Trusted by:
Why security aware organizations choose Defguard VPN
True VPN MFA
The only VPN solution that implements multi-factor authentication directly at the WireGuard® protocol level.
Ultimate Security
Written in Rust, built around WireGuard® and with components designed to be secure, fully auditable with open source code on GitHub
Enterprise integrations
External OpenID providers; Google, Microsoft, Zitadel, Keycloak, Okta, JumpCloud and more. Integrates with LDAP, Active Directory and Microsoft Entra ID.
Privacy and Transparency
No third-party dependencies required, no metadata leaves your infrastructure, full control over deployment and configuration.
Enables NIS2 compliance
True WireGuard® MFA implemented in protocol layer, easy to use with Defguad VPN desktop client. Defguard is NIS2 compliant.
European
Based in Poland and backed by European investors, Defguard operates entirely under EU law ensuring full compliance with European security standards and zero foreign legal exposure.
Defguard 1.5 Release
Our biggest release yet! Mobile apps for iOS and Android, External SSO MFA, biometric authentication, and much more.
True VPN MFA
Defguard is the only VPN solution that implements multi-factor authentication directly at the WireGuard® protocol level, providing true connection-level security that goes beyond traditional application-layer MFA.
Why connection-level MFA matters
- True protocol security - MFA is enforced at the VPN connection level, not just the web interface
- Zero bypass vulnerabilities - attackers can't circumvent MFA by exploiting application layers
- Compliance ready - meets NIS2 and other regulatory requirements for VPN-level authentication
Industry first Defguard is the only VPN solution that brings enterprise-grade MFA directly to the WireGuard® protocol.
WireGuard® VPN Speed and Security
WireGuard® is a game-changer in VPN technology it's fast, lightweight, and secure. Defguard makes it enterprise-grade with everything you need to run WireGuard securely at scale.
What makes WireGuard® best in class
- Fastest connections - up to 3x faster than OpenVPN
- Lower attack surface - only ~4,000 lines of code
- Mobile reliability - better for laptops, phones, roaming clients
Make it enterprise-grade with Defguard — everything you need to run WireGuard securely at scale.
What Defguard adds
- Built-in MFA — the only WireGuard® VPN with protocol-level multi-factor authentication
- User and device management — onboarding flows, config syncs, RBAC, ACLs
- Live config updates — update groups, routes, and policies instantly
- Real-time visibility — audit logs and integration with your SIEM
- Client enforcement — restrict use to official Defguard clients for better control
Enterprise VPN meets WireGuard®
Beyound enterprise grade architecture and security, Defguard offers professional support services designed for mission-critical enterprise deployments. Get the peace of mind that comes with dedicated support when you need it most.
Dedicated Enterprise Support
- Custom SLA agreements - Tailored service level agreements to meet your business requirements
- Priority issue resolution - Critical issues addressed within one business day
- Assigned support representative - Direct access to a dedicated support engineer who knows your setup
- Pre-scheduled support calls - Regular check-ins for proactive issue resolution and configuration optimization
- Support for NIS-2 organisations - Specialized compliance assistance for organizations subject to NIS-2 directive requirements
Compliance & Certification: Defguard is currently proceeding with ISO 27001 certification, ensuring the highest standards of information security management. Get notified when Defguard gets ISO 27001 certified →
Modern User Enrollment & Onboarding
Seamless enrollment across all platforms with cutting-edge biometric authentication and one-click configuration. From mobile apps to desktop clients, get users connected securely in minutes.
Multi-Platform Enrollment
- Mobile Clients (iOS/Android) - Native apps with biometric authentication and real-time config updates
- One-Click Desktop Enrollment - Seamless desktop client configuration with a single button click
- QR Code Configuration - Instant mobile device setup by scanning QR codes
- Biometric MFA Setup - Configure fingerprint, face recognition, and hardware key authentication during enrollment
- Secure Web enrollment portal
Ready to Implement Enterprise-Grade WireGuard® VPN?
See how Defguard fits into your zero-trust architecture and existing infrastructure.
Flexible Identity & SSO approach
Defguard is one platform for remote access and identity that enables you to go fully private and cloud-independent. It replaces siloed tools and legacy VPN appliances with a unified solution that combines remote access, identity, and access control — ideal for teams running private or hybrid infrastructure.
Enterprise SSO & Identity Integrations - connect WireGuard® with any external SSO and Identity Provider
Defguard enable you to integrate WireGuard® with any external SSO and Identity Provider. Seamlessly integrate with your infrastructure:
- Microsoft Integration - Azure AD, Microsoft Entra ID, and Office 365 SSO
- Google Workspace - Complete Google SSO and identity provider integration
- Enterprise IdPs - Okta, JumpCloud, Keycloak, Zitadel, and other OpenID Connect providers
- Legacy Systems - LDAP and Active Directory support for existing infrastructure
Built-in Identity & SSO
Complete Identity Management Platform
Defguard serves as a full-featured OpenID Connect (OIDC) Identity Provider, eliminating the need for external identity services:
- OpenID Connect SSO - Standards-compliant identity provider with "Log in with Defguard" capability
- Multi-Factor Authentication - Built-in TOTP, email tokens, WebAuthn/FIDO2 hardware keys, and biometric authentication for mobile and desktop
- User & Group Management - Comprehensive user lifecycle management with role-based access control
- Application Integration - Easy GUI for configuring external applications with SSO
Private cloud–ready
- Self-host everything — including identity
- No third-party auth providers required or cloud dependencies
- Ideal for digital sovereignty and data-sensitive environments
Ready to Experience the Most Secure, and Compliant VPN?
Deploy our open-source WireGuard® protocol VPN in minutes and secure your remote workforce with enterprise-level features.
Real-world use cases
Defguard secure architecture approach and user friendly interface makes it a unique solution in the VPN management space.
How a Swiss Private Equity fund built a private cloud with Defguard
Learn how Acquinox built a secure, compliant private cloud infrastructure using Defguard's enterprise VPN solution.
Replace Fortigate VPN and FortiClient with a lightweight, auditable modern VPN solution
Discover how Defguard provides enterprise-grade security with a fraction of the complexity of traditional VPN appliances.
How Prusa 3D Adopted Defguard for Secure, Scalable VPN Access
Prusa Research adopted Defguard to build a scalable, self-hosted VPN with WireGuard-level MFA, securing access for 490+ users.
Trying to solve the remote access problem, I’ve looked into popular solutions like Tailscale, Netbird or Firezone offering VPN management with Wireguard, but their focus lies in the cloud/SaaS and does not fit our scenario perfectly. Then I’ve discovered Defguard which is designed with private cloud use cases in mind and offers built in identity and SSO. With Defguard documentation and support the evaluation was fast and easy.
It's a unique modern VPN solution, not another extension based on WireGuard® with just web interface and MFA for login to the web without connection cover. You can run all microservices components written in Rust yourself without any requirements for communication with other services running by someone else and you have more options on how to run it, e.g. control plane on Kubernetes and gateways on other VMs. But it's not only VPN solution, it provides you also IDP like e.g. Keycloak so you can decrease the number of tools for hardening. And all of this is open-source with a community driven development.
The team really appreciates the ease of use, security and speed of the platform (thanks Wireguard). I’ve been trying to push more open-source solutions into our software stack and Defguard seems like the perfect choice.
Try Defguard Today – Secure Access Without the Complexity
Let your team experience the difference between a modern VPN and a legacy workaround.
Roadmap of what's to come
We are fully transparent also with our roadmap and feature management – here is a detailed roadmap on github