Yes, it is; and is widely common practice.
With Wireguard probably the best is to create a Peer only reachable when
"ON corporate" network to test the condition and to take action after.
On 28/11/2020 14:28, Jason A. Donenfeld wrote:
On Thu, Nov 26, 2020 at 9:53 AM Adrian Larsen
<[email protected]> wrote:
One thing that is commonly implemented in other clients doing tunnels is
the detection of "ON / OFF Corporate network".
Without any user intervention, the vpn client is capable to detect (on
every network change) where the user is located and to active the client
or not.
Values to detect are a combination of:
(usually you can do AND / OR of this values)
1- Adapter domain (i.e. contoso.com) . This comes from DHCP values
received.
2 - DNS servers IPs
3 - Hostname vs IP. (This is to create a local DNS A record on your
internal DNS server that is resolvable only when you are ON corporate
network and not outside)
The detection of this values are platform agnostic. You can use it on
any client: Linux, Windows, Mac, etc; to detect when turn ON / OFF the
vpn client automatically without user intervention.
That sounds like it introduces a security vulnerability, in which you
send the magic unauthenticated packets, and voila, WireGuard
deactivates and you're sending data in the clear.
