Defguard
defguard.netEnterprise WireGuard VPN with built-in MFA and full sovereignty.
Securityvpnwireguardmfazero-trustself-hostedopen-sourceiam
About
Defguard is a self-hosted, open-source enterprise VPN platform built on WireGuard that includes connection-level multi-factor authentication and integrated identity management. It supports SSO integration with major providers like Google, Microsoft, and Okta, as well as LDAP and Active Directory, while offering firewall policy orchestration across multiple gateways. Designed for organizations requiring data sovereignty and compliance with ISO 27001, NIS2, GDPR, and HIPAA, it runs entirely on the customer's own infrastructure.
Problem
Organizations need a secure, self-hosted VPN solution with true MFA enforcement and identity management without relying on cloud infrastructure.
For
enterprise IT and security teams requiring self-hosted VPN with strong access controls
How it works
Defguard deploys on-premise as an isolated control plane, unifying WireGuard VPN with MFA/2FA at the protocol level, SSO/IdP integration, and RBAC-based firewall rules managed from a single UI.
Business model
open-source
Status
launched
Company
Defguard