Question 1

How do I set up Defguard with my existing Active Directory?

Accepted Answer

Defguard supports two-way synchronization with Active Directory/LDAP through its web UI or configuration files. You can integrate it by following the documentation on LDAP and Active Directory integration, which allows for user and group management from AD.

Question 2

Defguard vs Tailscale: which is better for a self-hosted VPN?

Accepted Answer

Defguard is ideal for enterprises needing full on-premises control with MFA for WireGuard and integrated identity management, while Tailscale offers easier, cloud-managed setup but less customization. Choose Defguard if security and self-hosting are top priorities.

Question 3

Does Defguard have a mobile app for VPN connections?

Accepted Answer

The README primarily focuses on the desktop client, and while WireGuard configurations can be used on mobile, native mobile apps might not be as feature-rich. Check the official documentation or GitHub for updates on mobile support.

Question 4

How to enable biometric authentication like FaceID in Defguard?

Accepted Answer

Defguard supports WebAuthn/FIDO2 for hardware keys and biometrics. Enable it by configuring MFA in the user settings or admin panel, using compatible devices such as YubiKeys or built-in biometric sensors.

Question 5

Is Defguard free for commercial use in my company?

Accepted Answer

Defguard uses a dual license: AGPL for open-core components and an enterprise license for advanced features. For full commercial use without restrictions, you may need the enterprise license, so review the licensing terms carefully.

Question 6

Can I deploy Defguard on Kubernetes for production?

Accepted Answer

Yes, Defguard includes Kubernetes deployment examples and is designed for high availability, making it suitable for production environments with support for multiple gateways and locations.

Question 7

How to import my existing WireGuard server configuration into Defguard?

Accepted Answer

Defguard offers a wizard for importing current WireGuard server configurations. Use the web UI to upload your config, and it will guide you through the setup process to integrate it with Defguard's management features.

defguard

What is defguard?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions