Gateway

If you are looking for gateway High Availability, go to this document.

Pre-requirements

Please remember that one gateway corresponds to one VPN location.

You can also deploy multiple gateways for one location for High Availability.

To deploy the gateway you need to have defguard core running and know it's gRPC url (meaning what is the host/ip where the core is running and the gRPC port defined in core by DEFGUARD_GRPC_PORT configuration variable) and a token.

Token can be obtained when you go to VPN Locations -> Edit location settings (in top right corner) -> Select the desired location -> the right panel describes how to deploy the gateway for the location as well as lists the gateway authentication token:

Also, if core has a custom SSL CA to secure gRPC communication, you need the CA certificate (more here).

Package Install

  1. On the release page find and download a correct software package for your system (currently DEB, RPM and TXZ are available).

  2. Install the package using relevant system tools:

    Ubuntu/Debian:

    sudo dpkg -i <path_to_deb_package>

    Fedora/Red Hat Linux/SUSE:

    sudo rpm -i <path_to_rpm_package>

    FreeBSD:

    pkg add <path_to_txz_package>

  3. Fill in the default configuration file (/etc/defguard/gateway.toml) with values corresponding to your Defguard installation (token and gRPC enpoint URL).

  4. Enable and start the systemd service.

    sudo systemctl enable defguard-gateway.service
sudo systemctl start defguard-gateway.service

Docker Compose

To start Defguard Gateway using Docker Compose:

  1. We prepared a git repository with Docker Compose configuration, clone it:

git clone --recursive https://github.com/DefGuard/deployment.git && cd deployment/gateway

  1. Copy and fill in the .env file:

cp .env.template .env

  1. Finally, run the service with Docker Compose:

docker compose up

If everything went well, Defguard Gateway should be connected to Defguard Core and you can start adding new devices to your network.

OPNsense plugin

OPNsense® is an open source, feature rich firewall and routing platform, offering cutting-edge network protection.

To start Defguard Gateway as OPNsense plugin:

  1. On the release page find and download OPNsense package which will be named: defguard-gateway_VERSION_x86_64-unknown-opnsense.pkg – this package includes both Defguard Gateway and OPNsense plugin.

  2. Install the package:

pkg add defguard-gateway_VERSION_x86_64-unknown-opnsense.pkg

  1. Refresh your OPNsense UI by running below command:

opnsense-patch

  1. Go to you OPNsense UI and navigate to VPN > Defguard Gateway.

  1. Fill out the form with appropriate values, click Save, and then click Start/Restart.

You can find detailed description of all fields here.

If everything went well, Defguard Gateway should be connected to Defguard Core and you can start adding new devices to your network.

See also: how to configure Defguard in OPNsense

Binary Install

  1. Checkout Gateway releases here and download compatible binary from GitHub page.

  2. Decompress and move to bin directory

tar xcf ./gateway.tar.gz
sudo chmod +x gateway
sudo mv gateway /usr/bin/

  1. Start gateway gateway -g <CORE_GRPC_URL:GRPC_PORT> -t <DEFGUARD_TOKEN>

PreviousPre-production and development releasesNextRunning gateway on MikroTik routers

Last updated

Was this helpful?