Pritunl raspberry pi3/9/2023 ![]() As of right now, Tailscale is the only closed source solution that works.Īs someone who uses OPNsense a lot now, the community WG plugin is both a fairly minimal MVP and also for whatever reason WG on OPNsense has been a bit wonky. ![]() If u can have a simple 2-FA - even something as simple as getting a google auth login link while connecting as second factor - that would make the killer feature here. But Pritunl doesnt let u setup google auth as a second factor and its generally tricky to config. Of all the open source software here, only Pritunl comes somewhat close by layering google auth. We have requested the most popular wireguard self-setup - Algo - but also have been rejected. We have filed tickets on wireguard and it has always got rejected - things like epass2003, fido keys, etc. But the fact remains that most high-sec compliance needs 2-FA. I am not a security expert and wouldnt know about the pros and cons here. We get rejected on stuff like PCI-DSS because the standards mandate a 2-FA. I have a singular request - so Wireguard is unusable in any high security environments with compliance requirements - because it doesnt support any 2-factor auth out of the box. I wanted to show it here and see what HN thinks. Longer-term I’d like to add things like DNS-based ad blocking, IP blocklist support, LDAP / SSO authentication, and more user management features. ![]() In the near term I’m planning to polish it up a bit and add more security features. The firewall application is essentially a frontend to nftables and currently functions as a simple egress firewall to block outbound traffic to specific hosts/CIDRs (in your private network or elsewhere). I built it this way to allow potentially decoupling the Web UI, VPN, and firewall hosts at some point in the future, but for now Firezone assumes they’re all running on the same host. The Web UI communicates with two other Elixir applications that manage the WireGuard configuration and firewall configuration respectively. The Web UI is built with Elixir/Phoenix (I’m a recovering full-stack Rails engineer) and runs as an unprivileged user. So I built some convenience functionality on top, added a simple Web UI, and open sourced it.įirezone is packaged with Chef Omnibus so the only dependencies are a recent Linux kernel (4.19+) and the WireGuard module. I discovered WireGuard and quickly fell in love with it, but soon found managing the peer configs to be a bit tedious and error-prone. I tried OpenVPN Access Server but I personally feel that security software should be open source to be validated (and improved) by the community. While working at Cisco as a security automation engineer I experienced a lot of unnecessary pain managing secure network-level access into our cloud VPCs. Author here! I created Firezone to make it easier to host and manage your own WireGuard VPN server.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |