Zero-trust remote access platform built on WireGuard with peer-to-peer encrypted tunnels
- Stars8.7k
- Forks418
- Open Issues450
Apache-2.0
- Elixir
- Rust
- Swift
About Firezone
Firezone securely manages remote access for organizations of any size. It takes a least-privileged approach with group-based policies that control access to individual applications, entire subnets, or anything in between. Built on WireGuard, it serves as a replacement for traditional VPN setups.
It connects users through peer-to-peer, end-to-end encrypted tunnels and uses holepunching to establish access at the time of access. You can authenticate users via email, Google Workspace, Okta, Entra ID, or OIDC, and sync users and groups automatically. A web admin UI deploys gateways and configures access policies, and two or more gateways give automatic load balancing and failover.
Firezone runs as a managed cloud service or as self-hosted code. Self-hosting is allowed for educational or hobby use, but production self-hosting is not officially supported. It is licensed under Apache 2.0 and Elastic 2.0, with clients for macOS, iOS, Android, ChromeOS, Windows, and Linux.
Key features
- Group-based least-privileged access policies
- Peer-to-peer, end-to-end encrypted WireGuard tunnels
- SSO via email, Google Workspace, Okta, Entra ID, or OIDC
- Automatic user and group directory sync
- Multiple gateways for load balancing and failover
Details
- First released
- 2020
- Self-hosting
- Allowed for educational or hobby use
- Platforms
- Win · Mac · Linux · Android · iOS · Web
- Deployment
- cloud · self-hostable
- Encryption
- WireGuard · ChaCha20/Poly1305
- Pricing
- Free, Team, and Enterprise