Multi-Factor Authentication using our desktop client
Multiple VPN Locations (networks/sites) - with defined access (all users or only Admin group)
Multiple Gateways for each VPN Location (high availability/failover) - supported on a cluster of routers/firewalls for Linux, FreeBSD/PFSense/OPNSense
Import your current WireGuard server configuration (with a wizard!)
Easy device setup by users themselves (self-service)
Automatic IP allocation
Kernel (Linux, FreeBSD/OPNSense/PFSense) & userspace WireGuard support
Dashboard and statistics overview of connected users/devices for admins
Defguard is not an official WireGuard project, and WireGuard is a registered trademark of Jason A. Donenfeld.
User event logging with detailed metadata
Advanced filtering and search by user, module, event type and time range
Role-based visibility - users can see only their events
Grouped logs by modules (Defguard, enrollment, VPN)
Real-time log streaming to SIEM tools (Enterprise feature)
Defguard is an internal OIDC provider for Single Sign-On.
Supports external OpenID providers for user authentication.
Access rules for VPN locations
Allow or deny access based on users or groups
Changes are applied in real time
LDAP (tested on OpenLDAP) synchronization
Nice UI to manage users
Users self-service (besides typical data management, users can revoke access to granted apps, MFA, WireGuard, etc.)
Time-based One-Time Password Algorithm (TOTP - e.g. Google Authenticator)
WebAuthn / FIDO2 - for hardware key authentication support (e.g. YubiKey, Face ID, Touch ID, ...)
Email tokens
Secure remote (over the internet) user enrollment
Self-service for password reset
Email notifications via SMTP
Gateway disconnect/reconnect notifications
New version notifications
YubiKey hardware keys provisioning for users with one click
Build with Rust for portability, security, and speed
Was this helpful?
Was this helpful?
