Firezone v0.7.25 releases: WireGuard-based VPN server and firewall
A self-managed WireGuard-based VPN server and Linux firewall designed for simplicity and security.
- Fast: Uses WireGuard to be 3-4 times faster than OpenVPN.
- No dependencies: All dependencies are bundled thanks to Chef Omnibus.
- Simple: Takes minutes to set up. Manage via a simple CLI API.
- Secure: Runs unprivileged. HTTPS enforced. Encrypted cookies.
- Firewall included: Uses Linux nftables to block unwanted egress traffic.
Firezone is not:
- An inbound firewall
- A tool for creating mesh networks
- A full-featured router
- An IPSec or OpenVPN server
Deploying and Configuring
Firezone consists of a single distributable Linux package that you install and manage yourself. Management of the Firezone installation is handled by the firezone-ctl utility while management of the VPN and firewall themselves are handled by the Web UI.
Firezone acts as a frontend to both the WireGuard kernel module and the netfilter kernel subsystem. It creates a WireGuard interface (by default called wg-firezone) and firezone netfilter table and adds appropriate routes to the routing table. Other programs that modify the Linux routing table or netfilter firewall may interfere with Firezone’s operation.
Firezone requires a valid SSL certificate and a matching DNS record to run in production. We recommend using Let’s Encrypt to generate a free SSL cert for your domain.
Firezone is beta software. We highly recommend limiting network access to the Web UI to prevent exposing it to the public Internet.
🐛 Bug Fixes
- Fix double slash issue in default OIDC redirect URL location @AndrewDryga (#1515)
- Bump pre-commit from 3.0.4 to 3.1.0 @dependabot (#1470)
- Bump rubocop from 1.45.1 to 1.46.0 @dependabot (#1472)
Install & Use
Copyright 2020 Engineering