firezone
Enterprise-ready zero-trust access platform built on WireGuard®.
⭐ 8,595 stars on GitHub · 🍴 414 forks · 📜 License: apache-2.0 · 💻 Language: Elixir
What is firezone?
Zero-trust access without dragging in a heavyweight VPN stack is the pitch here. Firezone gives you WireGuard-based remote access with identity-aware controls, a web admin UI, and a built-in Linux firewall layer, making it a strong fit for teams that want self-hosted network access without managing raw WireGuard configs by hand.
Main components
- WireGuard-based VPN access for fast, lightweight encrypted connectivity.
- Web interface and CLI for managing users, devices, routes, and access.
- OIDC/SSO integration so authentication can tie into your existing identity provider.
- Docker-based deployment with bundled dependencies for simpler operations.
- Linux
nftablesfirewall integration to restrict unwanted egress traffic. - Self-hosted deployment model for keeping traffic and access control on your own infrastructure.
Clear use cases
- Give remote employees secure access to internal services without exposing them to the public internet.
- Replace hand-managed WireGuard peer files with a central admin UI and identity-backed onboarding.
- Provide contractors or temporary staff with controlled access to specific private resources.
- Run a lightweight VPN gateway for cloud VPCs, homelabs, or small office infrastructure.
- Standardize remote access for DevOps teams that need SSH, database, or dashboard access behind private networks.
The biggest strength is combining WireGuard performance with practical access management — you get the speed and simplicity of WireGuard, but with the operational pieces teams usually need: SSO, user/device management, a web UI, and firewall enforcement. Compared with commercial ZTNA platforms, Firezone’s appeal is control: you can deploy it on your own infrastructure, keep network paths under your governance, and avoid turning remote access into another opaque SaaS dependency.
It is not trying to be a full router, mesh networking platform, inbound firewall, or OpenVPN/IPSec replacement. That focus is a good thing if your requirement is clear: secure remote access into private resources using a modern VPN foundation. The tradeoff is that larger enterprises looking for broad endpoint posture checks, deep SaaS policy orchestration, or turnkey global private backbone features may still want a commercial platform around it.
Best for DevOps teams, sysadmins, MSPs, and security-conscious small to mid-sized organizations that want self-hosted zero-trust-style remote access built on WireGuard.
Topics: the project is tagged with popular topics:
- 🏷️
cloud - 🏷️
devsecops - 🏷️
elixir - 🏷️
elixir-lang - 🏷️
firewall - 🏷️
liveview - 🏷️
network - 🏷️
network-security - 🏷️
networking - 🏷️
phoenix
📸 Screenshots
Quick install
The project supports Docker Compose:
git clone https://github.com/firezone/firezone.git
cd firezone
docker compose up -d
Check the README in the repo for required env variables.
Minimum system requirements
| Component | Recommended |
|---|---|
| RAM | 2048 MB |
| CPU | 2 vCPU |
| Disk | 25 GB SSD |
| OS | Ubuntu 22.04 LTS / Debian 12 |
| Docker | 24.0+ |
⚡ Deploy fast on VSIS
Use the VSIS VPS Lite 2GB RAM / 2 vCPU / 25GB SSD (~104k/tháng) plan from VSIS.NET — high-speed VN-based VPS, 24/7 support, ideal for running firezone smoothly.
🎯 Benefits:
- One-command
docker compose up -ddeploy in 2 minutes - Dedicated IPv4, root access, unmetered domestic bandwidth
- Daily snapshot backup
- Free install assistance from the VSIS team
👉 See matching VPS plans at vsis.net
Resources
- 🔗 GitHub: firezone/firezone
- 🌐 Homepage: https://www.firezone.dev
- 📚 Official docs: see README in the repo
- 💬 Community: GitHub Issues + Discussions
Article compiled from GitHub data on 05/05/2026. Star/fork counts may have changed — see live numbers via the GitHub link.