From 1f3277bfd12520d090d2225726997fda523ec231 Mon Sep 17 00:00:00 2001 From: cpprian Date: Wed, 24 Jul 2024 16:54:32 +0200 Subject: [PATCH 01/11] update defguard logo in email template --- templates/base.tera | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/base.tera b/templates/base.tera index b74d4fdd6a..c371eaabd4 100644 --- a/templates/base.tera +++ b/templates/base.tera @@ -155,7 +155,7 @@ Defguard logo + alt="Defguard logo" src="https://defguard.net/images/png/new-logo.png" /> From 8e176c1a54a1e70cfd05c0a843a1ceff3d48e3b4 Mon Sep 17 00:00:00 2001 From: Robert Olejnik Date: Wed, 24 Jul 2024 23:58:27 +0300 Subject: [PATCH 02/11] Update README.md --- README.md | 33 +++++++++++++++------------------ 1 file changed, 15 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 9ea2a9347b..449759a594 100644 --- a/README.md +++ b/README.md @@ -37,10 +37,6 @@ Better quality video can [be found here to download](https://github.com/DefGuard - Live & real-time network charts - In development: **Multi-Factor Authentication** for VPN, live logs, dark theme, settings, and more! -## Roadmap - -![defguard WireGuard® MFA](https://github.com/DefGuard/docs/blob/docs/releases/0.9/mfa.png?raw=true) - ## Quick start The easiest way to run your own defguard instance is to use Docker and our [one-line install script](https://defguard.gitbook.io/defguard/features/setting-up-your-instance/one-line-install). @@ -62,9 +58,9 @@ Just follow [this tutorial](http://bit.ly/defguard-setup) * Using [Docker Compose](https://defguard.gitbook.io/defguard/features/setting-up-your-instance/docker-compose) * Using [Kubernetes](https://defguard.gitbook.io/defguard/features/setting-up-your-instance/kubernetes) -## Roadmap & Development +## Roadmap & Development backlog -[A detailed product roadmap and development status can be found here](https://github.com/orgs/DefGuard/projects/5). +[A detailed product roadmap and development status can be found here](https://github.com/orgs/DefGuard/projects/5/views/1) ### ⛑️ Want to help? ⛑️ @@ -76,7 +72,17 @@ The story and motivation behind defguard [can be found here: https://teonite.com ## Features -* [OpenID Connect provider](https://openid.net/developers/how-connect-works/) - with **unique features**: +* [WireGuard®](https://www.wireguard.com/) VPN server with: + - Real and unique [Multi-Factor Authentication](https://defguard.gitbook.io/defguard/help/desktop-client/multi-factor-authentication-mfa-2fa) with TOTP/Email & Pre-Shared Session Keys + - multiple VPN Locations (networks/sites) - with defined access (all users or only Admin group) + - multiple [Gateways](https://github.com/DefGuard/gateway) for each VPN Location (**high availability/failover**) - supported on a cluster of routers/firewalls for Linux, FreeBSD/PFSense/OPNSense + - **import your current WireGuard® server configuration (with a wizard!)** + - **most beautiful [Desktop Client!](https://github.com/defguard/client)** (in our opinion ;-)) + - automatic IP allocation + - kernel (Linux, FreeBSD/OPNSense/PFSense) & userspace WireGuard® support with [our Rust library](https://github.com/defguard/wireguard-rs) + - dashboard and statistics overview of connected users/devices for admins + - *defguard is not an official WireGuard® project, and WireGuard is a registered trademark of Jason A. Donenfeld.* +* Integrated SSO: [OpenID Connect provider](https://openid.net/developers/how-connect-works/) - with **unique features**: - Secure remote (over the internet) [user enrollment](https://defguard.gitbook.io/defguard/help/remote-user-enrollment) - User [onboarding after enrollment](https://defguard.gitbook.io/defguard/help/remote-user-enrollment/user-onboarding-after-enrollment) - LDAP (tested on [OpenLDAP](https://www.openldap.org/)) synchronization @@ -86,17 +92,8 @@ The story and motivation behind defguard [can be found here: https://teonite.com - [Multi-Factor/2FA](https://en.wikipedia.org/wiki/Multi-factor_authentication) Authentication: - [Time-based One-Time Password Algorithm](https://en.wikipedia.org/wiki/Time-based_one-time_password) (TOTP - e.g. Google Authenticator) - WebAuthn / FIDO2 - for hardware key authentication support (eg. YubiKey, FaceID, TouchID, ...) - - Web3 - authentication with crypto software and hardware wallets using Metamask, Ledger Extension -* [WireGuard®](https://www.wireguard.com/) VPN management with: - - [Multi-Factor Authentication](https://defguard.gitbook.io/defguard/help/desktop-client/multi-factor-authentication-mfa-2fa) with TOTP/Email & Pre-Shared Session Keys - - multiple VPN Locations (networks/sites) - with defined access (all users or only Admin group) - - multiple [Gateways](https://github.com/DefGuard/gateway) for each VPN Location (**high availability/failover**) - supported on a cluster of routers/firewalls for Linux, FreeBSD/PFSense/OPNSense - - **import your current WireGuard® server configuration (with a wizard!)** - - **most beautiful [Desktop Client!](https://github.com/defguard/client)** (in our opinion ;-)) - - automatic IP allocation - - kernel (Linux, FreeBSD/OPNSense/PFSense) & userspace WireGuard® support with [our Rust library](https://github.com/defguard/wireguard-rs) - - dashboard and statistics overview of connected users/devices for admins - - *defguard is not an official WireGuard® project, and WireGuard is a registered trademark of Jason A. Donenfeld.* + - Email based TOTP +* Extenal SSO: [External OpenID Providers support](https://defguard.gitbook.io/defguard/admin-and-features/external-openid-providers) - *in testing, [watch this issue](https://github.com/DefGuard/defguard/issues/602)* - Google, Microsoft or custom * SSH & GPG public key management in user profile - with [SSH keys authentication for servers](https://defguard.gitbook.io/defguard/admin-and-features/ssh-authentication) * [Yubikey hardware keys](https://www.yubico.com/) provisioning for users by *one click* * [Email/SMTP support](https://defguard.gitbook.io/defguard/help/setting-up-smtp-for-email-notifications) for notifications, remote enrollment and onboarding From 63f612924433bdcee859f0bedc250366068d6354 Mon Sep 17 00:00:00 2001 From: Robert Olejnik Date: Thu, 25 Jul 2024 00:00:32 +0300 Subject: [PATCH 03/11] Update README.md --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 449759a594..4799f7f4ac 100644 --- a/README.md +++ b/README.md @@ -109,12 +109,14 @@ The story and motivation behind defguard [can be found here: https://teonite.com ### Desktop Client -[Desktop client](https://github.com/DefGuard/client) supports: +[Desktop client](https://github.com/DefGuard/client): +- **2FA / Multi-Factor Authentication** with TOTP or email based tokens - Secure and remote user enrollment - setting up password, automatically configuring the client for all VPN Locations/Networks - Onboarding - displaying custom onboarding messages, with templates, links ... - Ability to route predefined VPN traffic or all traffic (server needs to have NAT configured - in gateway example) - Live & real-time network charts -- In development: **Multi-Factor Authentication** for VPN, live logs, dark theme, settings, and more! +- live VPN logs +- light/dark theme ## Documentation From 749ded4ccccdf34318f85b606dd11f6da0814e03 Mon Sep 17 00:00:00 2001 From: Robert Olejnik Date: Thu, 25 Jul 2024 00:03:09 +0300 Subject: [PATCH 04/11] Update README.md --- README.md | 21 ++++++--------------- 1 file changed, 6 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 4799f7f4ac..f72dc347c1 100644 --- a/README.md +++ b/README.md @@ -26,17 +26,19 @@ See below [full list of features](https://github.com/defguard/defguard#features) Better quality video can [be found here to download](https://github.com/DefGuard/docs/raw/docs/screencasts/defguard-screencast.mkv) -### Desktop Client with Multi-Factor Authentication +### Desktop Client with 2FA / MFA (Multi-Factor Authentication) ![defguard WireGuard MFA](https://github.com/DefGuard/docs/blob/docs/releases/0.9/mfa.png?raw=true) -[Desktop client](https://github.com/DefGuard/client) supports: +[Desktop client](https://github.com/DefGuard/client): +- **2FA / Multi-Factor Authentication** with TOTP or email based tokens & WireGuard PSK - Secure and remote user enrollment - setting up password, automatically configuring the client for all VPN Locations/Networks - Onboarding - displaying custom onboarding messages, with templates, links ... - Ability to route predefined VPN traffic or all traffic (server needs to have NAT configured - in gateway example) - Live & real-time network charts -- In development: **Multi-Factor Authentication** for VPN, live logs, dark theme, settings, and more! - +- live VPN logs +- light/dark theme +- ## Quick start The easiest way to run your own defguard instance is to use Docker and our [one-line install script](https://defguard.gitbook.io/defguard/features/setting-up-your-instance/one-line-install). @@ -107,17 +109,6 @@ The story and motivation behind defguard [can be found here: https://teonite.com * **Checked by professional security researchers** (see [comprehensive security report](https://defguard.net/images/decap/isec-defguard.pdf)) * End2End tests -### Desktop Client - -[Desktop client](https://github.com/DefGuard/client): -- **2FA / Multi-Factor Authentication** with TOTP or email based tokens -- Secure and remote user enrollment - setting up password, automatically configuring the client for all VPN Locations/Networks -- Onboarding - displaying custom onboarding messages, with templates, links ... -- Ability to route predefined VPN traffic or all traffic (server needs to have NAT configured - in gateway example) -- Live & real-time network charts -- live VPN logs -- light/dark theme - ## Documentation See the [documentation](https://defguard.gitbook.io) for more information. From 153e436b3a93c54a1699f7682669fa68073288b2 Mon Sep 17 00:00:00 2001 From: Robert Olejnik Date: Thu, 25 Jul 2024 00:05:55 +0300 Subject: [PATCH 05/11] Update README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f72dc347c1..b453f6b1f3 100644 --- a/README.md +++ b/README.md @@ -32,13 +32,14 @@ Better quality video can [be found here to download](https://github.com/DefGuard [Desktop client](https://github.com/DefGuard/client): - **2FA / Multi-Factor Authentication** with TOTP or email based tokens & WireGuard PSK +- Defguard instances as well as **any WireGuard tunnel** - just import your tunnels - one client for all WireGuard connections - Secure and remote user enrollment - setting up password, automatically configuring the client for all VPN Locations/Networks - Onboarding - displaying custom onboarding messages, with templates, links ... - Ability to route predefined VPN traffic or all traffic (server needs to have NAT configured - in gateway example) - Live & real-time network charts - live VPN logs - light/dark theme -- + ## Quick start The easiest way to run your own defguard instance is to use Docker and our [one-line install script](https://defguard.gitbook.io/defguard/features/setting-up-your-instance/one-line-install). From 92c0bb38d87176996e51e39be81988bbab60c685 Mon Sep 17 00:00:00 2001 From: Robert Olejnik Date: Thu, 25 Jul 2024 00:14:08 +0300 Subject: [PATCH 06/11] Update README.md --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index b453f6b1f3..529393cd18 100644 --- a/README.md +++ b/README.md @@ -9,10 +9,12 @@ -- SSO, VPN, and hardware security key management combined, which provides: +- Real [WireGuard® MFA](https://defguard.gitbook.io/defguard/admin-and-features/wireguard/multi-factor-authentication-mfa-2fa/architecture) (not 2FA to "access application" like most solutions) +- Integrated SSO based on OpenID Connect: - significant cost saving, simplifying deployment and maintenance - enabling features unavailable to VPN platforms relying upon 3rd party SSO integration -- Real [WireGuard® MFA](https://defguard.gitbook.io/defguard/admin-and-features/wireguard/multi-factor-authentication-mfa-2fa/architecture) (not 2FA to "access application" like most solutions) +- Already using Google/Microsoft or other OpenID Provider? - integrated external OpenID provider support +- Yubico YubiKey Hardware security key management and provisioning - Secure and robust architecture, featuring components and micro-services seamlessly deployable in diverse network setups (eg. utilizing network segments like Demilitarized Zones, Intranet with no external access, etc), ensuring a secure environment. - Enterprise ready (multiple Locations/Gateways/Kubernetes deployment, etc..) - Build on WireGuard® protocol which is faster than IPSec, and significantly faster than OpenVPN From bb8a198d7b31ff80a0d633b4d21306f8c9247c8f Mon Sep 17 00:00:00 2001 From: cpprian Date: Thu, 25 Jul 2024 09:25:21 +0200 Subject: [PATCH 07/11] rename path for logo image --- docker-compose.yaml | 2 +- templates/base.tera | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index 80f18a65aa..546b45be6e 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -7,7 +7,7 @@ services: context: . dockerfile: Dockerfile environment: - DEFGUARD_COOKIE_INSECURE: 'true' + DEFGUARD_COOKIE_INSECURE: "true" DEFGUARD_SECRET_KEY: aa5a506b11d719dd7170f57f5d9947faf8eb0bc2be1325e42aa0237c3dcfd26456e73dff9eef3b12c7bcf8711b45e3e703d8e21ee1c08520f5e12e3f5772da94 DEFGUARD_AUTH_SECRET: defguard-auth-secret DEFGUARD_GATEWAY_SECRET: defguard-gateway-secret diff --git a/templates/base.tera b/templates/base.tera index c371eaabd4..b74d4fdd6a 100644 --- a/templates/base.tera +++ b/templates/base.tera @@ -155,7 +155,7 @@ Defguard logo + alt="Defguard logo" src="https://defguard.net/images/png/logo_nav.png" /> From e34d568600e858efe79cd64a7a9d8df0b347e847 Mon Sep 17 00:00:00 2001 From: Robert Olejnik Date: Sat, 27 Jul 2024 14:39:49 +0300 Subject: [PATCH 08/11] Update README.md --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 529393cd18..b5345c61fa 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,12 @@ Better quality video can [be found here to download](https://github.com/DefGuard ### Desktop Client with 2FA / MFA (Multi-Factor Authentication) +#### Light + +![defguard desktop client](https://defguard.net/images/product/client/main-screen.png) + +#### Dark + ![defguard WireGuard MFA](https://github.com/DefGuard/docs/blob/docs/releases/0.9/mfa.png?raw=true) [Desktop client](https://github.com/DefGuard/client): From 77f8a034651a267f3d9b10b6bad389d1ace08bcc Mon Sep 17 00:00:00 2001 From: Robert Olejnik Date: Sat, 27 Jul 2024 14:41:03 +0300 Subject: [PATCH 09/11] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b5345c61fa..2cb7a6d3c3 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ See below [full list of features](https://github.com/defguard/defguard#features) -### Control plane management +### Control plane management (this video is few versions behind... - a lot has changed!) ![](https://github.com/DefGuard/docs/blob/docs/screencasts/defguard.gif?raw=true) From bcac2324634c8ab8c675efa1b13c1e1cea8f9e68 Mon Sep 17 00:00:00 2001 From: Robert Olejnik Date: Wed, 31 Jul 2024 22:06:15 +0300 Subject: [PATCH 10/11] Update README.md --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 2cb7a6d3c3..c26dd7a968 100644 --- a/README.md +++ b/README.md @@ -24,6 +24,8 @@ See below [full list of features](https://github.com/defguard/defguard#features) ### Control plane management (this video is few versions behind... - a lot has changed!) +![](https://defguard.net/images/product/core/hero-image.png) + ![](https://github.com/DefGuard/docs/blob/docs/screencasts/defguard.gif?raw=true) Better quality video can [be found here to download](https://github.com/DefGuard/docs/raw/docs/screencasts/defguard-screencast.mkv) @@ -66,6 +68,7 @@ Just follow [this tutorial](http://bit.ly/defguard-setup) ## Manual deployment examples +* [Standalone system package based install](https://defguard.gitbook.io/defguard/admin-and-features/setting-up-your-instance/standalone-package-based-installation) * Using [Docker Compose](https://defguard.gitbook.io/defguard/features/setting-up-your-instance/docker-compose) * Using [Kubernetes](https://defguard.gitbook.io/defguard/features/setting-up-your-instance/kubernetes) From 26cc3b7c3387007efbbbc8ad632727cb5eeda7ee Mon Sep 17 00:00:00 2001 From: cpprian Date: Sun, 4 Aug 2024 17:03:55 +0200 Subject: [PATCH 11/11] change dimensions of new-logo on emails --- templates/base.tera | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/base.tera b/templates/base.tera index b74d4fdd6a..c2f5df061d 100644 --- a/templates/base.tera +++ b/templates/base.tera @@ -153,9 +153,9 @@ - Defguard logo + Defguard logo