The Open Source
VPN Server and Firewall

Firezone is built on WireGuard® to be stable, performant, and lightweight. Deploy and manage secure remote access to your private resources in minutes.

Get Started
GitHub Repo stars
usage of Firezone VPN to add a device

Product Features

fast and stable performance
WireGuard® Support
  • Built on top of the WireGuard® protocol for performance and stability
web interface
Web GUI Management
  • Manage the VPN server and firewall through an intuitive web UI
self hosted
Self-Hosted
  • Host open-source Firezone on your own infrastructure for free
sso authentication
Single Sign On
  • Authenticate using Okta, G Suite, and more

Open source network security built for small teams

Easy to use

Simple to deploy and manage on your own hardware

  • Packaged with Chef Omnibus. No external dependencies
  • Supports  Ubuntu, CentOS, Debian, Fedora, OpenSUSE or any recent Linux kernel (4.19+) with nftables and WireGuard® support
  • Runs unprivileged. HTTPS enforced. Encrypted cookies
linux distributions logo
WireGuard performance relative to other VPN protocols

Faster and more stable

Leverage the benefits of WireGuard®

  • Simpler and leaner than IPsec / IKEv2
  • Up to 4x faster than OpenVPN (benchmark stats)
  • High throughput and low latency
  • Use the native WireGuard® clients on iOS, Android, Windows, and MacOS

Firewall included

Manage rules for allowed network traffic

  • Uses nftables to block unwanted egress traffic to specific IP addresses or CIDRs
  • Only allow the traffic you need and prevent traffic from going to unwanted hosts
Firezone firewall allowlist and denylist

Designed for simplicity and security

Get Started

Common Use Cases

Tutorials for common set-ups and configurations using Firezone. If you have a question about your architecture, please drop by our Slack Group and say hello 👋
Whitelisting with static ip diagram

NAT Gateway (Static IP)

Restrict access for a self-hosted web app to a single whitelisted static IP running Firezone.

    See Documentation >

    node to multiple node diagram

    Reverse Tunnels

    Enable an administrator to access a server, container, or machine that is normally behind a NAT or firewall.

      See Documentation >

      split tunnel diagram

      Split Tunnels

      Only traffic to defined IP ranges will be routed through the VPN server.

        See Documentation >

        WireGuard® is a registered trademark of Jason A. Donenfeld.
        Company
        Resources
        Community