Firezone v0.1.15 releases: WireGuard-based VPN server and firewall
A self-managed WireGuard-based VPN server and Linux firewall designed for simplicity and security.
- Fast: Uses WireGuard to be 3-4 times faster than OpenVPN.
- No dependencies: All dependencies are bundled thanks to Chef Omnibus.
- Simple: Takes minutes to set up. Manage via a simple CLI API.
- Secure: Runs unprivileged. HTTPS enforced. Encrypted cookies.
- Firewall included: Uses Linux nftables to block unwanted egress traffic.
Firezone is not:
- An inbound firewall
- A tool for creating mesh networks
- A full-featured router
- An IPSec or OpenVPN server
Deploying and Configuring
Firezone consists of a single distributable Linux package that you install and manage yourself. Management of the Firezone installation is handled by the firezone-ctl utility while management of the VPN and firewall themselves are handled by the Web UI.
Firezone acts as a frontend to both the WireGuard kernel module and the netfilter kernel subsystem. It creates a WireGuard interface (by default called wg-firezone) and firezone netfilter table and adds appropriate routes to the routing table. Other programs that modify the Linux routing table or netfilter firewall may interfere with Firezone’s operation.
Firezone requires a valid SSL certificate and a matching DNS record to run in production. We recommend using Let’s Encrypt to generate a free SSL cert for your domain.
Firezone is beta software. We highly recommend limiting network access to the Web UI to prevent exposing it to the public Internet.
Improvements and bug fixes
* Add WireGuard service to enable interface on boot
* Fix crash from empty address
* Fix peer loading on boot
Copyright 2020 Engineering