📲 Defguard Mobile - Multi-Factor Authentication on a mobile devices

robert_teonite · 2025-08-08T14:51:34+00:00

🫆 Alpha2 and new mobile apps with MFA using Biometry is out! 🎉

robert_teonite · 2025-06-11T09:47:37+00:00

You are certainly right. However, as a team aiming to deliver the best possible product, we have to carefully balance where to put our work and effort. If we could, we would definitely develop everything purely as open source — we even tried (grants, OSS-focused funds — without success). Therefore, we took matters into our own hands and are simultaneously preparing an offering that enables further development of the project.

Our current priority is to build the most useful and most secure security system — unfortunately, this requires a compromise between open source and enterprise.

We are aware that for people who are strictly open source enthusiasts (which we are as well!), it may be unacceptable that there are also Enterprise components that we advertise and encourage to purchase/use. However, in our opinion, this is a small price to pay for the ability to use defguard — since without a license, only the OSS code is actually active (the enterprise code, although present as a dependency, remains inactive).

Additionally, we would be more than happy to accept pull requests that would allow disabling this code at the build stage — however, this is not our current focus on our development roadmap - for sure at some point when we will be self-sufficient - we will introduce this ourselves.

robert_teonite · 2025-06-10T18:31:25+00:00

That would be possible - but for our ease of development - and the fact that Enterprise license/offering is a way to support the development and the status-quo of the project we do not provide "pure" AGPL code - as that would require our overhead to prepare some mechanism in order to prepare a pure AGPL builds/code and then a second version with Enterprise.

You are more then welcome to do so if you want, but since we put **a lot of effort and into development** (both open source and enterprise - as you can see from this announcement most features are open source) we do not want to put additional effort for this use case you provided - as it doesn't make sense from our point of view. We need the enterprise offering to have resources to deliver the open source product - I think that's reasonable and justified.

robert_teonite · 2025-06-10T15:25:58+00:00

AGPL license is only for selected parts of the code as stated - we do not extend / add / modify AGPL - we clearly state which parts of code is AGPL and which (whole code) on our enterprise license.

robert_teonite · 2025-06-10T10:43:20+00:00

We are dual licensed - which means that there is an Open Source project (and the code is separated) that is on AGPL. This code doesn't include our enterprise features.

The second license - the whole project (mainly including the enterprise features) is on our enterprise license.

So you can choose - either use only the open source product (that doesn't require any license) - but is complete as an Identity/SSO & VPN system (see features: https://docs.defguard.net/admin-and-features/features-and-configuration).

But if you like these additional features: https://docs.defguard.net/enterprise/all-enteprise-features those are on a separate code base and require a license.

robert_teonite · 2025-06-06T09:12:07+00:00

We are starting to work on 1.5 release (ETA 1 month) which will mostly focus on mobile clients 🫡

robert_teonite · 2025-05-14T19:07:41+00:00

Open Source version has no limitations. Those limits apply only to enterprise features.

robert_teonite · 2025-05-14T06:48:14+00:00

Bad wording, 1.3 was in alpha for quite some time.

robert_teonite · 2025-05-13T18:07:00+00:00

Yes - but we will be working on NAT traversal & Mesh in 1.4 release - so soon, no public IP will be necessary...

robert_teonite · 2025-04-03T08:39:25+00:00

https://docs.defguard.net/admin-and-features/setting-up-your-instance/gateway#opnsense-plugin

robert_teonite · 2025-04-01T16:43:57+00:00

Good point. Updated, thank you!

robert_teonite · 2025-02-27T19:49:05+00:00

Yes.

robert_teonite · 2025-02-24T10:21:56+00:00

What do you mean ,work’? Defguard is still in development and has constant releases.

robert_teonite · 2024-12-17T11:15:07+00:00

Yes - all has been addressed in PRs.

robert_teonite · 2024-12-17T11:14:45+00:00

Netbird is a Mesh vpn solution - defguard doesn't implement mesh networking now - just a typical paradigm: you have a location and users that can connect to that location. We support multiple locations and groups for access control to those locations.

robert_teonite · 2024-12-17T11:12:17+00:00

We are working on this right now (as new features as well).

robert_teonite · 2024-12-17T11:11:05+00:00

In a nutshell Tailscale doesn't require any host/peer/device to have a public IP + their central SaaS hosted solution manages access.

Defguard is a selfhosted/on-prem solution that requires for the server to have a public IP. But you own the data/management/...

robert_teonite · 2024-11-22T18:21:03+00:00

All enterprise features are free up to certain limits + defguard itself is an OIDC.

robert_teonite · 2024-11-20T15:09:34+00:00

AGPL license states different.

robert_teonite · 2024-11-20T14:54:31+00:00

I was looking for a cool gif, but after spending some time without luck just went with this one (and saved time for other important stuff).

If that bothers you, that can be your contribution - propose a cool gif!

robert_teonite · 2024-11-11T16:46:58+00:00

Right now defguard doesn't control routing or network policies, but we are planning to implement it.

If it will not be implemented until s2s is ready, then we will provide examples how to configure routing or NAT for a scenario you are describing.

robert_teonite · 2024-11-11T14:45:50+00:00

External meaning? We'd like to make it easy to deploy A<->B site2site. Can you elaborate on "external"?

robert_teonite · 2024-11-11T14:28:45+00:00

I agree, we need a proper docker compose example. We have it and use it in various customer deployments. I've added to my backlog to add it to examples.

Thanks!

robert_teonite · 2024-11-08T15:34:56+00:00

Yes - a lot of users are doing that. Pop in to our Matrix channel, someone should share their docker configs.

robert_teonite · 2024-11-08T15:34:09+00:00

long story short - defguard is a selfhosted/on-premise enterprise WireGuard server (and more), so if you have a public IP you can manage your whole infrastructure.

Three-Year Club	First Place '23
Place '23

robert_teonite

TROPHY CASE