Firezone - FOSS noconf Mesh VPN using Wireguard, alternative to ZeroTier, Tailscale, OmniEdge, Netmaker etc
marcusquinn last edited by marcusquinn
Self-hosted secure remote access
Firezone is an open-source VPN and firewall server built on WireGuard to be stable, performant, and lightweight. Deploy in minutes on your own infrastructure.
sudo -E bash -c "$(curl -fsSL https://github.com/firezone/firezone/raw/master/scripts/install.sh)"
Uses the standard Wireguard clients for all platforms, and the QR code generation looks good for making the setups easy enough for non-technical users.
Looks like it supports Keycloak, so may interest @nj
Common Use Cases
NAT Gateway (Static IP)
Restrict access for a self-hosted web app to a single whitelisted static IP running Firezone. (a highly recommended additional layer of protection for self-hosted apps that don't need to be exposed to on public IPs).
Enable an administrator to access a server, container, or machine that is normally behind a NAT or firewall.
Only traffic to defined IP ranges will be routed through the VPN server.
timconsidine App Dev last edited by
@marcusquinn not sure I know enough yet to judge, but I’m drawn more to this one out of the various options posted.
Just my initial unqualified 2p
@timconsidine I actually JUST installed this on a non-cloudron server and I gotta say it would be perfect as an app.
micmc last edited by
@marcusquinn Awesome find!
necrevistonnezr last edited by
@micmc does that work with dynamic IPs as well?
@necrevistonnezr My complete guess is the broker service needs a fixed IP or domain mapped to a dynamic DNS service, but that clients shouldn't need fixed IPs.
Docker deployment now preferred: https://docs.firezone.dev/deploy/docker/
Keycloak integration: https://docs.firezone.dev/authenticate/oidc/keycloak/