Defguard: Zero-Trust Access Management with WireGuard 2FA/MFA

Introduction

Defguard is an enterprise-grade, open-source VPN solution written in Rust, designed for zero-trust access management. It stands out by offering the world's only multi-factor authentication (MFA) for WireGuard VPN connections, supporting both its built-in SSO and external OpenID Connect providers like Google, Microsoft, or Active Directory. This robust platform simplifies the secure management of complex VPN networks.

Installation

Getting started with Defguard is straightforward, especially using Docker. A one-line install script automates the setup process, making it quick to deploy your own instance.

curl --proto '=https' --tlsv1.2 -sSf -L https://raw.githubusercontent.com/DefGuard/deployment/main/docker-compose/setup.sh -O && bash setup.sh

For more detailed instructions and options, refer to the official documentation.

Examples

Defguard offers flexible deployment options to suit various environments. Beyond the quick Docker setup, you can deploy it using:

• Docker Compose
• Kubernetes

The platform also includes a feature-rich desktop client that supports 2FA/MFA, automatic real-time synchronization of settings, and the ability to manage multiple WireGuard tunnels.

Why Use Defguard

Defguard provides a comprehensive security platform with several compelling advantages. Its unique WireGuard VPN with true 2FA/MFA ensures high security, unlike solutions that only offer 2FA for application access. It includes integrated SSO based on OpenID Connect, ACLs/Firewall Management, and secure remote user enrollment. Built with Rust, it prioritizes speed, security, and portability, making it an enterprise-ready solution for managing complex VPN infrastructures with high availability and robust access control. The project also emphasizes transparency with public penetration test reports and daily SBOM CVE scans.

Links

• Website
• Getting Started
• Features
• Roadmap
• Documentation
• Community Support