Today we will configure mutual TLS to access LAN network with no VPN and without a security risk of exposing services via HTTPS to the world.
Tesla cars using mTLS: https://www.youtube.com/watch?v=AgC9OiFrIPk
Duckdns free domain service: https://duckdns.org
All commands and sources available here:
https://gist.github.com/olokelo/abd2040091893f2ff3167972a328a550
Timestamps:
00:00 - What is mTLS and what it's used for
02:42 - Installing and configuring Nginx Proxy Manager
10:49 - Generating CA and client certificates
16:23 - Android p12 bundle bug
18:35 - Generating p12 bundle using GnuTLS certtool
20:00 - Modifying Nginx Proxy Manager configuration to verify client certs
21:17 - Final Result
21:35 - Installing client certificate in a web browser
22:56 - Installing client certificate on an Android device
25:13 - Restricting client access