Last updated
Was this helpful?
Last updated
Was this helpful?
If you are looking for
Please remember that one gateway corresponds to one VPN location.
You can also deploy multiple gateways for one location for High Availability.
To deploy the gateway you need to have defguard core running and know it's (meaning what is the host/ip where the core is running and the gRPC port defined in core by DEFGUARD_GRPC_PORT configuration variable) and a token.
Token can be obtained when you go to VPN Locations -> Edit location settings (in top right corner) -> Select the desired location -> the right panel describes how to deploy the gateway for the location as well as lists the gateway authentication token:
Install the package using relevant system tools: Ubuntu/Debian:
Fedora/Red Hat Linux/SUSE:
FreeBSD:
Fill in the default configuration file (/etc/defguard/gateway.toml
) with values corresponding to your Defguard installation (token and gRPC enpoint URL).
Enable and start the systemd service.
To start your gateway using docker-compose:
Copy and fill in the .env file:
Finally, run the service with docker-compose:
To start your gateway as OPNsense plugin:
Install the package:
Refresh your OPNsense UI by running below command:
Go to you OPNsense UI and navigate VPN
-> Defguard Gateway
.
Fill form with appropriate values click Save
then Start/Restart
Decompress and move to bin directory
Start gateway gateway -g <CORE_GRPC_URL:GRPC_PORT> -t <DEFGUARD_TOKEN>
Also, if core has a custom SSL CA to secure gRPC communication,
On the find and download a correct software package for your system (currently DEB, RPM and TXZ are available).
We prepared a with docker-compose configuration, clone it:
If everything went well, your Gateway should be connected to Defguard and you can start .
On the find and download OPNsense package which will be named:
defguard-gateway_VERSION_x86_64-unknown-opnsense.pkg -
this package includes the gateway as well as OPNSense plugin.
You can find detailed description of all fields .
If everything went well, your Gateway should be connected to Defguard and you can start .
Checkout Gateway releases and download compatible binary from Github page.