Skip to content

defguard

VPN & Tunnels

Enterprise‑grade open‑source VPN solution that adds multi‑factor authentication (MFA) to WireGuard connections

Track releases GitHub Website
Rust Latest v2.0.1 · 12d ago Security brief →

Features

  • Multi‑factor authentication (2FA/MFA) for WireGuard via built‑in SSO or external OpenID Connect providers
  • Automatic real‑time synchronization of desktop client settings across all VPN locations
  • Comprehensive access control with ACL/firewall management, LDAP/AD two‑way sync, and YubiKey hardware key support

Recent releases

View all 8 releases →
Upgrade now
v2.0.1 Breaking risk
Auth RBAC Dependencies

Security fixes for DG26 modules

Open
v2.0.0 Breaking risk
⚠ Upgrade required
  • Consult the migration documentation at https://docs.defguard.net/2.0/deployment-strategies/migrating-from-defguard-1.6-to-2.0 when upgrading from 1.x.
  • New one‑line install script available for quick testing.
Breaking changes
  • Minimum supported proxy and gateway versions increased (specific versions not stated in changelog).
Notable features
  • Completely redesigned UI
  • New easy deployment approach with component communication security
  • Major architectural changes including core certificate authority, multiproxy handling, MTU/FwMark support, VPN client session manager, activity log streaming, and wizard‑driven adoption
Full changelog

🎉 Welcome to Defguard 2.0 🎉

It’s a significant step up from version 1.x, featuring:

🎨 a completely redesigned UI,
📦 a new and easy deployment approach (and component communication security),
🛠️ and some other major architectural changes.

More details with videos in this blogpost.

⬆︎ If you will be upgrading from 1.x - here you can find relevant documentation about the upgrade.
🚅 If you would like to test Defguard - we offer a quick and easy One-line install script.

We want to get as much feedback as possible, so we encourage you to:

💬 open a GitHub discussion

🪲 report any missing features or bugs as issues

What's Changed

  • Release 1.6 alpha merger by @wojcik91 in https://github.com/DefGuard/defguard/pull/1711
  • Finialize moving most important DB models to a common crate by @wojcik91 in https://github.com/DefGuard/defguard/pull/1713
  • Merge main->dev before 1.6 by @j-chmielewski in https://github.com/DefGuard/defguard/pull/1756
  • Implement multiple proxy handling by @j-chmielewski in https://github.com/DefGuard/defguard/pull/1743
  • Reverse gateway grpc take two merger by @moubctez in https://github.com/DefGuard/defguard/pull/1767
  • Gateway REST by @moubctez in https://github.com/DefGuard/defguard/pull/1775
  • Allow domain names location DNS by @moubctez in https://github.com/DefGuard/defguard/pull/1786
  • Add MTU and FwMark to WireGuardNetwork by @moubctez in https://github.com/DefGuard/defguard/pull/1788
  • Disable APT repository signing/uploads by @jakub-tldr in https://github.com/DefGuard/defguard/pull/1799
  • Disable APT repository signing/uploads by @jakub-tldr in https://github.com/DefGuard/defguard/pull/1800
  • Core certificate authority, part 1: Proxy by @t-aleksander in https://github.com/DefGuard/defguard/pull/1790
  • UI table update by @filipslezaklab in https://github.com/DefGuard/defguard/pull/1808
  • Update APT repository on full release/pre-release by @jakub-tldr in https://github.com/DefGuard/defguard/pull/1807
  • Merge main -> dev after 1.6.1 release by @wojcik91 in https://github.com/DefGuard/defguard/pull/1844
  • PUT for OpenIDProvider by @moubctez in https://github.com/DefGuard/defguard/pull/1801
  • Multiproxy private cookies by @j-chmielewski in https://github.com/DefGuard/defguard/pull/1809
  • components update 1 by @filipslezaklab in https://github.com/DefGuard/defguard/pull/1848
  • OpenID tests by @jakub-tldr in https://github.com/DefGuard/defguard/pull/1852
  • Add MTU and FwMark to web interface by @moubctez in https://github.com/DefGuard/defguard/pull/1849
  • Core certificate authority, part 2: Gateway by @t-aleksander in https://github.com/DefGuard/defguard/pull/1846
  • Extend OpenAPI docs with OpenID providers by @moubctez in https://github.com/DefGuard/defguard/pull/1860
  • OpenID provider kind by @moubctez in https://github.com/DefGuard/defguard/pull/1871
  • VPN client session manager pt2 by @wojcik91 in https://github.com/DefGuard/defguard/pull/1802
  • Activity log streaming page by @jakub-tldr in https://github.com/DefGuard/defguard/pull/1876
  • add VPN sessions & stats generator by @wojcik91 in https://github.com/DefGuard/defguard/pull/1885
  • send cookie keys via protos by @j-chmielewski in https://github.com/DefGuard/defguard/pull/1881
  • Log streaming page tweaks by @jakub-tldr in https://github.com/DefGuard/defguard/pull/1892
  • VPN stats generator pt2 by @wojcik91 in https://github.com/DefGuard/defguard/pull/1891
  • Destination, part 1 by @moubctez in https://github.com/DefGuard/defguard/pull/1895
  • MTU and FwMark are not optional by @moubctez in https://github.com/DefGuard/defguard/pull/1907
  • session manager VPN client events by @wojcik91 in https://github.com/DefGuard/defguard/pull/1911
  • fix docker build by @wojcik91 in https://github.com/DefGuard/defguard/pull/1914
  • Implement proxy wizard by @t-aleksander in https://github.com/DefGuard/defguard/pull/1910
  • Implement remote MFA with new, separate RPC message by @j-chmielewski in https://github.com/DefGuard/defguard/pull/1912
  • Include component version in support data by @jakub-tldr in https://github.com/DefGuard/defguard/pull/1920
  • Gateway wizard by @t-aleksander in https://github.com/DefGuard/defguard/pull/1919
  • handle multiple gateways in session manager by @wojcik91 in https://github.com/DefGuard/defguard/pull/1917
  • Any for aliases by @moubctez in https://github.com/DefGuard/defguard/pull/1918
  • Initiate self-enrolment from users list by @jakub-tldr in https://github.com/DefGuard/defguard/pull/1935
  • Separate API for Alias and Destination by @moubctez in https://github.com/DefGuard/defguard/pull/1938
  • Use functions for ApiResponse by @moubctez in https://github.com/DefGuard/defguard/pull/1942
  • Activity log streaming certificate file upload by @jakub-tldr in https://github.com/DefGuard/defguard/pull/1941
  • Edge edit form by @j-chmielewski in https://github.com/DefGuard/defguard/pull/1940
  • Support VPN client MFA connect/disconnect process within the session manager by @wojcik91 in https://github.com/DefGuard/defguard/pull/1939
  • periodic VPN session & stats purge by @wojcik91 in https://github.com/DefGuard/defguard/pull/1954
  • Fetch AclAlias by kind by @moubctez in https://github.com/DefGuard/defguard/pull/1953
  • drop legacy stats tables by @wojcik91 in https://github.com/DefGuard/defguard/pull/1957
  • Edge delete by @j-chmielewski in https://github.com/DefGuard/defguard/pull/1960
  • New instance setup wizard by @t-aleksander in https://github.com/DefGuard/defguard/pull/1961
  • VPN sessions handling fixes by @wojcik91 in https://github.com/DefGuard/defguard/pull/1964
  • Fix connecting to proxy after completing initial wizard by @t-aleksander in https://github.com/DefGuard/defguard/pull/1971
  • Initial wizard fixes by @t-aleksander in https://github.com/DefGuard/defguard/pull/1987
  • Fix wizard routing by @t-aleksander in https://github.com/DefGuard/defguard/pull/1991
  • change from root guard to route specific guards by @filipslezaklab in https://github.com/DefGuard/defguard/pull/1993
  • fix(mfa): preserve preshared key when creating new session by @j-chmielewski in https://github.com/DefGuard/defguard/pull/1995
  • Edge list by @j-chmielewski in https://github.com/DefGuard/defguard/pull/1992
  • Update ACL -> firewall rule translation to handle new toggles by @wojcik91 in https://github.com/DefGuard/defguard/pull/1994
  • Restore init dev env by @t-aleksander in https://github.com/DefGuard/defguard/pull/2010
  • Allow admins to delete a specific MFA method for a user by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2012
  • Block adding MFA for user as admin by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2013
  • pre-alpha ACL UI fixes by @wojcik91 in https://github.com/DefGuard/defguard/pull/2024
  • fix acl queries by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2032
  • Persist initial setup wizard state by @t-aleksander in https://github.com/DefGuard/defguard/pull/2033
  • fix querykey conflict by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2039
  • Restore minimal LDAP compose by @t-aleksander in https://github.com/DefGuard/defguard/pull/2043
  • Crl by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2041
  • New mail templates by @moubctez in https://github.com/DefGuard/defguard/pull/1997
  • Check limits when creating users / locations by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2048
  • New mail templates part 2 by @moubctez in https://github.com/DefGuard/defguard/pull/2053
  • Lack of SMTP configuration information for user by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2054
  • Wizard design tweaks by @t-aleksander in https://github.com/DefGuard/defguard/pull/2063
  • Fix typos by @moubctez in https://github.com/DefGuard/defguard/pull/2066
  • Gateway TLS verification by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2049
  • Use binary licence key by @moubctez in https://github.com/DefGuard/defguard/pull/2069
  • Deleting a location cascade-deletes gateways by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2075
  • Static IP assignment from user list by @t-aleksander in https://github.com/DefGuard/defguard/pull/2077
  • update location stats API to reflect new design by @wojcik91 in https://github.com/DefGuard/defguard/pull/2081
  • Device IP management for single device by @t-aleksander in https://github.com/DefGuard/defguard/pull/2084
  • "Add new device" option for admins by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2079
  • fix keepalive interval input by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2099
  • add gateway list page by @wojcik91 in https://github.com/DefGuard/defguard/pull/2100
  • Add enabled to MailContext by @moubctez in https://github.com/DefGuard/defguard/pull/2107
  • add edit gateway page by @wojcik91 in https://github.com/DefGuard/defguard/pull/2108
  • Disabled SMTP badge in "Initiate self-enrollment" button by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2114
  • Fix welcome page by @moubctez in https://github.com/DefGuard/defguard/pull/2113
  • Update ui submodule by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2115
  • Use Desktop deep-link for enrolment by @moubctez in https://github.com/DefGuard/defguard/pull/2122
  • Block changing network address if devices are present, fix wizard by @t-aleksander in https://github.com/DefGuard/defguard/pull/2119
  • add session manager test harness by @wojcik91 in https://github.com/DefGuard/defguard/pull/2128
  • Change gateway port input type to number by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2130
  • handle public edge component URL in settings by @wojcik91 in https://github.com/DefGuard/defguard/pull/2118
  • Cleanup certs by @moubctez in https://github.com/DefGuard/defguard/pull/2134
  • use session timeout setting for cookies by @wojcik91 in https://github.com/DefGuard/defguard/pull/2143
  • add location type, fwmark, mtu columns to locations table by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2147
  • Show business & enterprise features in edit/wizard forms by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2137
  • restore restrictions section in ACL create/edit form by @wojcik91 in https://github.com/DefGuard/defguard/pull/2133
  • require destination in ACLs by @wojcik91 in https://github.com/DefGuard/defguard/pull/2146
  • Gateway/Edge enabled/disabled by @moubctez in https://github.com/DefGuard/defguard/pull/2158
  • display pending ACL updates in sidebar by @wojcik91 in https://github.com/DefGuard/defguard/pull/2164
  • fix cache invalidation after adding and removing new gateway by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2168
  • Automated adoption wizard by @t-aleksander in https://github.com/DefGuard/defguard/pull/2165
  • ACL form restrictions section fix by @wojcik91 in https://github.com/DefGuard/defguard/pull/2171
  • Update dependencies by @moubctez in https://github.com/DefGuard/defguard/pull/2178
  • Optimize IP's reassignement & tests by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2160
  • Deploy Edge component step in initial wizard by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2184
  • Allow entering empty secret in webhook config by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2186
  • Trim Gateways and Edges on licence expiration by @moubctez in https://github.com/DefGuard/defguard/pull/2169
  • Delete Yubikey provision trigger event on webhook by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2201
  • Add migration wizard by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2194
  • Fix empty expand in table when removing last item by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2205
  • Fix OpenID label & Change LDAP labels by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2206
  • block used alias/destination delete by @wojcik91 in https://github.com/DefGuard/defguard/pull/2204
  • LDAP case insensitive by @moubctez in https://github.com/DefGuard/defguard/pull/2195
  • User-friendly settings by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2210
  • Periodiacally refresh Gateway status by @moubctez in https://github.com/DefGuard/defguard/pull/2212
  • License check by @moubctez in https://github.com/DefGuard/defguard/pull/2230
  • Fix stale gateway/edge connected status by @t-aleksander in https://github.com/DefGuard/defguard/pull/2232
  • Hide "Device IP settings" option for non-admin users by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2234
  • Network devices UI fixes by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2235
  • Fix network device edit modal by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2237
  • Adoption core logs by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2188
  • Migrate locations by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2245
  • Network readdress by @moubctez in https://github.com/DefGuard/defguard/pull/2260
  • Add more logs to automatic component adoption process by @t-aleksander in https://github.com/DefGuard/defguard/pull/2274
  • share edge deploy wizard step component by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2275
  • use table edit cell by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2276
  • ACL UI fixes by @wojcik91 in https://github.com/DefGuard/defguard/pull/2222
  • Fix MFA mail by @moubctez in https://github.com/DefGuard/defguard/pull/2281
  • Tweak settings UI by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2282
  • update openid table page by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2285
  • Prepare for Alpha Two by @moubctez in https://github.com/DefGuard/defguard/pull/2284
  • Default MFA option only for logged in user by @moubctez in https://github.com/DefGuard/defguard/pull/2286
  • fix logout not removing cookies by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2287
  • Redirect to user profile page on 403 status code by @moubctez in https://github.com/DefGuard/defguard/pull/2288
  • Add snackbars to all settings pages, fix form state in client behavio… by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2290
  • Adoption logs UI tweaks by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2289
  • Change icon to text & add sorting by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2292
  • Show error in form on incorrect current password by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2293
  • Remove placeholder, add variable to Webhook by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2297
  • Add network device & openid deletion confirmation modals by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2296
  • fix cache invalidation for client behavior settings page by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2294
  • Require current password for self-edit, skip for admin non-self edits by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2301
  • Allow admin for editing users credentials by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2302
  • Fix spacing on restrictions section by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2305
  • change FormInput to FormTextarea to handle \n by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2310
  • fix app crash when clicking initiate enrollment button by @wojcik91 in https://github.com/DefGuard/defguard/pull/2312
  • Change labels in migration one liner wizard by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2313
  • Implement UI fixes and improvements by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2315
  • Duplicate authentication keys / name checking by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2318
  • add confirm action modal by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2308
  • Add user device delete confirmation by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2322
  • Check for duplicate pubkey & check for duplicates during renaming auth keys by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2324
  • extend session manager test suite by @wojcik91 in https://github.com/DefGuard/defguard/pull/2325
  • tables update 3 by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2331
  • Remove unnecessary toggle by @wojcik91 in https://github.com/DefGuard/defguard/pull/2339
  • add missing images to license modals and welcome wizard screens by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2341
  • Allowed groups by @moubctez in https://github.com/DefGuard/defguard/pull/2332
  • Add more tests for initial/migration/auto-adoption wizards by @t-aleksander in https://github.com/DefGuard/defguard/pull/2340
  • Block adding device when there is no space in at least one subnet by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2338
  • Add missing variables to tests by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2344
  • Disable Submit when user has no devices to re-address by @moubctez in https://github.com/DefGuard/defguard/pull/2346
  • fix modal scroll by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2347
  • Remove rp id from settings and derive it from defguard_url by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2326
  • fix modals on profile general tab by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2349
  • restore Disable MFA action in users table by @wojcik91 in https://github.com/DefGuard/defguard/pull/2350
  • alias badge display fix by @wojcik91 in https://github.com/DefGuard/defguard/pull/2352
  • add missing actions for rules table by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2355
  • Require both parameters for auto adoption wizard (adopt-edge adopt-gateway) by @t-aleksander in https://github.com/DefGuard/defguard/pull/2354
  • Bug fixes by @moubctez in https://github.com/DefGuard/defguard/pull/2360
  • Fix initial wizard always redirecting to vpn overview by @t-aleksander in https://github.com/DefGuard/defguard/pull/2358
  • use qr-card component instead of plain qrcanvas by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2364
  • Info about licence limits by @moubctez in https://github.com/DefGuard/defguard/pull/2363
  • Block adding network device when there are no available locations by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2366
  • add missing disconnect threshold input by @wojcik91 in https://github.com/DefGuard/defguard/pull/2365
  • Cache invalidation fixes by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2370
  • Migrate defguard_url from config by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2369
  • add theme switch to top bar element by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2386
  • Update migration UI by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2385
  • Fix ACL form validation errors by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2378
  • Validate location address by @moubctez in https://github.com/DefGuard/defguard/pull/2388
  • Update deployment helps by @t-aleksander in https://github.com/DefGuard/defguard/pull/2383
  • make IP optional in activity log by @wojcik91 in https://github.com/DefGuard/defguard/pull/2394
  • add 404 and migration auth error pages by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2397
  • Fix cache invalidation after MFA method setup by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2396
  • fix missing MFA session events by @wojcik91 in https://github.com/DefGuard/defguard/pull/2371
  • Change label when creating device in full network by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2399
  • Send Gateway reconnect email by @moubctez in https://github.com/DefGuard/defguard/pull/2398
  • Add missing delete confirmations by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2403
  • Add missing disable confirmations by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2404
  • add preshared key to VPN session model by @wojcik91 in https://github.com/DefGuard/defguard/pull/2402
  • add user & device "online" indicator by @wojcik91 in https://github.com/DefGuard/defguard/pull/2409
  • adoption form default ports & helpers by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2410
  • Use new validators by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2408
  • License upsell section by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2401
  • activity log event order fix by @wojcik91 in https://github.com/DefGuard/defguard/pull/2413
  • Pagination by @moubctez in https://github.com/DefGuard/defguard/pull/2406
  • extend ACL test coverage for new flags by @wojcik91 in https://github.com/DefGuard/defguard/pull/2411
  • Limited pagination by @moubctez in https://github.com/DefGuard/defguard/pull/2417
  • Autoadoption logs by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2416
  • Frontend validators tests by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2429
  • Adjust E2E tests to the new initial wizard and fix existing tests by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2428
  • use secret_key field from Settings to generate JWTs by @wojcik91 in https://github.com/DefGuard/defguard/pull/2434
  • restore core gRPC server tests & add testing framework for gateway handlers by @wojcik91 in https://github.com/DefGuard/defguard/pull/2381
  • fix API tokens page license handling by @wojcik91 in https://github.com/DefGuard/defguard/pull/2431
  • remove gRPC Auth service by @wojcik91 in https://github.com/DefGuard/defguard/pull/2437
  • update ACL rules table columns by @wojcik91 in https://github.com/DefGuard/defguard/pull/2441
  • Mail templates by @moubctez in https://github.com/DefGuard/defguard/pull/2430
  • Ensure settings are initialized before running wizards by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2447
  • Prevent creating network which can't contain already existing devices & Hostname validator tweak by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2444
  • fix last connected IP column value in Users table by @wojcik91 in https://github.com/DefGuard/defguard/pull/2443
  • Plain text mail by @moubctez in https://github.com/DefGuard/defguard/pull/2451
  • Enrollment settings by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2433
  • New support page by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2452
  • Fix license upsell sections spacing by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2456
  • ACL rule generator by @moubctez in https://github.com/DefGuard/defguard/pull/2459
  • Squash migrations by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2229
  • New version notification by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2460
  • Change text in Support page / Make field nullable in LDAP form by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2472
  • Prevent setting gateway address to network or broadcast address by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2478
  • ACL rules table audit columns by @wojcik91 in https://github.com/DefGuard/defguard/pull/2474
  • Fix redirect after openid authorization by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2479
  • Fix padding on VPN overview page by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2480
  • Make wizard modals scrollable by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2481
  • Add tooltips on deploy edge/gateway step by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2482
  • add missing translation keys by @wojcik91 in https://github.com/DefGuard/defguard/pull/2477
  • Enrollment styling by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2486
  • show warning if editing a location could cause VPN sessions to disconnect by @wojcik91 in https://github.com/DefGuard/defguard/pull/2473
  • Add wizard dividers by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2492
  • update firewall rule labels by @wojcik91 in https://github.com/DefGuard/defguard/pull/2489
  • Redirect to app if user already logged in by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2490
  • add empty helper translation keys by @wojcik91 in https://github.com/DefGuard/defguard/pull/2494
  • location form all groups toggle fix by @wojcik91 in https://github.com/DefGuard/defguard/pull/2497
  • defguard_certs: do not depend on sqlx by @moubctez in https://github.com/DefGuard/defguard/pull/2501
  • Locate groups by ID instead of name by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2493
  • warn user before deleting edge which is disconnected by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2502
  • Fix error messages by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2506
  • Clear field on "any" option by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2509
  • Extend UserInfo by @moubctez in https://github.com/DefGuard/defguard/pull/2507
  • Faster cargo-deny by @moubctez in https://github.com/DefGuard/defguard/pull/2510
  • Change error message on welcome mail templates by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2513
  • Provision HTTPS certificates for Core and Proxy by @t-aleksander in https://github.com/DefGuard/defguard/pull/2464
  • add video support widget by @wojcik91 in https://github.com/DefGuard/defguard/pull/2496
  • Unify device configs by @moubctez in https://github.com/DefGuard/defguard/pull/2519
  • Fix MFA code label by @moubctez in https://github.com/DefGuard/defguard/pull/2524
  • Add support type to license proto and display it in license settings by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2498
  • Standardise welcome page dividers by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2580
  • properly validate ACL rules which use just Aliases to populate fields by @wojcik91 in https://github.com/DefGuard/defguard/pull/2577
  • add missing helper translation keys by @wojcik91 in https://github.com/DefGuard/defguard/pull/2578
  • Hide option in support page & Fix init-dev-env tool by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2583
  • Adjust private_key warning messages by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2585
  • Fix for network device config by @moubctez in https://github.com/DefGuard/defguard/pull/2587
  • Remove "back" option from adopt wizard + minor tweaks by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2590
  • Change ova download links by @t-aleksander in https://github.com/DefGuard/defguard/pull/2596
  • Set correct step after general configuration by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2592
  • Use DEFGUARD_PROXY_URL instead of DEFGUARD_ENROLLMENT_URL during migration wizard + sort locations by name by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2591
  • Fix show config for missing configs by @moubctez in https://github.com/DefGuard/defguard/pull/2598
  • Auto correct internal/public url by @t-aleksander in https://github.com/DefGuard/defguard/pull/2597
  • Change default CA common name, email address by @t-aleksander in https://github.com/DefGuard/defguard/pull/2601
  • bump min supported proxy & gateway versions by @wojcik91 in https://github.com/DefGuard/defguard/pull/2599
  • Fix proxy_url parsing by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2610
  • Change endpoint, validate network size when editing location by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2614
  • Proxy manager tests by @wojcik91 in https://github.com/DefGuard/defguard/pull/2594
  • Fix setting 2nd mfa method by @t-aleksander in https://github.com/DefGuard/defguard/pull/2619
  • fix MFA configured email subject by @wojcik91 in https://github.com/DefGuard/defguard/pull/2622
  • Fix setting default MFA by @t-aleksander in https://github.com/DefGuard/defguard/pull/2626
  • video tutorials modal by @wojcik91 in https://github.com/DefGuard/defguard/pull/2593
  • Remove mobile client info from enrollment email by @t-aleksander in https://github.com/DefGuard/defguard/pull/2634
  • Make LDAP auxiliary object classes nullable by @t-aleksander in https://github.com/DefGuard/defguard/pull/2641
  • Correct URL correction logic by @t-aleksander in https://github.com/DefGuard/defguard/pull/2646
  • Remove checkbox from certificate authority section by @t-aleksander in https://github.com/DefGuard/defguard/pull/2645
  • update login image by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2649
  • Change wizard wording by @t-aleksander in https://github.com/DefGuard/defguard/pull/2652
  • enable remote enrollment for LDAP users by @wojcik91 in https://github.com/DefGuard/defguard/pull/2609
  • Don't block dev builds by @t-aleksander in https://github.com/DefGuard/defguard/pull/2654
  • Certificate settings by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2500
  • support protobuf versioning by @wojcik91 in https://github.com/DefGuard/defguard/pull/2458
  • Reload settings after setup, guess cookie insecure if not provided by @t-aleksander in https://github.com/DefGuard/defguard/pull/2660
  • fix example gateway port in migration wizard by @wojcik91 in https://github.com/DefGuard/defguard/pull/2662
  • Email templates fixes by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2659
  • Reload config after wizard by @t-aleksander in https://github.com/DefGuard/defguard/pull/2664
  • Inform the user to update urls after cert configuration by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2666
  • Handle GatewayHandler abort by @moubctez in https://github.com/DefGuard/defguard/pull/2667
  • Disable user device actions according to permissions by @moubctez in https://github.com/DefGuard/defguard/pull/2669
  • Display too many login attempts by @moubctez in https://github.com/DefGuard/defguard/pull/2671
  • Fix trivy by @t-aleksander in https://github.com/DefGuard/defguard/pull/2672
  • Better gRPC error handling by @moubctez in https://github.com/DefGuard/defguard/pull/2675
  • Migration wizard video guide by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2670
  • improve component adoption URL parsing by @wojcik91 in https://github.com/DefGuard/defguard/pull/2674
  • add workflow to tag image as latest on release publish by @wojcik91 in https://github.com/DefGuard/defguard/pull/2676
  • Rules & OpenID provider form fixes by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2680
  • Disable Back button after Edge adoption in migration wizard by @moubctez in https://github.com/DefGuard/defguard/pull/2678
  • Cleanup Wizard by @moubctez in https://github.com/DefGuard/defguard/pull/2677
  • Fix migrator login by @t-aleksander in https://github.com/DefGuard/defguard/pull/2688
  • actually store updated ip and port in migration wizard by @wojcik91 in https://github.com/DefGuard/defguard/pull/2692
  • Certificate settings tweaks by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2694
  • add missing non-default table sorting functions by @wojcik91 in https://github.com/DefGuard/defguard/pull/2693
  • Get rid of cross-rs by @moubctez in https://github.com/DefGuard/defguard/pull/2700
  • Fix E2E tests, make them 8x faster by @t-aleksander in https://github.com/DefGuard/defguard/pull/2722
  • Update core/edge url when changing cert configuration by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2725
  • Update environmental variables by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2721
  • Update dev instance when updating branch "release/**" by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2732
  • Make unit tests 8x faster by @t-aleksander in https://github.com/DefGuard/defguard/pull/2723
  • Use AWS ecr repo for e2e postgres image by @t-aleksander in https://github.com/DefGuard/defguard/pull/2738
  • Always restart defguard service by @moubctez in https://github.com/DefGuard/defguard/pull/2729
  • add missing API endpoint for fetching user device WireGuard configs by @wojcik91 in https://github.com/DefGuard/defguard/pull/2739
  • Bulk assign / users table empty state fix by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2747
  • Fix PersistentKeepalive in WireGuard config by @moubctez in https://github.com/DefGuard/defguard/pull/2750
  • validate duplicate Gateway/Edge names in forms by @wojcik91 in https://github.com/DefGuard/defguard/pull/2741
  • Save version after migration/wizard by @t-aleksander in https://github.com/DefGuard/defguard/pull/2734
  • Cert expiry by @moubctez in https://github.com/DefGuard/defguard/pull/2744
  • Automatic Letsencrypt certificate refresh by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2730
  • Preserve old package versions on APT repository by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2761
  • Step-aware wizard video tutorial section by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2749
  • Rename migrations by @t-aleksander in https://github.com/DefGuard/defguard/pull/2763
  • Don’t fail for email errors during the enrolment by @moubctez in https://github.com/DefGuard/defguard/pull/2764
  • Render markdown in emails by @t-aleksander in https://github.com/DefGuard/defguard/pull/2760
  • add mTLS for gateway & proxy communication by @wojcik91 in https://github.com/DefGuard/defguard/pull/2726
  • Sanitize LDAP errors (2.0) by @t-aleksander in https://github.com/DefGuard/defguard/pull/2682
  • update final gw wizard step text according to the new design by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2769
  • LDAP: escape critical characters in DN by @moubctez in https://github.com/DefGuard/defguard/pull/2768
  • add missing handlers in wizard API by @wojcik91 in https://github.com/DefGuard/defguard/pull/2773
  • show contextual help on settings pages by @wojcik91 in https://github.com/DefGuard/defguard/pull/2766
  • New json schema by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2765
  • Use RSA keys for openid token signing by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2777
  • fix network capacity validator function by @wojcik91 in https://github.com/DefGuard/defguard/pull/2780
  • Fix cert settings by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2784
  • improve baseline HTTP security for no-reverse proxy deployment scenarios by @wojcik91 in https://github.com/DefGuard/defguard/pull/2782
  • Remaining wizard e2e tests by @t-aleksander in https://github.com/DefGuard/defguard/pull/2776
  • Better package by @moubctez in https://github.com/DefGuard/defguard/pull/2783
  • adjust rate limiter config by @wojcik91 in https://github.com/DefGuard/defguard/pull/2787
  • make rate limiter opt-in by @wojcik91 in https://github.com/DefGuard/defguard/pull/2792
  • Test apt repo by @t-aleksander in https://github.com/DefGuard/defguard/pull/2797
  • Add tests that we can sign CSRs generated with a NIST P-256 key by @t-aleksander in https://github.com/DefGuard/defguard/pull/2767
  • Programatic adoption of Gateways by @t-aleksander in https://github.com/DefGuard/defguard/pull/2789
  • Expose all used ports in proxy deployment example by @t-aleksander in https://github.com/DefGuard/defguard/pull/2825
  • fix user profile form validation by @wojcik91 in https://github.com/DefGuard/defguard/pull/2826
  • Fix WireGuard config and LDAP saving bugs by @t-aleksander in https://github.com/DefGuard/defguard/pull/2827
  • Bugfix package by @t-aleksander in https://github.com/DefGuard/defguard/pull/2830
  • misc email-related bugfixes by @wojcik91 in https://github.com/DefGuard/defguard/pull/2832
  • 2.0 bugfix package by @t-aleksander in https://github.com/DefGuard/defguard/pull/2835
  • form fixes by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2836
  • Change wording on some labels by @t-aleksander in https://github.com/DefGuard/defguard/pull/2837
  • Adjust auto adoption finish screens label to design by @t-aleksander in https://github.com/DefGuard/defguard/pull/2839
  • add dedicated APT repo for 2.0 packages by @wojcik91 in https://github.com/DefGuard/defguard/pull/2840
  • update dependencies in preparation for 2.0 release by @wojcik91 in https://github.com/DefGuard/defguard/pull/2841

Full Changelog: https://github.com/DefGuard/defguard/compare/v1.6.1...v2.0.0

View release on GitHub
v1.6.6 Bug fix

Fixed Active Directory login and WireGuard config issues.

Full changelog

This is a patch for the major 1.6 release.

It fixes issues with AD login and PersistentKeepalive field in generated WireGuard configs.

What's Changed

Other Changes

  • Sanitize LDAP strings, fix issues with AD crashing during login, graceful activity log restart (1.6) in https://github.com/DefGuard/defguard/pull/2683
  • Fix PersistentKeepalive in WireGuard config in https://github.com/DefGuard/defguard/pull/2751

Full Changelog: https://github.com/DefGuard/defguard/compare/v1.6.5...v1.6.6

View release on GitHub
v1.6.5 Bug fix

Fixed ACL rule generation for destination aliases in dual-stack networks and restored support for component alias ranges that were being ignored.

View release on GitHub
v1.6.4 Security relevant
Security fixes
  • CVE-2026-25537
  • GHSA-7587-4wv6-m68m
  • GHSA-8h58-w33p-wq3g
View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
2,735
Forks
101
Languages
Rust TypeScript SCSS
View on GitHub Homepage Documentation

Install & Platforms

Install via
docker shell-script

Similar tools

Firezone
tailscale
netbird
wg-easy
docker-wireguard

Beta — feedback welcome: [email protected]