Features overview

Remote Access with WireGuard® VPN 2FA/MFA:

  • Multi-Factor Authentication using our desktop client

  • Multiple VPN Locations (networks/sites) - with defined access (all users or only Admin group)

  • Multiple Gateways for each VPN Location (high availability/failover) - supported on a cluster of routers/firewalls for Linux, FreeBSD/PFSense/OPNSense

  • Import your current WireGuard server configuration (with a wizard!)

  • Easy device setup by users themselves (self-service)

  • Automatic IP allocation

  • Kernel (Linux, FreeBSD/OPNSense/PFSense) & userspace WireGuard support

  • Dashboard and statistics overview of connected users/devices for admins

Defguard is not an official WireGuard project, and WireGuard is a registered trademark of Jason A. Donenfeld.

Activity & Audit Logs

  • User event logging with detailed metadata

  • Advanced filtering and search by user, module, event type and time range

  • Role-based visibility - users can see only their events

  • Grouped logs by modules (Defguard, enrollment, VPN)

  • Real-time log streaming to SIEM tools (Enterprise feature)

OpenID Connect

Access Control List

  • Access rules for VPN locations

  • Allow or deny access based on users or groups

  • Changes are applied in real time

Identity Management:

Multi-Factor/2FA Authentication

Account Lifecycle Management:

Notifications

YubiKey Provisioning

YubiKey hardware keys provisioning for users with one click

Integrations

Webhooks & REST API

Build with Rust for portability, security, and speed

PreviousAbout DefguardNextOne-line install script

Was this helpful?