Multi-Factor Authentication using our desktop client
Multiple VPN Locations (networks/sites) - with defined access (all users or only Admin group)
Import your current WireGuard server configuration (with a wizard!)
Easy device setup by users themselves (self-service)
Automatic IP allocation
Kernel (Linux, FreeBSD/OPNSense/PFSense) and userspace WireGuard support
Dashboard and statistics overview of connected users/devices for admins
Defguard is not an official WireGuard project, and WireGuard is a registered trademark of Jason A. Donenfeld.
User event logging with detailed metadata
Advanced filtering and search by user, module, event type and time range
Role-based visibility - users can see only their events
Grouped logs by modules (Defguard, enrollment, VPN)
Real-time log streaming to SIEM tools (Enterprise feature)
Defguard is an internal OIDC provider for Single Sign-On.
Supports external OpenID providers for user authentication.
Access rules for VPN locations
Allow or deny access based on users or groups
Changes are applied in real time
OpenID Connect based SSO
LDAP (tested on OpenLDAP) synchronization
Nice UI to manage users
Users self-service (besides typical data management, users can revoke access to granted apps, MFA, WireGuard, etc.)
Time-based One-Time Password Algorithm (TOTP - e.g. Google Authenticator)
WebAuthn / FIDO2 - for hardware key authentication support (e.g. YubiKey, Face ID, Touch ID, ...)
Email tokens
Secure remote (over the internet) user enrollment
Self-service for password reset
Like regular user devices but designed to be used with the Defguard CLI client.
Special kind of locations that allow establishing automatic VPN connections on system boot.
Manually assign static IPs to user devices in the VPN network
Scale you deployment to make sure it's always available.
Email notifications via SMTP
Gateway disconnect/reconnect notifications
New version notifications
Build with Rust for portability, security, and speed.
Was this helpful?
Was this helpful?
