Restrict access to chosen devices

Hello

I’m trying to work out how I can restrict access to my tunnel. I’m aware of the IP and email OTP methods etc but I’m not sure if I can use them.

Setting up the email method only seems useful if accessing from a browser and I don’t have a way of setting up a static IP.

ie, I’ve got a Nextcloud server which I access at home and when ‘on the road’ for files and webdav. In both situations I sometimes use WiFi, sometimes GSM. Sometimes I access the files from the iOS Nextcloud app, other times from the Nextcloud GNOME integration.

I access a Jellyfin server from an AppleTV at home and a laptop which is sometimes away from home.

I’ve also got a Gitea server that will be accessed from home by my laptop and desktop.

Is it possible to only allow access to my phone, laptop, ATV and desktop both at home and ‘on the road’? Currently, there’s doesn’t seem a way to use the email OTP or use a static IP. Could creating an openVPN server on my home server help?

Thank you!