[GH-ISSUE #1503] Feature Request: Add HostChecker Support for Client Security Validation #1931

New Issue

Closed

opened 2026-04-16 08:48:17 -05:00 by GiteaMirror · 1 comment

GiteaMirror commented 2026-04-16 08:48:17 -05:00

Owner

Copy Link

Originally created by @lordraiden on GitHub (Sep 20, 2025).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/1503

First of all, thank you for your great work on Pangolin — it's an impressive project and a valuable tool for secure networking.

I'd like to propose a feature enhancement: support for HostChecker capabilities to validate client security posture before granting access.

Motivation

In many enterprise environments, it's critical to ensure that connecting clients meet certain security requirements (e.g., antivirus running, disk encryption enabled, OS version compliant, etc.) before allowing access to internal resources. This is commonly achieved through a host checker mechanism.

Adding host checker support to Pangolin would:

• Improve endpoint security posture enforcement
• Enable conditional access based on device health
• Align Pangolin with enterprise-grade VPN solutions

Suggested Implementation

While implementation details may vary, the general idea would be:

• Introduce a pluggable host validation module
• Allow administrators to define required checks (e.g., registry keys, running processes, OS version)
• Perform validation during client handshake or pre-authentication
• Optionally integrate with external tools or scripts for custom checks

Use Cases

• Enforcing compliance for BYOD devices
• Preventing access from outdated or insecure systems
• Integrating with MDM or endpoint protection platforms

Would love to hear your thoughts on this. Happy to help with testing or contributing if this is something you'd consider adding.

Originally created by @lordraiden on GitHub (Sep 20, 2025). Original GitHub issue: https://github.com/fosrl/pangolin/issues/1503 First of all, thank you for your great work on Pangolin — it's an impressive project and a valuable tool for secure networking. I'd like to propose a feature enhancement: support for HostChecker capabilities to validate client security posture before granting access. Motivation In many enterprise environments, it's critical to ensure that connecting clients meet certain security requirements (e.g., antivirus running, disk encryption enabled, OS version compliant, etc.) before allowing access to internal resources. This is commonly achieved through a host checker mechanism. Adding host checker support to Pangolin would: - Improve endpoint security posture enforcement - Enable conditional access based on device health - Align Pangolin with enterprise-grade VPN solutions Suggested Implementation While implementation details may vary, the general idea would be: - Introduce a pluggable host validation module - Allow administrators to define required checks (e.g., registry keys, running processes, OS version) - Perform validation during client handshake or pre-authentication - Optionally integrate with external tools or scripts for custom checks Use Cases - Enforcing compliance for BYOD devices - Preventing access from outdated or insecure systems - Integrating with MDM or endpoint protection platforms Would love to hear your thoughts on this. Happy to help with testing or contributing if this is something you'd consider adding.

GiteaMirror closed this issue 2026-04-16 08:48:19 -05:00

GiteaMirror commented 2026-04-16 08:48:20 -05:00

Author

Owner

Copy Link

@oschwartz10612 commented on GitHub (Sep 20, 2025):

Thanks for the feature request! Going to move to a discussion so people can track and up vote

<!-- gh-comment-id:3315053328 --> @oschwartz10612 commented on GitHub (Sep 20, 2025): Thanks for the feature request! Going to move to a discussion so people can track and up vote

GiteaMirror referenced this issue 2026-04-16 09:35:37 -05:00

[PR #1931] [CLOSED] Fix resources card table header mobile responsiveness #2766

GiteaMirror referenced this issue 2026-04-20 09:03:09 -05:00

[PR #1931] [CLOSED] Fix resources card table header mobile responsiveness #4709

GiteaMirror referenced this issue 2026-04-23 02:42:35 -05:00

[PR #1931] [CLOSED] Fix resources card table header mobile responsiveness #5653

GiteaMirror referenced this issue 2026-04-25 16:18:22 -05:00

[PR #1931] [CLOSED] Fix resources card table header mobile responsiveness #7568

GiteaMirror referenced this issue 2026-04-30 05:44:57 -05:00

[PR #1931] [CLOSED] Fix resources card table header mobile responsiveness #9547

GiteaMirror referenced this issue 2026-05-06 16:14:53 -05:00

[PR #1931] [CLOSED] Fix resources card table header mobile responsiveness #11566

GiteaMirror referenced this issue 2026-05-13 18:57:53 -05:00

[PR #1931] [CLOSED] Fix resources card table header mobile responsiveness #13619

GiteaMirror referenced this issue 2026-05-16 03:51:08 -05:00

[PR #1931] [CLOSED] Fix resources card table header mobile responsiveness #15702

GiteaMirror referenced this issue 2026-05-18 18:08:13 -05:00

[PR #1931] [CLOSED] Fix resources card table header mobile responsiveness #17804

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dependabot/npm_and_yarn/prod-patch-updates-94425a55d0

dependabot/npm_and_yarn/dev-minor-updates-4aaf4dbce4

dependabot/go_modules/install/minor-updates-a249525a56

fix-3104

dev

exit-node-reconnect

fix-logoUrl

button-to-rebuild-association

crowdin_dev

rdp-ssh

dependabot/npm_and_yarn/brace-expansion-5.0.6

copilot/fix-documentation-input-output-types

dependabot/github_actions/sigstore/cosign-installer-4.1.2

redis

resource-policies

dependabot/npm_and_yarn/next-15.5.18

dependabot/npm_and_yarn/fast-uri-3.1.2

s3

dependabot/npm_and_yarn/fast-xml-builder-1.2.0

dependabot/npm_and_yarn/axios-1.15.2

dependabot/npm_and_yarn/next-intl-4.9.2

dependabot/docker/node-26-alpine

dependabot/docker/docker/library/node-26-slim

dependabot/npm_and_yarn/multi-7bdfbe8666

dependabot/npm_and_yarn/multi-d2fd79378c

dependabot/npm_and_yarn/uuid-14.0.0

dependabot/npm_and_yarn/postcss-8.5.10

dependabot/github_actions/actions/setup-node-6.4.0

dependabot/npm_and_yarn/next-16.2.1

dependabot/npm_and_yarn/recharts-3.8.1

cross-org-idp

breakout-sites-tables

ssh

delete-account

msg-delivery

org-only-idp

cicd

patch

site-targets-auto-login

1.18.4

1.18.3

1.18.2

1.18.1

1.18.0

1.18.0-rc.0

1.17.1

1.17.0

1.17.0-rc.0

1.16.2

1.16.1

1.16.0

1.16.0-rc.0

1.15.4

1.15.3

1.15.2

1.15.1

1.15.0

1.15.0-rc.0

1.14.1

1.14.0

1.14.0-rc.0

1.13.1

1.13.0

1.13.0-rc.0

1.12.3

1.12.2

1.12.1

1.12.0

1.12.0-rc.0

1.11.1

1.11.0

1.10.3

1.10.2

1.10.1

1.10.0

1.9.4

1.9.3

1.9.2

1.9.1

1.9.0

1.8.0

1.7.3

1.7.2

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.1

1.5.0

1.4.0

1.3.2

1.3.1

1.3.0

1.2.0

1.1.0

1.0.1

1.0.0

1.0.0-beta.15

1.0.0-beta.14

1.0.0-beta.13

1.0.0-beta.12

1.0.0-beta.11

1.0.0-beta.10

1.0.0-beta.9

1.0.0-beta.8

1.0.0-beta.7

1.0.0-beta.6

1.0.0-beta.5

1.0.0-beta.4

1.0.0-beta.3

1.0.0-beta.2

1.0.0-beta.1

Labels

Clear labels

api

authentication

bug

config

dependencies

docker

documentation

enhancement

good first issue

help wanted

Improvement

Look Into

needs investigating

networking

new feature

non-critical bug

potential bug

pull-request

Mirrored from GitHub Pull Request

question

reverse proxy

Security

stale

ui

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/pangolin#1931