Features overview

Remote Access with WireGuard® VPN 2FA/MFA:

• Multi-Factor Authentication using our desktop client

• multiple VPN Locations (networks/sites) - with defined access (all users or only Admin group)

• multiple Gateways for each VPN Location (high availability/failover) - supported on a cluster of routers/firewalls for Linux, FreeBSD/PFSense/OPNSense

• import your current WireGuard server configuration (with a wizard!)

• easy device setup by users themselves (self-service)

• automatic IP allocation

• kernel (Linux, FreeBSD/OPNSense/PFSense) & userspace WireGuard support

• dashboard and statistics overview of connected users/devices for admins

defguard is not an official WireGuard project, and WireGuard is a registered trademark of Jason A. Donenfeld.

Identity Management:

• OpenID Connect based SSO

• External OpenID providers for login/account creation (Google/Microsoft/Custom)

• LDAP (tested on OpenLDAP) synchronization

• nice UI to manage users

• Users self-service (besides typical data management, users can revoke access to granted apps, MFA, Wireguard, etc.)

Multi-Factor/2FA Authentication

• Time-based One-Time Password Algorithm (TOTP - e.g. Google Authenticator)

• WebAuthn / FIDO2 - for hardware key authentication support (eg. YubiKey, FaceID, TouchID, ...)

• Email tokens

Account Lifecycle Management:

• Secure remote (over the internet) user enrollment

• User onboarding after enrollment

• Self-service for password reset

Yubikey Provisioning

Yubikey hardware keys provisioning for users with one click

Integrations

Webhooks & REST API

Build with Rust for portability, security, and speed