| home | https://defguard.net |
| GitHub | https://github.com/defguard/defguard |
| Matrix | https://matrix.to/#/#defguard:teonite.com |
| Announcement! | https://defguard.net/blog |
๐ Defguard 2.0 Alpha 2 is out โ nearly feature-complete!
๐ What's new:
- Quick Setup Wizard & OVA images
- High Availability (multi-gateway + Envoy LB)
- Firewall management
- Static IP assignment
- Easier Edge & Gateway deployment
Not for production yet โ but great for PoCs and early testing. Beta with 1.6 migration wizard coming soon.
๐ https://defguard.net/blog/defguard-2-0-release-alpha-2/
Weโre opening early user testing for Defguard 2.0 Alpha!
Some of the major improvements include:
๐ Reversed core โ gateway communication model
๐ฅ Fully redesigned control plane UI
๐ Built-in internal certificate authority (mTLS)
๐ Full system state visibility in the UI
โ๏ธ Guided deployment & component provisioning
๐ Active-active gateway high availability
โฑ Explicit WireGuard session management
Release notes & details: https://defguard.net/blog/defguard-20-alpha-technical-overview
Video guide: https://www.youtube.com/watch?v=DWQlyHmqMlo
Defguard 2.0 is a major step forward, featuring a redesigned interface, stronger security and simpler deployment. This post covers why the changes were made, what was rebuilt and how the new architecture enables high availability and future growth.
Defguard v1.6.0 released -
Scale WireGuard Enterprise VPN.
๐ฅ๏ธ Windows Pre-logon & Always-on WireGuard with Service Locations
๐ Zero-touch Enrollment & Provisioning โ MSI, macOS App Store, and file-based tokens.
โ๏ธ Enterprise-ready clients - WireGuardNT on Windows & native Swift on macOS
๐ Improved network reliability โ Manual MTU configuration for LTE/5G.
Release notes & details: https://defguard.net/blog/defguard-16-release-notes/
#WireGuard #VPN #SelfHosted #ZeroTrust #CyberSecurity #EnterpriseIT
Zero-touch WireGuard VPN enrollment, Pre-logon VPN for Active Directory, Always-On VPN, native macOS/Windows clients, and enterprise-scale device provisioning. The most complete open-source WireGuard VPN solution.
Is your enterprise VPN stuck in the SSL era? ๐ฆ
We unpacked the mechanics behind common issues like TCP meltdown, DTLS fallback, and mobility struggles in our new guide.
See why the transport protocol matters and what a modern, WireGuard-based alternative looks like in practice:
https://defguard.net/blog/ssl-vpn-performance-protocol-problem/
Defguard listed in Dealroom's "Tough Tech" report!
Mapping NATO Eastern Flank innovations, it defines "Tough Tech" as tech that "can't fail."
The only infrastructure that never fails is one you fully control.
We were recognized for:
๐น European Data Sovereignty
๐น Privacy & Control (Self-hosted)
๐น Trust through Open Source
If you build critical infrastructure, don't rent your security. Own it.
More: https://dealroom.co/uploaded/2025/11/Tough-Tech.pdf
#OpenSource #SelfHosted #CyberSecurity #DataSovereignty #ToughTech
The NIS2 Directive is no longer a future problem. It's on your desk now, and your remote access stack is under scrutiny.
But be warned: most "VPN MFA" solutions have a critical compliance gap that auditors will find.
We wrote an engineering guide (no fluff) on how to fix it:
๐น Real security vs. "checkboxes"
๐น Implementing connection-level MFA
๐น Making your setup compliant
Read the deep dive: https://defguard.net/blog/mfa-wireguard-nis2-compliance/
๐ก Not all โVPN MFAโ means the same thing.
Setup-level 2FA: checked once during device enrollment.
Connection-level MFA: required every time a session starts.
If someone steals the VPN key (the static config with the private key), setup-level 2FA wonโt block the connection, because itโs not involved in the handshake.
Connection-level MFA is.
In Defguard, MFA is built into the WireGuardยฎ session flow.
Our founder Robert joined the Hard2Beat podcast with Maciej Zawadziลski to talk about something simple, yet often forgotten in enterprise security.
People build systems and people make mistakes. Thatโs normal.
The real problem starts when systems are designed to hide those mistakes.
We build Defguard to be seen, tested, and trusted โ by everyone.
๐ง Watch the episode and tell us what you think: https://www.youtube.com/watch?v=qnkOtnTAheQ
๐ Is your enterprise VPN a "Black Box"?
When security relies on "trust" in closed code, you're exposed to hidden risks, vendor lock-in, and outdated protocols.
We compared the traditional "all-in-one" model with an open, enterprise-ready stack built on WireGuardยฎ.
๐ Swipe for 2 key differences
๐ Full 8-point analysis: https://defguard.net/defguard-vs-fortinet/
#CyberSec #VPN #OpenSource #WireGuard #InfoSec #EnterpriseSecurity
Whatโs your Enterprise VPN built on?
Biggest release yet: 11 major features and nearly 100 bugfixes!
๐ฒ Mobile Clients with Internal MFA (TOTP/Biometry) and External SSOs.
๐ซ Desktop Client adds External SSO/IdP MFA.
๐ซ New: MFA on Desktop via Mobile Biometry ๐
๐ค As an open company, weโve launched public processes like the Architecture Decision Record and a page with pentesting findings & fixes (unique in VPNs, as far as we know).
Release notes: https://defguard.net/blog/defguard-15-release-notes/
