Defguard
Enterprise WireGuard VPN with built-in MFA and full sovereignty.

Defguard is a self-hosted, open-source enterprise VPN platform built on WireGuard that includes connection-level multi-factor authentication and integrated identity management. It supports SSO integration with major providers like Google, Microsoft, and Okta, as well as LDAP and Active Directory, while offering firewall policy orchestration across multiple gateways. Designed for organizations requiring data sovereignty and compliance with ISO 27001, NIS2, GDPR, and HIPAA, it runs entirely on the customer's own infrastructure.
Defguard deploys on-premise as an isolated control plane, unifying WireGuard VPN with MFA/2FA at the protocol level, SSO/IdP integration, and RBAC-based firewall rules managed from a single UI.
enterprise IT and security teams requiring self-hosted VPN with strong access controls
Background.
- Status
- launched
- Business model
- open-source
- Company
- Defguard
Similar projects.
Editorial take on the space this project sits in — momentum signals, adjacent moves, our call on whether the wedge is real. Get pinged when we publish a new read or when the landscape shifts.
Have a take on this space?
Tell us what you’d build differently, where you think the incumbents miss, or what we’ve gotten wrong about this project. Comments + reactions are coming soon.