Firezone Icon

Open-source self-hosted VPN and firewall built on WireGuard®.

Open Source

Firezone Source Code




WireGuard®-based zero-trust access platform with OIDC auth, identity sync, and NAT traversal.






22 Apr 20

Last Updated

17 May 24

Latest version


Primary Language



146,099 KB







Language Usage

Language Usage

Star History

Star History

Recent Commits

  • Reactor Scram (17 May 24)

    fix(gui-client): log and continue if getting or deleting the token fails (#5021) Closes #5016

  • Jamil (17 May 24)

    feat(devops): Add example for spinning up performance testing VMs on Azure (#4647) Sets up boilerplate for Azure performance testing infra. They have some really interesting high performance VMs that would be fitting for our use cases, including [ones with RDMA-enabled Infiniband networking cards]( if we really want to go wild.

  • Reactor Scram (17 May 24)

    chore(rust): update to Rust 1.78 (#5006) ```[tasklist] ### Before merging - [x] Apple smoke test - [x] Android smoke test ```

  • Jamil (17 May 24)

    docs: Fix sidebar spacing a little (#5020)

  • Gabi (17 May 24)

    chore(connlib): ensure there are client_resources before trying to sample them in proptest (#5017) This came up while working on #4994 while writing the proptests I noticed that the precondition could panic since we don't have this check there and would cause shrinking to fail.

  • Gabi (16 May 24)

    chore(connlib): set_payload is called for udp packets for tests (#5018) came up while working on #4994

  • Reactor Scram (16 May 24)

    build(gui-client): add post-install and pre-remove scripts to the deb package (#5011) Closes #4987 ```[tasklist] ### Before merging - [x] Get an x64 test VM on the Windows laptop and test a CI-built deb ```

  • Jamil (16 May 24)

    chore: remove beta mention from pricing page (#5013)

  • Reactor Scram (16 May 24)

    docs(client): add support options (Discord, email, etc.) to all Client docs (#5008) Extracted from #4965, it was mixed in there

  • Gabi (15 May 24)

    chore(connlib): limit resource_update to resource changes (#5005)

  • Reactor Scram (15 May 24)

    chore(client): update internal docs for Windows and Linux GUI Clients (#5003) Copied out of #4978

  • Jamil (15 May 24)

    feat(website): Increase team user limit to 100 (#5002) - Increase limits for team plan to make more sense - More CTA and features list for Enterprise plan Fixes firezone/gtm#272 Fixes firezone/gtm#267

  • Jamil (15 May 24)

    fix(portal): Dedicate 3/12 width for columns with IPs (#5001) - Ensure IP address appears on newline always - Dedicate 3/12 width for table columns that can contain IPv6 addresses - Removes the `(IP)` parentheses because that makes it hard to copy/paste the IP Fixes #4992

  • Jamil (15 May 24)

    docs: Uninstall Gateway (#4966) --------- Signed-off-by: Jamil <[email protected]> Co-authored-by: Brian Manifold <[email protected]> Co-authored-by: Andrew Dryga <[email protected]> Co-authored-by: Reactor Scram <[email protected]> Co-authored-by: Gabi <[email protected]>

  • Reactor Scram (15 May 24)

    test: remove backwards compatibility code for older Docker images (#4993) Closes #4951

  • Jamil (15 May 24)

    docs: Fix sidebar padding (#4989) Fixes #4986

  • Gabi (15 May 24)

    feat(connlib): report resource status to client (#4931) This PR introduces site's `Status`. That's used to report to the client the status, either, unknown, online or offline, mostly as a hint to users as what's wrong with a connection. This are the criteria for an online or offline resource * If all sites related to a resource are offline the resource is considered offline, since there's no gateway that can respond to that resource's connection * If any site is online the resource is online, since that same peer can be used to reach that resource * Any other case is unknown Right now resources are single site so it doesn't matter too much but tracking online/offline per-site instead of per-gateway or resource seems like the better long-term solution. The way to "find out" the site's status is: * If a response to a connection details is offline, all sites related to that resource must be offline otherwise there would've been a gateway in the response * At the point we connect to a gateway, the site that corresponds to that gateway must be online * When a connection to a peer stops it's considered unknown again Fixes #4738

  • Jamil (15 May 24)

    docs: Refactor SSO guides to make sync optional (#4988) Makes the sync steps optional so the Google, Okta, and Entra guides work for all plans. refs #4984

  • Reactor Scram (14 May 24)

    chore(windows): style the MSI installer (#4990) Closes #4919 ![image]( ![image]( ![image](

  • Andrew Dryga (14 May 24)

    Move GCP deployments to separate GitHub environments

  • Andrew Dryga (14 May 24)

    Bump all Elixir deps

  • Brian Manifold (14 May 24)

    refactor(portal): Update IDP creation flow (#4984) Why: * The new flow for creating an identity provider in Firezone allows the user to not have to worry what features their plan has enabled. It will allow the user to select which identity provider they use and will take them to the appropriate form depending on the features they have enabled on their plan. ## Screenshots ### Selecting an identity provider <img width="937" alt="Screenshot 2024-05-14 at 11 53 17 AM" src=""> ### New OIDC form when a custom provider is selected but IDP sync is not enabled for account <img width="903" alt="Screenshot 2024-05-14 at 11 54 58 AM" src="">

  • Andrew Dryga (14 May 24)

    chore(portal): Use redactor to reduce chances of accidentally logging secrets (#4983)

  • Jamil (14 May 24)

    chore: bump versions for 1.0.4 release (#4985) Update download links etc for the 1.0.4 release

  • Jamil (14 May 24)

    docs: Fix docs code blocks with arrow (#4982) before <img width="222" alt="Screenshot 2024-05-14 at 6 29 52 AM" src=""> after <img width="209" alt="Screenshot 2024-05-14 at 8 31 40 AM" src="">

  • Reactor Scram (13 May 24)

    ci(windows): time out the WebView2 install after 5 minutes (#4981) It typically takes about 1 minute to run in CI. We don't have any leads on fixing this issue, and it may be a regression in a recent release of WebView2.

  • Andrew Dryga (13 May 24)

    Try to use deployment environments

  • Andrew Dryga (13 May 24)

    Do not r/./- when deploying gateways

  • dependabot[bot] (13 May 24)

    build(deps): Bump base64 from 0.22.0 to 0.22.1 in /rust (#4969) Bumps [base64]( from 0.22.0 to 0.22.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="">base64's changelog</a>.</em></p> <blockquote> <h1>0.22.1</h1> <ul> <li>Correct the symbols used for the predefined <code>alphabet::BIN_HEX</code>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=""><code>e144006</code></a> v0.22.1</li> <li><a href=""><code>64cca59</code></a> Merge pull request <a href="">#271</a> from JobanSD/patch-1</li> <li><a href=""><code>838355e</code></a> Correct BinHex 4.0 alphabet according to specifications</li> <li><a href=""><code>bf15ccf</code></a> Merge pull request <a href="">#270</a> from marshallpierce/mp/clippy</li> <li><a href=""><code>fc6aabe</code></a> Appease clippy</li> <li><a href=""><code>9a518a2</code></a> Merge pull request <a href="">#267</a> from bdura/patch-1</li> <li><a href=""><code>d96c80f</code></a> Merge branch 'marshallpierce:master' into patch-1</li> <li><a href=""><code>e8e4a22</code></a> docs: fix trailing ``` in example</li> <li>See full diff in <a href="">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](]( Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]>

  • Andrew Dryga (13 May 24)

    Also copy versioned binaries to prod when deploying

Firezone Website



Does not redirect

Security Checks

2 security checks failed (64 passed)

  • Robots Noindex
  • Empty Page Title

Server Details

  • IP Address
  • Location Walnut, California, United States of America, NA
  • ISP Vercel Inc
  • ASN AS16509

Associated Countries

  • US

Saftey Score

Website marked as moderately safe


Blacklist Check was found on 0 blacklists

  • ThreatLog
  • OpenPhish
  • PhishTank
  • Phishing.Database
  • PhishStats
  • URLhaus
  • RPiList Not Serious
  • AntiSocial Blacklist
  • PhishFeed
  • NABP Not Recommended Sites
  • Spam404
  • CRDF
  • Artists Against 419
  • CERT Polska
  • PetScams
  • Suspicious Hosting IP
  • Phishunt
  • CoinBlockerLists
  • MetaMask EthPhishing
  • EtherScamDB
  • EtherAddressLookup
  • ViriBack C2 Tracker
  • Bambenek Consulting
  • Badbitcoin
  • SecureReload Phishing List
  • Fake Website Buster
  • TweetFeed
  • CryptoScamDB
  • StopGunScams
  • ThreatFox
  • PhishFort

Website Preview

Firezone Reviews

More Self-Hosted Network Security

About the Data: Firezone


You can access Firezone's data programmatically via our API. Simply make a GET request to:

The REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.

About the Data

Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.

Share Firezone

Help your friends compare Self-Hosted Network Security, and pick privacy-respecting software and services.
Share Firezone and Awesome Privacy with your network!

View Self-Hosted Network Security (8)