Frequently Asked Questions

defguard is an enterprise and open-source, easy to deploy and manage WireGuard® based VPN solution with real 2FA/Multi-Factor Authentication & SSO.

Difference between WireGuard® and defguard

WireGuard® is a VPN protocol with some low-level command-line tools. Defguard makes WireGuard® easy to deploy and use, adding additional features like

real 2FA/Multi-Factor Authentication

.

Defguard has its own VPN desktop clients (with mobile clients soon to be released) that include additional functionalities not available in standard WireGuard clients.

Defguard also offers features outside of VPN, such as built-in OpenID Connect SSO, Yubico YubiKey provisioning, and more!

Difference between WireGuard® and openvpn

WireGuard® offers ~10x faster speeds, lower latency, seamless roaming during network changes, and near-instant connection setup compared to OpenVPN, which is slower, less responsive to network shifts, and takes longer to establish connections.

More info about openvpn and how to migrate from OpenVPN here.

Does defguard support ACLs?

Defguard currently supports a simple ACL based on user group assignment, which determines the VPN locations users can access. More granular ACLs (e.g., firewall rules) are coming to defguard 1.1, which is currently in development.

Does defguard support Google login?

Defguard supports Google Workspace login and automatic account creation upon login.

This functionality requires an Enterprise License and is a paid feature.

Please remember that defguard has also built in SSO based on OpenID Connect, so you can migrate your apps to authorize with defguard instead of 3rd party service (and this is an Open Source feature)!

Does defguard support Microsoft login?

Defguard supports Microsoft login and automatic account creation upon login.

This functionality requires an Enterprise License and is a paid feature.

Please remember that defguard has also built in SSO based on OpenID Connect, so you can migrate your apps to authorize with defguard instead of 3rd party service (and this is an Open Source feature)!

Does defguard support KeyCloak login?

Defguard supports KeyCloak login and automatic account creation upon login.

This functionality requires an Enterprise License and is a paid feature.

Please remember that defguard has also built in SSO based on OpenID Connect, so you can migrate your apps to authorize with defguard instead of 3rd party service (and this is an Open Source feature)!

Does defguard support Okta?

Defguard supports Okta login and automatic account creation upon login.

This functionality requires an Enterprise License and is a paid feature.

Please remember that defguard has also built in SSO based on OpenID Connect, so you can migrate your apps to authorize with defguard instead of 3rd party service (and this is an Open Source feature)!

Does defguard support mobile WireGuard® 2FA/MFA?

The default WireGuard® does not support this functionality. We are currently in the development phase of our mobile clients, which will support 2FA/Multi-Factor Authentication.

Why Rust and not Go?

Rust is widely preferred over Go in cases of memory safety, performance and fine-grained control over system resources. It’s ideal for security solutions, the biggest and best companies that value security and speed relay on rust, for example

CloudFlare

.

Designed and developed by

Join the conversation