Feature Request: Add HostChecker Support for Client Security Validation #886

New Issue

Closed

opened 2026-04-05 17:55:13 +02:00 by MrUnknownDE · 0 comments

MrUnknownDE commented 2026-04-05 17:55:13 +02:00

Owner

Copy Link

Originally created by @lordraiden on 9/20/2025

First of all, thank you for your great work on Pangolin — it's an impressive project and a valuable tool for secure networking.

I'd like to propose a feature enhancement: support for HostChecker capabilities to validate client security posture before granting access.

Motivation

In many enterprise environments, it's critical to ensure that connecting clients meet certain security requirements (e.g., antivirus running, disk encryption enabled, OS version compliant, etc.) before allowing access to internal resources. This is commonly achieved through a host checker mechanism.

Adding host checker support to Pangolin would:

• Improve endpoint security posture enforcement
• Enable conditional access based on device health
• Align Pangolin with enterprise-grade VPN solutions

Suggested Implementation

While implementation details may vary, the general idea would be:

• Introduce a pluggable host validation module
• Allow administrators to define required checks (e.g., registry keys, running processes, OS version)
• Perform validation during client handshake or pre-authentication
• Optionally integrate with external tools or scripts for custom checks

Use Cases

• Enforcing compliance for BYOD devices
• Preventing access from outdated or insecure systems
• Integrating with MDM or endpoint protection platforms

Would love to hear your thoughts on this. Happy to help with testing or contributing if this is something you'd consider adding.

*Originally created by @lordraiden on 9/20/2025* First of all, thank you for your great work on Pangolin — it's an impressive project and a valuable tool for secure networking. I'd like to propose a feature enhancement: support for HostChecker capabilities to validate client security posture before granting access. Motivation In many enterprise environments, it's critical to ensure that connecting clients meet certain security requirements (e.g., antivirus running, disk encryption enabled, OS version compliant, etc.) before allowing access to internal resources. This is commonly achieved through a host checker mechanism. Adding host checker support to Pangolin would: - Improve endpoint security posture enforcement - Enable conditional access based on device health - Align Pangolin with enterprise-grade VPN solutions Suggested Implementation While implementation details may vary, the general idea would be: - Introduce a pluggable host validation module - Allow administrators to define required checks (e.g., registry keys, running processes, OS version) - Perform validation during client handshake or pre-authentication - Optionally integrate with external tools or scripts for custom checks Use Cases - Enforcing compliance for BYOD devices - Preventing access from outdated or insecure systems - Integrating with MDM or endpoint protection platforms Would love to hear your thoughts on this. Happy to help with testing or contributing if this is something you'd consider adding.

MrUnknownDE closed this issue 2026-04-05 17:55:13 +02:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dev

dependabot/npm_and_yarn/dev-minor-updates-b4e5d6b9c5

revert-2766-feature/systemd-install-instructions

dependabot/npm_and_yarn/prod-patch-updates-05702d39f2

dependabot/npm_and_yarn/next-16.2.1

dependabot/npm_and_yarn/recharts-3.8.1

alerting-rules

private-site-ha

dependabot/docker/docker/library/node-25-slim

ssh

delete-account

msg-delivery

org-only-idp

cicd

patch

site-targets-auto-login

1.17.0-s.4

1.17.0

1.17.0-s.3

1.17.0-s.2

1.17.0-s.1

1.17.0-s.0

1.17.0-rc.0

1.16.2-s.22

1.16.2-s.21

1.16.2-s.20

1.16.2-s.19

1.16.2-s.18

1.16.2-s.17

1.16.2-s.16

1.16.2-s.15

1.16.2-s.14

1.16.2-s.13

1.16.2-s.12

1.16.2-s.11

1.16.2-s.10

1.16.2-s.9

1.16.2-s.8

1.16.2-s.7

1.16.2-s.6

1.16.2-s.5

1.16.2-s.4

1.16.2-s.3

1.16.2-s.2

1.16.2-s.1

1.16.2

1.16.2-s.0

1.16.1-s.1

1.16.1

1.16.1-s.0

1.16.0

1.16.0-s.1

1.16.0-s.0

1.16.0-rc.0

1.15.4-s.10

1.15.4-s.9

1.15.4-s.8

1.15.4-s.7

1.15.4-s.6

1.15.4-s.5

1.15.4-s.4

1.15.4-s.3

1.15.4-s.2

1.15.4

1.15.4-s.1

1.15.4-s.0

1.15.3

1.15.3-s.1

1.15.3-s.0

1.15.1-s.1

1.15.2

1.15.1-s.0

1.15.1

1.15.0-s.5

1.15.0

1.15.0-s.4

1.15.0-s.3

1.15.0-s.2

1.15.0-s.1

1.15.0-s.0

1.15.0-rc.0

1.14.1-s.3

1.14.1-s.2

1.14.1-s.1

1.14.1-s.0

1.14.1

1.14.0-s.2

1.14.0

1.14.0-rc.0

1.13.1

1.13.1-s.0

1.13.0

1.13.0.s.0

1.13.0-rc.0

1.12.2-s.5

1.12.3

1.12.2-s.4

1.12.2-s.3

1.12.2-s.2

1.12.2-s.1

1.12.2

1.12.2-s.0

1.12.1

1.12.0

1.12.0-s.0

1.12.0-rc.0

1.11.1

1.11.1-s.0

1.11.0-s.5

1.11.0

1.11.0-s.4

1.11.0-s.3

1.11.0-s.2

1.11.0-s.1

1.11.0-s.0

1.10.3

1.10.2

1.10.1

1.10.0

1.9.4

1.9.3

1.9.2

1.9.1

1.9.0

1.8.0

1.7.3

1.7.2

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.1

1.5.0

1.4.0

1.3.2

1.3.1

1.3.0

1.2.0

1.1.0

1.0.1

1.0.0

1.0.0-beta.15

1.0.0-beta.14

1.0.0-beta.13

1.0.0-beta.12

1.0.0-beta.11

1.0.0-beta.10

1.0.0-beta.9

1.0.0-beta.8

1.0.0-beta.7

1.0.0-beta.6

1.0.0-beta.5

1.0.0-beta.4

1.0.0-beta.3

1.0.0-beta.2

1.0.0-beta.1

Labels

Clear labels

Improvement

Improvement

Improvement

Improvement

Look Into

Security

Security

api

api

authentication

authentication

authentication

authentication

authentication

authentication

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

bug

config

config

config

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

dependencies

docker

docker

docker

docker

docker

documentation

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

enhancement

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

github_actions

go

go

go

go

go

go

go

go

go

go

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

good first issue

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

help wanted

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

javascript

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

needs investigating

networking

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

new feature

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

non-critical bug

potential bug

potential bug

potential bug

potential bug

potential bug

potential bug

potential bug

potential bug

potential bug

potential bug

potential bug

potential bug

question

reverse proxy

reverse proxy

reverse proxy

reverse proxy

reverse proxy

reverse proxy

reverse proxy

reverse proxy

reverse proxy

reverse proxy

reverse proxy

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

stale

ui

ui

ui

ui

ui

ui

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

MrUnknownDE

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/pangolin#886