14 Nov
2021
14 Nov
'21
2:56 p.m.
Full access from any IP (except firehol-blacklist and fail2ban) is possible over VPN (openvpn) with MFA (privacyidea). Privacyidea also supplies a mobile-app compatible with a.o. TOTP and HOTP but it provides a more secure way of enrollment (2-step).
How are you managing dns/clients etc so only the email traffic is goes through the vpn and no other traffic?