Firezone

Open SourceAPI

Firezone is an open source WireGuard-based VPN and zero-trust access platform for self-hosted remote access with identit

www.firezone.dev

Last updated: April 2026

Firezone is an open source WireGuard-based VPN and zero-trust access platform for self-hosted remote access with identity provider integration.

Visit Website

4views

Cybersecurity NetworkingOpen Source Enterprise Developer-Focused Self-Hosted

About

Firezone is an open source remote access and zero-trust network access platform built on WireGuard, designed for organizations that want to provide secure remote access to their infrastructure without the complexity and cost of commercial VPN solutions. Self-hostable on any Linux server, Firezone provides a complete remote access solution with identity provider integration, access policies, and a polished management interface.

The WireGuard foundation of Firezone provides the modern, high-performance cryptographic tunneling that makes it superior to legacy VPN protocols in terms of speed, simplicity, and security. WireGuard's small codebase (relative to OpenVPN or IPSec) reduces the attack surface and enables faster security auditing. The Noise Protocol Framework cryptography used by WireGuard provides state-of-the-art security without complex certificate management.

Identity provider integration is one of Firezone's most important enterprise features. Firezone integrates with Okta, Azure AD, Google Workspace, OneLogin, JumpCloud, and any OIDC or SAML 2.0 compatible IdP. This integration means that employees use their existing corporate credentials to authenticate VPN access, eliminating the need to manage separate VPN user accounts. Group membership from the IdP can be used to determine which network resources each user group can access.

Resource-based access control in Firezone allows administrators to define which users or groups can access which network resources (IP ranges, hosts, or DNS names). Rather than granting all VPN users access to the entire internal network, granular policies restrict each user to only the specific services and hosts they need. This principle of least privilege significantly reduces the blast radius of credential compromise.

The client applications for macOS, Windows, Linux, iOS, and Android provide a native interface for connecting to Firezone VPN, displaying available resource groups, and managing the connection state. The clients integrate with the device's native keychain and authentication mechanisms for credential storage.

Firezone 1.x introduced a significant architectural evolution to a more modern, cloud-compatible design with better support for dynamic environments, NAT traversal improvements, and a more scalable multi-site architecture. The platform continues to evolve with contributions from the active open source community.

Positioning

Firezone is an open-source remote access platform built on WireGuard that replaces legacy corporate VPNs with a zero-trust network access (ZTNA) model. Unlike traditional VPNs that grant broad network access once connected, Firezone enforces granular, resource-level policies — users only reach the specific services they're authorized for.

The project originated as a self-hosted WireGuard management UI and evolved into a full-featured access gateway with identity provider integration, split tunneling, and a Rust-based client that runs on every major platform. For teams that need secure remote access without the complexity and cost of enterprise VPN appliances, Firezone delivers a modern alternative.

What You Get

WireGuard-Based Tunnels
All traffic is encrypted using WireGuard, delivering significantly better performance and simpler configuration than IPsec or OpenVPN.
Zero Trust Policies
Define access rules per resource and per user group, ensuring least-privilege access to internal services, databases, and APIs.
Identity Provider Integration
Authenticate users via Google Workspace, Okta, Azure AD, or any OIDC-compliant provider with automatic session expiry and re-authentication.
Cross-Platform Clients
Native clients for macOS, Windows, Linux, iOS, and Android with automatic reconnection and split tunneling support.
Self-Hosted Gateway
Deploy gateway nodes in your own infrastructure — Docker or bare metal — to keep traffic paths under your control.

Core Areas

Remote Access

Securely connect remote employees to internal resources without exposing entire network segments to the internet.

Zero Trust Networking

Replace implicit trust models with explicit, identity-based policies that verify every access request continuously.

Network Security

Encrypt all traffic with WireGuard and enforce DNS-based filtering to block malicious domains at the network level.

Multi-Cloud Connectivity

Bridge access across AWS, GCP, Azure, and on-premise environments through distributed gateway nodes.

Why It Matters

Corporate VPNs are one of the most exploited attack surfaces in modern security breaches — once compromised, attackers get lateral movement across the entire network. Firezone eliminates this risk by replacing the VPN paradigm with resource-level access controls that follow zero-trust principles.

Being open-source and self-hostable means organizations maintain full visibility into their access layer, with no vendor lock-in and no traffic routing through third-party infrastructure. The WireGuard foundation ensures performance that users actually notice — connections feel instant rather than throttled.

Reviews

No reviews yet.

Acronis

Acronis provides integrated cyber protection solutions combining backup, disaster recovery, and cybersecurity for businesses of all sizes.

OpenZiti

OpenZiti is an open source zero-trust overlay network for embedding zero-trust security directly into applications with SDK-based connectivity.

CybersecurityNetwork Security

NetBird

NetBird is an open source zero-trust network access platform using WireGuard to create secure private networks without VPN concentrators or firewall rules.