defguard gateway is a client service for defguard which can be used to create your own WireGuard:tm: VPN servers for secure and private networking.
To learn more about the system see our documentation.
If you already have your defguard instance running you can set up a gateway by following our deployment guide.
See the documentation for more information.
Find us on Matrix: #defguard:teonite.com
Please review the Contributing guide for information on how to get started contributing to the project. You might also find our environment setup guide handy.
We provide following ways to verify the authenticity and integrity of official releases:
All official Docker images are signed using Cosign. To verify a Docker image:
-
Install cosign CLI
-
Verify the image signature (replace <IMAGE_TAG> with the tag you want to verify):
cosign verify --certificate-identity-regexp="https://github.com/DefGuard/gateway" \ --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \ ghcr.io/defguard/defguard:<IMAGE_TAG>
All release assets (binaries, packages, etc.) include SHA256 checksums that are automatically generated and published with each GitHub release:
-
Download the release asset and copy its corresponding checksum from the releases page
-
Verify the checksum:
# Linux/macOS echo known_sha256_checksum_of_the_file path/to/file | sha256sum --check
WireGuard is registered trademarks of Jason A. Donenfeld.
