DefGuard/gateway v2.0.0

on GitHub

🎉 Welcome to Defguard 2.0 🎉

It’s a significant step up from version 1.x, featuring:

🎨 a completely redesigned UI,
📦 a new and easy deployment approach (and component communication security),
🛠️ and some other major architectural changes.

More details with videos in this blogpost.

⬆︎ If you will be upgrading from 1.x - here you can find relevant documentation about the upgrade.
🚅 If you would like to test Defguard - we offer a quick and easy One-line install script.

We want to get as much feedback as possible, so we encourage you to:

💬 open a GitHub discussion

🪲 report any missing features or bugs as issues

What's Changed

• Release 1.5 merger by @wojcik91 in #211
• Fixes pentest issue DG25-29 from 2025-09-02 by @j-chmielewski in #212
• Merge main into dev after 1.5.1 release by @j-chmielewski in #215
• Create SBOM files by @j-chmielewski in #216
• CI: scan code with trivy by @j-chmielewski in #217
• Periodic sbom regeneration by @j-chmielewski in #218
• Merge SBOM CI pipelines into main by @j-chmielewski in #219
• Health check rename by @jakub-tldr in #221
• APT uploading/signing workflow by @jakub-tldr in #223
• List whole directory by @jakub-tldr in #224
• Merge main into dev before 1.6 release by @j-chmielewski in #228
• Reverse gRPC communication by @moubctez in #233
• Limit connections to one Core by @moubctez in #241
• Enable use of fwmark by @moubctez in #242
• Disable APT repository signing/upload by @jakub-tldr in #244
• Core certificate authority, part 2: Gateway by @t-aleksander in #250
• Install missing build dependencies by @t-aleksander in #254
• Install missing dependencies, take 2 by @t-aleksander in #255
• MTU and FwMark are not optional by @moubctez in #256
• Gateway wizard by @t-aleksander in #257
• Update OPNsense plugin: add ACL, fix service by @moubctez in #259
• Purge RPC by @j-chmielewski in #268
• Update nftnl and mnl by @moubctez in #273
• Skip stats collection when disconnected by @j-chmielewski in #275
• Proper socket handing for mnl by @moubctez in #279
• Use proper file permissions for certificates by @moubctez in #281
• Prepare Alpha2 by @moubctez in #283
• Fix build PF on platforms other then FreeBSD and macOS by @moubctez in #286
• Allow SNAT bindings when masquerade is disabled by @moubctez in #287
• OPNsense plugin for Gateway 2.0 by @moubctez in #290
• Fix nft socket error by @moubctez in #293
• Error handling for network services by @moubctez in #294
• Faster cargo deny by @moubctez in #296
• Remove obsolete name option by @moubctez in #299
• support protobuf versioning by @wojcik91 in #292
• Fix masquerade, second attempt by @t-aleksander in #303
• Add docker tagging workflow by @wojcik91 in #301
• copy APT repo update workflow from main by @wojcik91 in #305
• Get rid of Cross-rs by @moubctez in #308
• Adoption time limit by @jakub-tldr in #310
• Preserve old package versions on APT repository by @jakub-tldr in #315
• add core client cert validation by @wojcik91 in #309
• Add defaults when parsing toml by @t-aleksander in #316
• Save certificates before completing setup, test write access by @t-aleksander in #317
• Better packages by @moubctez in #318
• update core deps in preparation for 2.0 release by @wojcik91 in #320

Full Changelog: v1.5.1...v2.0.0