🎉 Firezone 0.5.0 is live! Check our blog for the full story.

Self-hosted secure remote access

Firezone is an open-source VPN and firewall server built on WireGuard® to be stable, performant, and lightweight. Deploy in minutes on your own infrastructure.
Deploy Now
Not sure if Firezone is right for your business? Schedule a demo.
GitHub Repo stars
Firezone WebUI video

Install Firezone

Set up in minutes using our one-line install script:
sudo -E bash -c "$(curl -fsSL https://github.com/firezone/firezone/raw/master/scripts/install.sh)"
copy icon
Copy script
Copied!
Paste that into a Linux shell prompt.
Review the source of the script here.

A modern alternative to legacy VPNs and firewalls

Simple to manage

Manage your network using the intuitive web GUI

Firezone is built to be self-serve. The Web GUI, CLI utility, and in-depth documentation makes management painless for admins.
web gui
cloud logo diagram
Self-host anywhere

No vendor lock-in. Take ownership of your network.

Firezone runs on your infrastructure. There's no need to risk breaches by sending data to third parties or to waste time on compliance checks.
  • Supports Ubuntu, CentOS, Debian, Fedora, OpenSUSE or any recent Linux kernel (5.0+).
  • Runs unprivileged. HTTPS enforced. Encrypted cookies.
  • Packaged with Chef Omnibus. No external dependencies.
Built on WireGuard®

Faster speeds on the same hardware

Firezone uses WireGuard®, a simple, fast and modern VPN protocol that utilizes state-of-the-art cryptography.
  • Simpler and leaner than other VPN protocols like IPsec / IKEv2 and OpenVPN.
  • Up to 4x to 6x faster than OpenVPN (benchmark stats.)
  • High throughput and low latency.
wireguard speed diagram

Authenticate with your identity provider and enforce MFA

Only allow connections from authenticated users and automatically disable access for employees who have left. Firezone integrates with any OIDC compatible identity provider for single sign-on (SSO).
View documentation

How Firezone works

Use Firezone to manage secure access to your servers, computers, and cloud infrastructure. Firezone requires minimal configuration and is quick to deploy.
  1. Download Firezone to a supported Linux host with access to your protected resources.
  2. Install the official WireGuard client on the user devices you wish to access these protected resources.
  3. Using the Firezone Web UI, add device configs to your WireGuard clients to grant them access.
View documentation
architecture

Deploy Firezone on a supported host

View documentation

Easy to manage and blazing fast

A simple and performant remote access platform built for small teams.
speed icon

WireGuard® Support

Built on top of the WireGuard® protocol for performance and stability.
directional icon

Web GUI Management

Manage your VPN and firewall server through an intuitive web GUI.
flag icon

Self-Hosted

Deploy on your own hardware or infrastructure in minutes.
checkmark icon

Single Sign On (SSO)

Authenticate with any identity provider with an OpenID Connect (OIDC) connector.
globe icon

Open-Source

Firezone is distributed under the Apache 2.0 License.
time icon

TOTP-based MFA

Enforce multi-factor authentication using a time-based one-time password.
observability icon

Observability

Configurable logging of usage activity by peers.
locked icon

Firewall included

Only allow the traffic you need and prevent traffic from going to unwanted hosts.

Common Use Cases

Tutorials for common set-ups and configurations using Firezone. If you have a question about your architecture, please drop by our Slack Group and say hello 👋.
nat gateway architecture diagram
nat gateway icon

NAT Gateway (Static IP)

Restrict access for a self-hosted web app to a single whitelisted static IP running Firezone.
reverse tunnel diagram
reverse tunnel logo

Reverse Tunnels

Enable an administrator to access a server, container, or machine that is normally behind a NAT or firewall.
split tunnel diagram
split tunnel logo

Split Tunnels

Only traffic to defined IP ranges will be routed through the VPN server.

Firezone is an open-source VPN and firewall server built on WireGuard® to be stable, performant, and lightweight. Deploy in minutes on your own infrastructure.

Deploy NowSchedule demo
Company
AboutJobs (We're hiring)PricingOpen source
Resources
BlogDocumentationSupportContact us
Community
SlackGithubForumTwitterLinkedIn
© 2022 Firezone, Inc. All rights reserved.
WireGuard® is a registered trademark of Jason A. Donenfeld.