Skip to content

Releases: DefGuard/defguard

v1.1.1

21 Nov 20:49
Compare
Choose a tag to compare

Quick fix release

  • Fix enterprise settings sometimes not taking effect immediately, log gateway's token rejection reason by @t-aleksander in #865

🎉 1.1.x: All Enterprise features are free! 🎉

All Enterprise features (within certain limits) are now free and do not require a license.
Limits should be more than sufficient for home, small business, and student use. More details here.

Further improvements:

🔐 Ability to use external OIDC for secure remote enrollment and Desktop client configuration

🔏 External OIDC now supports code authorization flow - extending Custom OIDC support to Okta, JumpCloud, Zitadel and others..

🛜 Fixed IPv6 configuration in the Location settings

Please consider buying the enterprise license to support us!

The whole defguard team thanks you! 🫡

Detailed changes

New Contributors

Full Changelog: v1.0.0...v1.1.0

v1.1.0

20 Nov 13:46
2b3ebdb
Compare
Choose a tag to compare

🎉 All Enterprise features are free! 🎉

All Enterprise features (within certain limits) are now free and do not require a license.
Limits should be more than sufficient for home, small business, and student use. More details here.

Further improvements:

🔐 Ability to use external OIDC for secure remote enrollment and Desktop client configuration

🔏 External OIDC now supports code authorization flow - extending Custom OIDC support to Okta, JumpCloud, Zitadel and others..

🛜 Fixed IPv6 configuration in the Location settings

Please consider buying the enterprise license to support us!

The whole defguard team thanks you! 🫡

Detailed changes

New Contributors

Full Changelog: v1.0.0...v1.1.0

v1.0.0

06 Nov 13:14
6869ea9
Compare
Choose a tag to compare

🎉 Now you can support our development efforts! 🎉

We are introducing Enterprise License with unique features not available in the Open Source Open Core:

🔐 Ability to use external OIDC (Google/Microsoft/Custom) to login or create a defguard account.

💥 Real time sync for client configurations! First WireGuard client to support this feature!

🛑 Ability to disable users to manage their devices (just admins will have this possibility).

✖︎ Ability to disable users to configure WireGuard clients other than defguard desktop client.

🚦Ability to disable All traffic in the desktop client - just predefined traffic.

🔜 …More features will come soon!

Please consider buying the enterprise license to support us!

The whole defguard team thanks you! 🫡

🔥 New features (Open Source Open Core & Enterprise) 🔥

Desktop Client Major Upgrade

  • Rewrite of the whole routing stack (on all platforms) with IPv6 support
  • Tray menu for quick connect/disconnect
  • Multiple DNS servers support
  • Search domain support
  • Settings menu has a new section displaying all log messages
  • All log messages have been rewritten for better support and knowledge of what’s going on

📖 Upgrade notes

Please remember to read the upgrade notes before doing the upgrade!

v1.0.0-alpha1

18 Oct 12:44
14469bd
Compare
Choose a tag to compare
v1.0.0-alpha1 Pre-release
Pre-release

🛑 Warning this is a ALPHA PRE-RELESE only working with alpha proxy&gateway&client! 🛑

👇👇👇For official release see below.👇👇👇

This is the first release of the new Open Source Open Core & Enterprise features like: external OpenID (Google/Microsoft/Custom), real time client sync and more!

All currently available enterprise features are in enterprise documentation section as well as information about upcoming enterprise license.

This release also includes the latest Open Source functionaries.

v0.11.0

08 Jul 12:56
add6d2e
Compare
Choose a tag to compare

We have focused on stability, business logs improvements and bug squashing in these release - but also have done some features:

New Features

Account disabling/enabling ⭐

Now you can disable or enable a user account (by @t-aleksander in #640)

defguard disable account

Important: LDAP support for this feature is not implemented yet. See #660 for status.

Core & Proxy DEB & RPM packages

Upon a lot of requests we have added (besides docker/kubernetes) a pure package distribution of core & proxy (gateway already had it done for some time).
Done by @t-aleksander in #649

Other Changes

Fixes

v0.10.0

28 May 12:24
Compare
Choose a tag to compare

New Features

Groups support ⭐

defguard groups

We now support group management, including:

  • Every VPN Location can now be protected by defined group access (previously only: All users || Admins)
  • In OpenID Apps - for each app you can also include Group Scope - and when user logs in with defguard to an application, all groups that the user is part of is returned in the OIDC token

SSH & GPG keys management

defguard ssh & gpg keys

Now any user can add/delete (manage) their public SSH & GPG keys, which is great for managing access to your servers with SSH keys from defguard. More in docs here: https://defguard.gitbook.io/defguard/admin-and-features/ssh-authentication

New YubiKey provisioning and management

defguard yubikeys

after provisioning a YubiKey - the YK it’s visible in the user profile with serial number as well as GPG & SSH public keys corresponding to the YKs private keys
Also, there is a new look for YubiKey provisioning (in the key management dialog)

A lot of enhancements

  • proxy now has detailed logs with IP addresses and business logs - a lot of users asked for that to implement fail2ban since the proxy is a public service

  • Phone number is now optional during enrollment

Fixes

  • MFA disconnecting bug
  • email validation when adding a new user

Full Changelog: v0.9.0...v0.10.0

v0.9.0

25 Jan 13:04
e5fe26e
Compare
Choose a tag to compare

New Features

Before upgrading please read upgrade notes

WireGuard Multi-Factor Authentication ⭐

defguard WireGuard MFA

We are introducing first of its kind Multi-Factor Authentication for WireGuard with TOTP/Email codes and WireGuard Pre-Shared Session Keys.

This feature requires the new release 0.2 of our desktop client, more details can be found in documentation

New Desktop Client 💻

defguard WireGuard Tunnels

  • Finally a Windows release!
  • Supporting any WireGuard server - you can now use one client for defguard instances + any other WireGuard servers you have - just import your current configurations by adding WireGuard Tunnel
  • Live Logs, VPN Details, Settings!
  • Update, Remove Instance/Tunnel
  • Dark Theme! ;-)

WARNING - if you are upgrading from 0.1.x please read upgrade notes

Password Reset

defguard password reset

Users can now use the enrollment service to reset their passwords!
This feature requires proxy to be deployed and SMTP server to be configured.

Enterprise Support

As many requested, we have introduced Enterprise Support, hopefully, support can maintain our efforts in building this awesome Open Source project!

Other Changes

Full Changelog: v0.8.0...v0.9.0

v0.8.0

06 Dec 14:45
d5fcd30
Compare
Choose a tag to compare

New features:

⭐ Desktop Clients 💻 ⭐

defguard desktop client

We have released the official (and beautiful ❤️) macOS and Linux desktop clients supporting multiple defguard instances and automatically configuring all Locations in the instance.

You can download them from client release page and read here how easy it is to configure the desktop client.

Windows desktop client is in development and will be released soon

Desktop client user enrollment and onboarding

When Remote enrollment is enabled while adding a new user, the user can now choose enrollment via Web Browser or Desktop client.

All instructions are sent to the newly created user via email.

Multi-Factor Authentication via Email codes

A new MFA method has been added, utilizing codes sent via email.

Email notifications about important changes

Defguard now sends email notifications informing about important actions that took place:

defguard desktop client

Each email has information about the date, IP address, browser, and device that was used to act.

SSH authorized keys endpoint

Please read the documentation on how to easily configure your SSH server to access SSH keys, that are stored in Defguard (privision via YubiKey provisioning).

In the next release, the user will be able to manage any SSH keys, not only the ones provisioned via YK provisioning.

LDAP configuration via Settings

In defguard settings, a new tab is dedicated to configure and test LDAP server configuration.

wireguard-rs library and crate

Our gateway and desktop client now use a unified Rust library - wireguard-rs providing unified WireGuard interface to native/kernel and userspace implementations.
The crate (besides Wireguard) also supports:

  • Peer routing - see WGApi docs.
  • Configuring DNS resolver - see WGApi docs.
    ** On FreeBSD network interfaces are managed using ioctl.
    ** On Linux, handle network routing using netlink.
    ** fwmark handling

Fixes

A lot! of fixes :bowtie:

New Contributors

Full Changelog: v0.7.1...v0.8.0

v0.7.1

19 Sep 08:26
c88d630
Compare
Choose a tag to compare

New features

One-line install

We've created a one-line install script to simplify your first defguard deployment.
You should now be able to get your own instance running on a private VPS just by setting a couple environment variables and running:

curl --proto '=https' --tlsv1.2 -sSf -L https://raw.githubusercontent.com/DefGuard/deployment/main/docker-compose/setup.sh -O && bash setup.sh

To learn more about prerequisites and available options see our documentation.

Other Changes

Full Changelog: v0.7.0...v0.7.1

v0.7.0

25 Aug 16:30
4929471
Compare
Choose a tag to compare

New features:

Remote user enrollment process

The main defguard concept is that the core (with the database) should be deployed securely and not available from the public Internet (accessible only from the internal network or VPN). This approach raised a significant problem with onboarding new remote users: how can users access defguard, set up password, and add their devices to access VPN or change their password if they can't access defguard?

We introduced a public proxy that now enables a secure enrollment process, during which the user can: double-check their data, setup their password, and add their initial device to access VPN as a nice wizard!

defguard enrollment

In the future we plan to add more functionalities to the public proxy - like password reset for users.

User onboarding after enrollment

Now you can easily share with new users any relevant company information, links to company systems, security guidelines, etc. In the enrollment module, you can write custom messages using markdown that will be shown on the last step of the enrollment process and sent to the user via email:

defguard enrollment

Email/SMTP support

In Setup -> SMTP tab you can setup and test your SMTP for sending email (for enrollment and onboarding).
SMTP setup is required in order for enrollment & onboarding to work.

Send debug/support information

Now you can go to Settings -> Support and download (or send via email automatically if you have setup SMTP) support data & logs if you need our help/assistance!
Or you can use them when submitting a bug.

UI Library

Our beautiful React UI is now a collection of React components, that can be used in other projects! Get it at: https://github.com/defguard/ui (now used in Core & Proxy - soon desktop clients).

Native FreeBSD Wireguard Kernel support

Our gateway now supports native kernel Wireguard implementation - and we released a FreeBSD package.

OPNSense Plugin

On the gateway release page you will now find OPNSense Plugin package (named: defguard-gateway_0.5.2_x86_64-unknown-opnsense.txz)

Other Changes

New Contributors

Full Changelog: v0.6.1...v0.7.0