Defguard

defguard.net

Enterprise WireGuard VPN with built-in MFA and full sovereignty.

Visit
Defguard screenshot
/ About /

Defguard is a self-hosted, open-source enterprise VPN platform built on WireGuard that includes connection-level multi-factor authentication and integrated identity management. It supports SSO integration with major providers like Google, Microsoft, and Okta, as well as LDAP and Active Directory, while offering firewall policy orchestration across multiple gateways. Designed for organizations requiring data sovereignty and compliance with ISO 27001, NIS2, GDPR, and HIPAA, it runs entirely on the customer's own infrastructure.

/ How it works /

Defguard deploys on-premise as an isolated control plane, unifying WireGuard VPN with MFA/2FA at the protocol level, SSO/IdP integration, and RBAC-based firewall rules managed from a single UI.

/ Who it's for /

enterprise IT and security teams requiring self-hosted VPN with strong access controls

/ More info /

Background.

Status
launched
Business model
open-source
Company
Defguard
/ Discovered patterns /

Similar projects.

Coming soonSpektrail’s read on Security

Editorial take on the space this project sits in — momentum signals, adjacent moves, our call on whether the wedge is real. Get pinged when we publish a new read or when the landscape shifts.

Coming soon

Have a take on this space?

Tell us what you’d build differently, where you think the incumbents miss, or what we’ve gotten wrong about this project. Comments + reactions are coming soon.