Firezone

Firezone provides a self‑hosted VPN and firewall that uses the WireGuard protocol to secure remote access. It is managed through a web graphical interface and a command‑line tool, and can be installed with a single‑line script or via Docker containers. Authentication integrates with identity providers through OpenID Connect, supporting single sign‑on and multi‑factor authentication, while all traffic is encrypted and the server runs unprivileged.

The system includes a built‑in Linux nftables firewall to block unwanted egress, and its architecture supports multiple gateways with automatic load balancing and failover. Policies are defined in a simple UI, allowing restrictions based on user, group, device location, time of day, and other real‑time conditions. Clients are available for major desktop and mobile platforms and maintain connections across network changes.

Firezone is released under the Apache‑2.0 license, requires no subscription, and is positioned as a free, open‑source alternative to traditional VPN solutions, targeting organizations that need zero‑trust access while retaining full control over their infrastructure.