Defguard: Zero-Trust Access Management with WireGuard 2FA/MFA
This repository profile is provided by osrepos.com, an open source repository discovery platform.

Summary
Defguard is an open-source, enterprise-grade VPN solution built with Rust, offering zero-trust access management. It uniquely provides multi-factor authentication for WireGuard VPN connections, integrating with various SSO providers or its built-in SSO. This platform aims to simplify the secure management of complex VPN networks with advanced features like ACLs, YubiKey provisioning, and real-time client synchronization.
Repository Information
Topics
Click on any tag to explore related repositories
Use at your own risk
OSRepos shares public repositories for knowledge and discovery only. Any installation, execution, configuration, or use of code from these repositories is the user's own responsibility. Always review the repository, source code, dependencies, licenses, and security implications before running or installing anything. OSRepos is not responsible for issues, damages, or losses resulting from third-party repositories.
Introduction
Defguard is an enterprise-grade, open-source VPN solution written in Rust, designed for zero-trust access management. It stands out by offering the world's only multi-factor authentication (MFA) for WireGuard VPN connections, supporting both its built-in SSO and external OpenID Connect providers like Google, Microsoft, or Active Directory. This robust platform simplifies the secure management of complex VPN networks.
Installation
Getting started with Defguard is straightforward, especially using Docker. A one-line install script automates the setup process, making it quick to deploy your own instance.
curl --proto '=https' --tlsv1.2 -sSf -L https://raw.githubusercontent.com/DefGuard/deployment/main/docker-compose/setup.sh -O && bash setup.sh
For more detailed instructions and options, refer to the official documentation.
Examples
Defguard offers flexible deployment options to suit various environments. Beyond the quick Docker setup, you can deploy it using:
The platform also includes a feature-rich desktop client that supports 2FA/MFA, automatic real-time synchronization of settings, and the ability to manage multiple WireGuard tunnels.
Why Use Defguard
Defguard provides a comprehensive security platform with several compelling advantages. Its unique WireGuard VPN with true 2FA/MFA ensures high security, unlike solutions that only offer 2FA for application access. It includes integrated SSO based on OpenID Connect, ACLs/Firewall Management, and secure remote user enrollment. Built with Rust, it prioritizes speed, security, and portability, making it an enterprise-ready solution for managing complex VPN infrastructures with high availability and robust access control. The project also emphasizes transparency with public penetration test reports and daily SBOM CVE scans.
Links
Related repositories
Similar repositories that may be relevant next.
AuthKit: Streamlined Authentication with WorkOS and Radix
March 31, 2026
AuthKit is an open-source login box solution developed by WorkOS, designed to simplify authentication for applications. It offers both a fully themeable hosted UI and headless APIs for custom frontends, powered by WorkOS User Management and Radix UI. This TypeScript project supports various authentication flows, including OAuth2, passwordless, and SSO.

Logto: Open-Source Auth Infrastructure for SaaS and AI Apps
March 21, 2026
Logto is a modern, open-source authentication and authorization infrastructure designed for SaaS and AI applications. Built on OIDC and OAuth 2.1, it offers robust features like multi-tenancy, enterprise SSO, and RBAC. This platform simplifies secure identity management, providing pre-built sign-in flows and SDKs for various frameworks.

Authelia: Single Sign-On and Multi-Factor Authentication for Web Apps
February 9, 2026
Authelia is a robust, open-source authentication and authorization server designed to enhance the security of your web applications. It provides comprehensive two-factor authentication (2FA) and single sign-on (SSO) capabilities through an intuitive web portal. Seamlessly integrating with various reverse proxies, Authelia acts as a crucial companion for managing access control and securing your digital infrastructure.

SaaS-Boilerplate: Next.js, Tailwind CSS, Shadcn UI for Modern SaaS Apps
December 26, 2025
The SaaS-Boilerplate is a powerful, open-source template designed to accelerate the development of SaaS applications. Built with Next.js, Tailwind CSS, Shadcn UI, and TypeScript, it offers a comprehensive suite of features including robust authentication, multi-tenancy, and role-based access control. This boilerplate provides a production-ready foundation, enabling developers to quickly launch scalable and feature-rich SaaS products.
Source repository
Open the original repository on GitHub.
7 counted GitHub visits