About Periodic Re-authentication Setting


during testing the Firezone, I have set Periodic Re-authentication to “Once” , and it work and set from expire to enable. but what I not understand that, “Once” seems allow login once but last forever ?

if this is true, then can we add an option like “every time” ?
because native wireguard still not has 2FA option, using “every time” may force user to auth before vpn session enable, and once vpn time-out / logoff, the session can return to expire.

and can add an admin option to force VPN to expire ? currently 0.57 can enable and disable vpn session but not force to expire.



How would you define a vpn session? Perhaps X amount of time where there is no data transferred or handshakes made? Since WireGuard is UDP based, there is no persistent connection or notion of a session.

Would setting the re-auth period to a few hours or daily accomplish what you’re trying to do?

We are actively working on our own client apps, which may also accomplish what you’re looking for once we release them.

it just a workaround if using re-auth period to few hours or daily, I have no idea about no persistent connection of UDP based.

nice to hear firezone has its own apps later, will keep try once ready


is that possible in the following thinking ?

currently EXPIRED is work, whatever set to every hour, day etc.
I guess it may due to “Last Signed In/Updated/IP address check in nft” and then compare to currentdatetime( )

so if EXIPRED can check the status and not allow wireguard connection to take effect, can we also pre-check it until client pass the portal auth ? (change expire → enable)

it seems not base on UDP session detect issue ?

thanks for help