[Feature Request] Secure Blikvm further: whitelisted ip's support

[kaiyuan01]

Problem Description
only allows blikvm to accept requests from a whitelisted ip's to secure kvm further, esp. in port forwarding scenarios.

Proposed Solution
Make server code change so that it only allows blikvm to accept requests from a whitelisted ip's to secure kvm further, esp. in port forwarding scenarios.

Alternatives Considered
None

Additional context
This helps further secure Blikvm

[m50S79sM6SRNp8Jn]

For external BliKVM exposure we recommend Tailscale.
What would you proposed feature bring additionally, besides multi-layered security?

[m50S79sM6SRNp8Jn]

I am not opposed to multi-layered security.

[kaiyuan01]

Tailscale.

For Tailscale to work, do I have to either install a Tailscale client on my host PC (not an option for me), or put KVM behind a VPN router suporting Wireguard, which is not something I plan on doing.

Any issues with port forwarding? It requires neither of the sw installation, or a VPN enabled router. To secure kvm in this scenario, ip whitelisting is a feature necessary to further protect the system. Hope this makes sense and it should not be difficult to do I think. If you can point me to the server code that handles user requests, I can contribute too.

[ThomasVon2021]

https://github.com/ThomasVon2021/blikvm-web-server/blob/master/src/server/api/routes.js

[m50S79sM6SRNp8Jn]

Any issues with port forwarding?

No issues per se, just to be aware the port forwarding elevates security risks.
Further, there is a need to handle dynamic IP.

You will need

1. SSL (available)
2. VPN (Tailscale available) + IP Whitelisting (only devices on the VPN with approved IPs can connect)
3. 2FA support
4. Cloudflare integration (to support dynamic IP)

FYI - I added separate request for the feature not yet available.

Am I missing anything?

[m50S79sM6SRNp8Jn]

These are in separate GitHub requests.