MAybe Related or Unrelated, I came accorss this solution here: DefGuard/defguard: The only ,real 2FA/MFA’ WireGuard Enterprise VPN with build-in SSO, hardware keys management and more! (github.com)
And Have been having a really hard time to understand what its trying to acheive.
Is it a Wireguard-easy alternative, + keycloack alternative + 2Fa etc.
MAybe my fellow Wireguard nerds here could help me get a proper grasp.
the website is here defguard
Looking pretty Nifty below here, i think i am starting to kinda get
## Defguard Features
- OpenID Connect provider - with unique features:
- Secure remote (over the internet) user enrollment
- User onboarding after enrollment
- LDAP (tested on OpenLDAP) synchronization
- forward auth for reverse proxies (tested with Traefik and Caddy)
- nice UI to manage users
- Users self-service (besides typical data management, users can revoke access to granted apps, MFA, WireGuard®, etc.)
- Multi-Factor/2FA Authentication:
- Time-based One-Time Password Algorithm (TOTP - e.g. Google Authenticator)
- WebAuthn / FIDO2 - for hardware key authentication support (eg. YubiKey, FaceID, TouchID, …)
- Web3 - authentication with crypto software and hardware wallets using Metamask, Ledger Extension
- WireGuard® VPN management with:
- Multi-Factor Authentication with TOTP/Email & Pre-Shared Session Keys
- multiple VPN Locations (networks/sites) - with defined access (all users or only Admin group)
- multiple Gateways for each VPN Location (high availability/failover) - supported on a cluster of routers/firewalls for Linux, FreeBSD/PFSense/OPNSense
- import your current WireGuard® server configuration (with a wizard!)
- most beautiful Desktop Client! (in our opinion ;-))
- automatic IP allocation
- kernel (Linux, FreeBSD/OPNSense/PFSense) & userspace WireGuard® support with our Rust library
- dashboard and statistics overview of connected users/devices for admins
- defguard is not an official WireGuard® project, and WireGuard is a registered trademark of Jason A. Donenfeld.
- SSH & GPG public key management in user profile - with SSH keys authentication for servers
- Yubikey hardware keys provisioning for users by one click
- Email/SMTP support for notifications, remote enrollment and onboarding
- Easy support with sending debug/support information
- Webhooks & REST API
- Build with Rust for portability, security, and speed
- UI Library - our beautiful React/TypeScript UI is a collection of React components:
- a set of custom and beautiful components for the layout
- Responsive Web Design (supporting mobile phones, tablets, etc…)
- iOS Web App
- Checked by professional security researchers (see comprehensive security report)
- End2End tests
This Makes Sense Now Introduction | defguard (gitbook.io)
@alefattorini could you kindly move this to a new Features Topic
@mrmarkuz what do you think about this tool.