, change "Any SSID" to "Except these SSIDs" and select the Wi-Fi SSID which resides on the same network as your OPNsense Firewall.

Thankyou Maurice!

I know there isn't a native app for OPNSense management, but I'm wondering if this concept would work?

1. Someone more amazing and skilled than me creates an iOS and Android app.
2. App is a Web app wrapper (ie once connected it just displays the default OPNsense admin UI).
3. Possibly use Wireguard embedding https://www.wireguard.com/embedding/ to secure the connection direct to the OPNsense router. ie step the user through connecting it to the OPNsense wireguard server then present the management ui.

Think of it like a web browser app with wireguard built in that allows you to connect to your own vpn host.

Ultimately it should use an underlying app-specific vpn connection to the router to allow remote management.

Maybe I'm dreaming....

Thoughts?

[bartjsmit]

What problem would the app solve that the website on mobile doesn't already?

If you're looking for easy, cross platform remote access to your networks, check out tailscale https://www.youtube.com/watch?v=Uzcs97XcxiE

Bart...

[shanelord]

It would give me a secure VPN connection only for that app to my router admin rather than the whole mobile OS.

Currently the web browser requires me to securely connect to my home network via VPN then open a web browser, all the while all of my other apps and services get redirected via my home internet.

Tailscale is not bad but this "app" would be easier and potentially could have a persistent connection allowing alerts and notifications.

[Maurice]

It would give me a secure VPN connection only for that app to my router admin rather than the whole mobile OS.

In the WireGuard mobile app, simply set 'Allowed IPs' to the OPNsense admin IP address only. No other traffic would then get redirected.

[shanelord]

That just makes it so the only thing I can access when it's connected is the OPNsense Management IP.

All other traffic stops.

[Maurice]

That shouldn't happen. Selective routing with the WireGuard Android app is something I use all the time to access remote sites without routing everything through that site.

Make sure the DNS servers specified in the WireGuard profile (if any) are included in the allowed IPs (if different from the OPNsense management IP).

[shanelord]

Make sure the DNS servers specified in the WireGuard profile (if any) are included in the allowed IPs (if different from the OPNsense management IP).

Removing the DNS from the client profile altogether seemed to work - I'm connecting to the management interface via IP:Port anyway - no DNS required.

I've now set it via "on-demand" to enable when on cellular and wifi (excluding my home SSID) and it looks like it will do most of what I was looking for.

Thanks.