DefGuard/defguard v2.0.0-alpha1

on GitHub

🎉 Welcome to Defguard 2.0 Alpha 1 🎉

First of all, this is an actual alpha, not meant for production, but a technology preview of what’s to come, hopefully in a month, when the stable release should be ready.

2.0 is a major overhaul, featuring a completely redesigned UI/UX, secure reverse Core-to-Gateway communication with a built-in SSL certificate authority, automated deployment and session management, and initial high-availability support, laying a solid foundation for easier, safer, and more manageable on-premise deployments.

🛠️ We highly recommend that you get familiar with a detailed technical overview of all changes and a comprehensive showcase of all features in this blog post.

🚀Here you can find a quick tutorial on how to quickly launch 2.0α with Docker Compose.

We want to get as much feedback as possible, so we encourage you to:
💬 open a GitHub discussion
🪲 report any missing features or bugs as issues

What's Changed

• Release 1.6 alpha merger by @wojcik91 in #1711
• Finialize moving most important DB models to a common crate by @wojcik91 in #1713
• Merge main->dev before 1.6 by @j-chmielewski in #1756
• Implement multiple proxy handling by @j-chmielewski in #1743
• Reverse gateway grpc take two merger by @moubctez in #1767
• Gateway REST by @moubctez in #1775
• Allow domain names location DNS by @moubctez in #1786
• Add MTU and FwMark to WireGuardNetwork by @moubctez in #1788
• Disable APT repository signing/uploads by @jakub-tldr in #1799
• Disable APT repository signing/uploads by @jakub-tldr in #1800
• Core certificate authority, part 1: Proxy by @t-aleksander in #1790
• UI table update by @filipslezaklab in #1808
• Update APT repository on full release/pre-release by @jakub-tldr in #1807
• Merge main -> dev after 1.6.1 release by @wojcik91 in #1844
• PUT for OpenIDProvider by @moubctez in #1801
• Multiproxy private cookies by @j-chmielewski in #1809
• components update 1 by @filipslezaklab in #1848
• OpenID tests by @jakub-tldr in #1852
• Add MTU and FwMark to web interface by @moubctez in #1849
• Core certificate authority, part 2: Gateway by @t-aleksander in #1846
• Extend OpenAPI docs with OpenID providers by @moubctez in #1860
• OpenID provider kind by @moubctez in #1871
• VPN client session manager pt2 by @wojcik91 in #1802
• Activity log streaming page by @jakub-tldr in #1876
• add VPN sessions & stats generator by @wojcik91 in #1885
• send cookie keys via protos by @j-chmielewski in #1881
• Log streaming page tweaks by @jakub-tldr in #1892
• VPN stats generator pt2 by @wojcik91 in #1891
• Destination, part 1 by @moubctez in #1895
• MTU and FwMark are not optional by @moubctez in #1907
• session manager VPN client events by @wojcik91 in #1911
• fix docker build by @wojcik91 in #1914
• Implement proxy wizard by @t-aleksander in #1910
• Implement remote MFA with new, separate RPC message by @j-chmielewski in #1912
• Include component version in support data by @jakub-tldr in #1920
• Gateway wizard by @t-aleksander in #1919
• handle multiple gateways in session manager by @wojcik91 in #1917
• Any for aliases by @moubctez in #1918
• Initiate self-enrolment from users list by @jakub-tldr in #1935
• Separate API for Alias and Destination by @moubctez in #1938
• Use functions for ApiResponse by @moubctez in #1942
• Activity log streaming certificate file upload by @jakub-tldr in #1941
• Edge edit form by @j-chmielewski in #1940
• Support VPN client MFA connect/disconnect process within the session manager by @wojcik91 in #1939
• periodic VPN session & stats purge by @wojcik91 in #1954
• Fetch AclAlias by kind by @moubctez in #1953
• drop legacy stats tables by @wojcik91 in #1957
• Edge delete by @j-chmielewski in #1960
• New instance setup wizard by @t-aleksander in #1961
• VPN sessions handling fixes by @wojcik91 in #1964
• Fix connecting to proxy after completing initial wizard by @t-aleksander in #1971
• Initial wizard fixes by @t-aleksander in #1987
• Fix wizard routing by @t-aleksander in #1991
• change from root guard to route specific guards by @filipslezaklab in #1993
• fix(mfa): preserve preshared key when creating new session by @j-chmielewski in #1995
• Edge list by @j-chmielewski in #1992
• Update ACL -> firewall rule translation to handle new toggles by @wojcik91 in #1994
• Restore init dev env by @t-aleksander in #2010
• Allow admins to delete a specific MFA method for a user by @jakub-tldr in #2012
• Block adding MFA for user as admin by @jakub-tldr in #2013
• pre-alpha ACL UI fixes by @wojcik91 in #2024

Full Changelog: v1.6.1...v2.0.0-alpha1