• multiple VPN Locations (networks/sites) - with defined access (all users or only Admin group)
• multiple Gateways for each VPN Location (high availability/failover) - supported on a cluster of routers/firewalls for Linux, FreeBSD/PFSense/OPNSense
• import your current WireGuard server configuration with a wizard!
• dashboard and statistics overview of connected users/devices for admins
• automatic IP allocation
• kernel (Linux, FreeBSD/OPNSense/PFSense) & userspace WireGuard support with our Rust library

defguard is not an official WireGuard project, and WireGuard is a registered trademark of Jason A. Donenfeld.

Secure remote enrollment process, during which the user can: double-check their data, setup their password, and add their initial device to access VPN as a nice wizard!

After enrollment the user can be onboarded with relevant company information, links to company systems, security guidelines, etc. In the enrollment module, you can write custom messages using markdown that will be shown on the last step of the enrollment process and sent to the user via email.

defguard was thoroughly and comprehensively audited by one of the best security researchers in Poland: ISEC. ISEC is also a strategic partner of defguard, reviewing every major release from a security perspective, making defguard one of the most secure core components in the open source ecosystem.

All Critical and Major issues have been fixed in dedicated pull requests. Retest will follow soon (we’ll notify on our Twitter).

Since defguard secures the whole user journey (connections), from secure communication using VPN, to authentication based on company identity and Multi-Factor Authentication (supporting crypto wallets), it’s a perfect web2 -> web3 gateway for your organization.

Wallet management with MetaMask and Wallet Connect is an easy way for users to validate the ownership of wallets as there is no need to send wallet addresses through Slack/email anymore.