🎉 Firezone 0.5.0 is live! Check our blog for the full story.

Self-hosted secure remote access

Firezone is an open-source VPN and firewall server built on WireGuard® to be stable, performant, and lightweight. Deploy in minutes on your own infrastructure.
Not sure if Firezone is right for your business? Schedule a demo.
GitHub Repo stars
Firezone WebUI video

Install Firezone

Set up in minutes using our one-line install script:
sudo -E bash -c "$(curl -fsSL https://github.com/firezone/firezone/raw/master/scripts/install.sh)"
copy icon
Copy script
Paste that into a Linux shell prompt.
Review the source of the script here.

A modern alternative to legacy VPNs and firewalls

Manage your network using the intuitive web GUI

Firezone is built to be self-serve. The Web GUI, CLI utility, and in-depth documentation makes management painless for admins.
web gui
cloud logo diagram

No vendor lock-in. Take ownership of your network.

Firezone runs on your infrastructure. There's no need to risk breaches by sending data to third parties or to waste time on compliance checks.
  • Supports Ubuntu, CentOS, Debian, Fedora, OpenSUSE or any recent Linux kernel (5.0+).
  • Runs unprivileged. HTTPS enforced. Encrypted cookies.
  • Packaged with Chef Omnibus. No external dependencies.

Faster speeds on the same hardware

Firezone uses WireGuard®, a simple, fast and modern VPN protocol that utilizes state-of-the-art cryptography.
  • Simpler and leaner than other VPN protocols like IPsec / IKEv2 and OpenVPN.
  • Up to 4x to 6x faster than OpenVPN (benchmark stats.)
  • High throughput and low latency.
wireguard speed diagram

Authenticate with your identity provider and enforce MFA

Only allow connections from authenticated users and automatically disable access for employees who have left. Firezone integrates with any OIDC compatible identity provider for single sign-on (SSO).

How Firezone works

Use Firezone to manage secure access to your servers, computers, and cloud infrastructure. Firezone requires minimal configuration and is quick to deploy.
  1. Download Firezone to a supported Linux host with access to your protected resources.
  2. Install the official WireGuard client on the user devices you wish to access these protected resources.
  3. Using the Firezone Web UI, add device configs to your WireGuard clients to grant them access.
View documentation

Deploy Firezone on a supported host

Easy to manage and blazing fast

A simple and performant remote access platform built for small teams.
speed icon

WireGuard® Support

Built on top of the WireGuard® protocol for performance and stability.
directional icon

Web GUI Management

Manage your VPN and firewall server through an intuitive web GUI.
flag icon


Deploy on your own hardware or infrastructure in minutes.
checkmark icon

Single Sign On (SSO)

Authenticate with any identity provider with an OpenID Connect (OIDC) connector.
globe icon


Firezone is distributed under the Apache 2.0 License.
time icon

TOTP-based MFA

Enforce multi-factor authentication using a time-based one-time password.
observability icon


Configurable logging of usage activity by peers.
locked icon

Firewall included

Only allow the traffic you need and prevent traffic from going to unwanted hosts.

Common Use Cases

Tutorials for common set-ups and configurations using Firezone. If you have a question about your architecture, please drop by our Slack Group and say hello 👋.