[GH-ISSUE #143] Whitelisting IPs to bypass authentication mechanisms #6104

New Issue

Closed

opened 2026-04-25 14:57:18 -05:00 by GiteaMirror · 3 comments

GiteaMirror commented 2026-04-25 14:57:18 -05:00

Owner

Copy Link

Originally created by @miloschwartz on GitHub (Feb 1, 2025).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/143

Originally assigned to: @oschwartz10612, @miloschwartz on GitHub.

Discussed in https://github.com/orgs/fosrl/discussions/11

^{Originally posted by fr34kyn01535 January 7, 2025}
Similar to how authentik allows trusted networks, it would be cool if we could whitelist networks that are trusted and bypass auth.
While most users don't have a fixed IP to whitelist I came up with a second idea here:
It would actually be quite cool if we can automatically select newt tunnel nodes / sites to whitelist, and their WAN address is added to that whitelist.

Originally created by @miloschwartz on GitHub (Feb 1, 2025). Original GitHub issue: https://github.com/fosrl/pangolin/issues/143 Originally assigned to: @oschwartz10612, @miloschwartz on GitHub. ### Discussed in https://github.com/orgs/fosrl/discussions/11 <div type='discussions-op-text'> ^{Originally posted by **fr34kyn01535** January 7, 2025} Similar to how authentik allows trusted networks, it would be cool if we could whitelist networks that are trusted and bypass auth. While most users don't have a fixed IP to whitelist I came up with a second idea here: It would actually be quite cool if we can automatically select newt tunnel nodes / sites to whitelist, and their WAN address is added to that whitelist. </div>

GiteaMirror added the new feature label 2026-04-25 14:57:18 -05:00

GiteaMirror closed this issue 2026-04-25 14:57:18 -05:00

GiteaMirror commented 2026-04-25 14:57:19 -05:00

Author

Owner

Copy Link

@scroguard commented on GitHub (Feb 6, 2025):

to add to this - within other proxy packages i heavily make use of only allowing internal networks to access certain resources. it's a great additional step along with authentication to minimize the scope of who can access the proxied resource. being able to have something like "allow connections from specified private ip ranges, and deny the rest" would be very useful.

<!-- gh-comment-id:2641270093 --> @scroguard commented on GitHub (Feb 6, 2025): to add to this - within other proxy packages i heavily make use of only allowing internal networks to access certain resources. it's a great additional step along with authentication to minimize the scope of who can access the proxied resource. being able to have something like "allow connections from specified private ip ranges, and deny the rest" would be very useful.

GiteaMirror commented 2026-04-25 14:57:19 -05:00

Author

Owner

Copy Link

@synologyy commented on GitHub (Feb 9, 2025):

The same as an access list as in npm for WireGuard ip connections

<!-- gh-comment-id:2646091510 --> @synologyy commented on GitHub (Feb 9, 2025): The same as an access list as in npm for WireGuard ip connections 

GiteaMirror commented 2026-04-25 14:57:20 -05:00

Author

Owner

Copy Link

@miloschwartz commented on GitHub (Feb 13, 2025):

Added in 1.0.0-beta.13

<!-- gh-comment-id:2657654859 --> @miloschwartz commented on GitHub (Feb 13, 2025): Added in [1.0.0-beta.13](https://github.com/fosrl/pangolin/releases/tag/1.0.0-beta.13)

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

resource-policies

dev

dependabot/npm_and_yarn/prod-patch-updates-64dd675a88

dependabot/npm_and_yarn/dev-minor-updates-10ef4f0f15

redis

crowdin_dev

newt-install-commands

dependabot/npm_and_yarn/multi-d2fd79378c

dependabot/npm_and_yarn/uuid-14.0.0

dependabot/npm_and_yarn/postcss-8.5.10

miloschwartz-patch-2

dependabot/github_actions/actions/setup-node-6.4.0

dependabot/npm_and_yarn/next-16.2.1

dependabot/npm_and_yarn/recharts-3.8.1

dependabot/npm_and_yarn/next-intl-4.9.1

cross-org-idp

update-readme

miloschwartz-patch-1

breakout-sites-tables

revert-2766-feature/systemd-install-instructions

dependabot/docker/docker/library/node-25-slim

ssh

delete-account

msg-delivery

org-only-idp

cicd

patch

site-targets-auto-login

1.18.2-s.5

1.18.2-s.4

1.18.2-s.3

1.18.2-s.2

1.18.2-s.1

1.18.2

1.18.2-s.0

1.18.1-s.7

1.18.1-s.6

1.18.1-s.5

1.18.1-s.4

1.18.1-s.3

1.18.1-s.2

1.18.1

1.18.1-s.1

1.18.1-s.0

1.18.0-s.2

1.18.0-s.1

1.18.0

1.18.0-s.0

1.17.1-s.7

1.17.1-s.6

1.18.0-rc.0

1.17.1-s.5

1.17.1-s.4

1.17.1-s.3

1.17.1

1.17.1-s.2

1.17.1-s.1

1.17.1-s.0

1.17.0-s.4

1.17.0

1.17.0-s.3

1.17.0-s.2

1.17.0-s.1

1.17.0-s.0

1.17.0-rc.0

1.16.2-s.22

1.16.2-s.21

1.16.2-s.20

1.16.2-s.19

1.16.2-s.18

1.16.2-s.17

1.16.2-s.16

1.16.2-s.15

1.16.2-s.14

1.16.2-s.13

1.16.2-s.12

1.16.2-s.11

1.16.2-s.10

1.16.2-s.9

1.16.2-s.8

1.16.2-s.7

1.16.2-s.6

1.16.2-s.5

1.16.2-s.4

1.16.2-s.3

1.16.2-s.2

1.16.2-s.1

1.16.2

1.16.2-s.0

1.16.1-s.1

1.16.1

1.16.1-s.0

1.16.0

1.16.0-s.1

1.16.0-s.0

1.16.0-rc.0

1.15.4-s.10

1.15.4-s.9

1.15.4-s.8

1.15.4-s.7

1.15.4-s.6

1.15.4-s.5

1.15.4-s.4

1.15.4-s.3

1.15.4-s.2

1.15.4-s.1

1.15.4

1.15.4-s.0

1.15.3

1.15.3-s.1

1.15.3-s.0

1.15.2

1.15.1-s.1

1.15.1-s.0

1.15.1

1.15.0-s.5

1.15.0

1.15.0-s.4

1.15.0-s.3

1.15.0-s.2

1.15.0-s.1

1.15.0-s.0

1.15.0-rc.0

1.14.1-s.3

1.14.1-s.2

1.14.1-s.1

1.14.1-s.0

1.14.1

1.14.0-s.2

1.14.0

1.14.0-rc.0

1.13.1

1.13.1-s.0

1.13.0

1.13.0.s.0

1.13.0-rc.0

1.12.2-s.5

1.12.3

1.12.2-s.4

1.12.2-s.3

1.12.2-s.2

1.12.2-s.1

1.12.2

1.12.2-s.0

1.12.1

1.12.0

1.12.0-s.0

1.12.0-rc.0

1.11.1

1.11.1-s.0

1.11.0-s.5

1.11.0

1.11.0-s.4

1.11.0-s.3

1.11.0-s.2

1.11.0-s.1

1.11.0-s.0

1.10.3

1.10.2

1.10.1

1.10.0

1.9.4

1.9.3

1.9.2

1.9.1

1.9.0

1.8.0

1.7.3

1.7.2

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.1

1.5.0

1.4.0

1.3.2

1.3.1

1.3.0

1.2.0

1.1.0

1.0.1

1.0.0

1.0.0-beta.15

1.0.0-beta.14

1.0.0-beta.13

1.0.0-beta.12

1.0.0-beta.11

1.0.0-beta.10

1.0.0-beta.9

1.0.0-beta.8

1.0.0-beta.7

1.0.0-beta.6

1.0.0-beta.5

1.0.0-beta.4

1.0.0-beta.3

1.0.0-beta.2

1.0.0-beta.1

Labels

Clear labels

api

authentication

bug

config

dependencies

docker

documentation

enhancement

good first issue

help wanted

Improvement

Look Into

needs investigating

networking

new feature

non-critical bug

potential bug

pull-request

Mirrored from GitHub Pull Request

question

reverse proxy

Security

stale

ui

wontfix

No Label new feature

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/pangolin#6104