wireguard 2fa defguard

Started by wirehire, September 24, 2024, 02:37:22 PM

Previous topic - Next topic
Hey ,

i read that defguard has a plugin for the opnsene , with that plugin 2fa for wireguard are possible. have anyone run this setup with defguard or how you secure your wireguard vpn ? or other options for 2fa /mfa for wireguard?

Why don't you follow their documentation and report back?  :)
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)

because its a external pkg, so i would here of othe rpeople use that tool or have other ideas for a 2fa/mfa option for wireguard with opnsense.

but i will try defguard, and can tell , if this tool are good for the community!

How are you doing, did you manage to make this connection work?

no right, the services dont start clearly.

But i try it next days again. I thought defguard are a good tool, rust code, mfa not only on the app side ,opnsense plugin.

But!

Documentation, really really bad. Bugs ( opnsense ) weeks open. Sound like with Version 1.0 they split the features to no enterprise / with enterprise license.

The developers must paid, thats are clear, but in the last time you see often, that opensource code goes the paid way and finally closed.

And when you go in to support opnsense , why no good documentation?

defguard with opensense = can really go enterprise wireguard vpn, but now it does not good work.

But try!! When more people from the opnsense community will try defguard, they will eventually kick in and the support level goes up!

I hear from many people / buisness peoples, the want wireguard , the like wiregurad , but the want a mfa layer. Only asymetrics keys, yes security are good, but too loose the config ( windows , not fully encrypted , malware) and you have they keys . With mfa you have a extra security layer.

I dont understand why its are not in the code from beginning. Like you must put in a code for the connect and then a new psk where handled from peer to peer , or you must proof the psk token, with a code, and then the connection are working.

Greets