Hi. With Firezone 0.7 it was possible to just download the wireguard conf file and to use that with standard wireguard clients. Is that still possible with Firezone 1.x or must you use the Firezone client? I can’t see how you register a device to get the conf file or that there’s any reference to the standard wireguard clients now. Thanks
With Firezone 1.x onward we don’t support the WireGuard clients any longer.
Thanks for confirming. Is that choice related to SSO logins or other features you couldn’t achieve with WireGuard clients?
No worries. Yes, there were quite a few limitations we hit:
- Typical workflow involves plaintext private keys hitting the disk
- Key rotation is quite cumbersome
- Not tied to user identities - hard to enforce conf ↔ user relationship
- NAT traversal isn’t possible
- Load balancing / failover is challenging / impossible
The Firezone clients also include a real-time control plane that helps to facilitate all of the above