Client Applications

Hello everyone. Can you tell me if we should wait for client applications and whether they will have password protection functionality, something like an openvpn application with a password?

What do you mean? Wireguard has first-party open-source applications for almost every OS under the sun. Just have a look at the Wireguard site: https://www.wireguard.com/

Firezone uses Wireguard for VPN tunnels, and Wireguard itself doesn’t support user-based VPN authentication (and most likely never will). It is completely designed based on generated configuration files with public and private key authentication, Wireguard is a tunnel protocol, it will establish a tunnel, and that’s it.

And for generating these config files and user management (self-service or top-down), you can use a tool such as Firezone.

How you distribute these files in a corporate environment is entirely up to you, you can use your MDM tool or enroll it as a self-service feature for end-users with AAD integration.

1 Like

Several times I came across messages that a client application was being developed.

How you distribute these files in a corporate environment is entirely up to you, you can use your MDM tool or enroll it as a self-service feature for end-users with AAD integration.

I do not know a reliable solution that protects against discrediting the user’s config. At the moment, I have authentication configured in my personal account once a week, but the protection will not work if the user config is lost.

They’re coming. We’ll be announcing something soon. We’re still buttoning things up and will probably have Apple clients out the soonest. If you’re curious, you can follow work on the core client lib here: GitHub - firezone/connlib: Firezone's connectivity library shared by all clients

1 Like

This is a fascinating development. Will you discontinue support for the official WireGuard clients, and what unique functionalities will the custom client provide? Moreover, what motivates the creation of a custom client in the first place? Given the scope of this endeavor, I imagine you have compelling reasons for pursuing it. :wink:

In enterprise setups, the typical approach is to have the MDM store the configuration in a location that is inaccessible to regular users. If a device goes missing, you (or your MDM solution) can withdraw the configuration, and as enterprise devices are typically encrypted, there should be little to no risk involved.

Could you describe in more detail the process of using MDM store and WireGuard, for example, on android and Windows 11, or send links to articles where it is described? That would solve a lot of problems.

I’m not involved in our enterprise MDM management, so I can’t give you a specific example, but at least for Windows, it’s easy to pull off, but you need to write a script or a small wrapper app. Intune can do this with some Powershell scripting. The WireGuard desktop client for Windows accepts input commands. Make a login script that installs Wireguard config, connects, etc., import a WireGuard config on a system/admin-protected folder, and run WireGuard.

I have no idea about Android.