Awesome Privacy

Firezone

firezone.dev
Awesome PrivacyNetworkingSelf-Hosted Network SecurityFirezone
Firezone Icon

Open-source self-hosted VPN and firewall built on WireGuard®.

Open Source

Firezone Source Code

Author

firezone

Description

WireGuard®-based zero-trust access platform with OIDC auth and identity sync.

#cloud#devsecops#elixir#elixir-lang#firewall#liveview#network#network-security#networking#phoenix#privacy#rust-lang#security#self-hosted#virtual-network#vpn#vpn-server#wireguard#wireguard-ui#wireguard-vpn

Homepage

https://www.firezone.dev

License

Apache-2.0

Created

22 Apr 20

Last Updated

07 Apr 24

Latest version

1.0.0-pre.13

Primary Language

Elixir

Size

106,106 KB

Stars

6,155

Forks

258

Watchers

6,155

Language Usage

Language Usage

Star History

Star History

Top Contributors

Recent Commits

  • Jamil (06 Apr 24)

    chore(portal): Add Sign in from sign up form (#4529)

  • Jamil (06 Apr 24)

    feat(website): GA updates (#3988)

  • Jamil (06 Apr 24)

    docs: Mention signup in README and clarify self-hosting (#4528)

  • Jamil (06 Apr 24)

    chore(website): Use 'User' not 'Seat' when referring to pricing (#4524)

  • Andrew Dryga (05 Apr 24)

    chore(portal): Add users limit and use it as default limit for accounts (#4527) A manual migration will be needed (run `Domain.Ops.sync_pricing_plans()`) to sync the limits for all the accounts.

  • Andrew Dryga (05 Apr 24)

    Deploy relays in a less aggressive manner to prevent zonal downtimes

  • Jamil (05 Apr 24)

    chore(devops): Change relay log level to match prod (#4520) Doing some performance testing to determine if we can roll these out to prod.

  • Jamil (05 Apr 24)

    chore(ci): Use target-specific cache when cross building (#4519) I suspect the cache is being saved from cross builds, so this PR further isolates the cross cache per target. https://github.com/firezone/firezone/actions/runs/8564714747/job/23471683253?pr=4517

  • dependabot[bot] (04 Apr 24)

    build(deps): Bump chrono from 0.4.35 to 0.4.37 in /rust (#4432) Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.35 to 0.4.37. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/chronotope/chrono/releases">chrono's releases</a>.</em></p> <blockquote> <h2>v0.4.37</h2> <p>Version 0.4.36 introduced an unexpected breaking change and was yanked. In it <code>LocalResult</code> was renamed to <code>MappedLocalTime</code> to avoid the impression that it is a <code>Result</code> type were some of the results are errors. For backwards compatibility a type alias with the old name was added.</p> <p>As it turns out there is one case where a type alias behaves differently from the regular enum: you can't import enum variants from a type alias with <code>use chrono::LocalResult::*</code>. With 0.4.37 we make the new name <code>MappedLocalTime</code> the alias, but keep using it in function signatures and the documentation as much as possible.</p> <p>See also the release notes of <a href="https://github.com/chronotope/chrono/releases/tag/v0.4.36">chrono 0.4.36</a> from yesterday for the yanked release.</p> <h2>v0.4.36</h2> <p>This release un-deprecates the methods on <code>TimeDelta</code> that were deprecated with the 0.4.35 release because of the churn they are causing for the ecosystem.</p> <p>New is the <code>DateTime::with_time()</code> method. As an example of when it is useful:</p> <pre lang="rust"><code>use chrono::{Local, NaiveTime}; // Today at 12:00:00 let today_noon = Local::now().with_time(NaiveTime::from_hms_opt(12, 0, 0).unwrap()); </code></pre> <h1>Additions</h1> <ul> <li>Add <code>DateTime::with_time()</code> (<a href="https://redirect.github.com/chronotope/chrono/issues/1510">#1510</a>)</li> </ul> <h1>Deprecations</h1> <ul> <li>Revert <code>TimeDelta</code> deprecations (<a href="https://redirect.github.com/chronotope/chrono/issues/1543">#1543</a>)</li> <li>Deprecate <code>TimeStamp::timestamp_subsec_nanos</code>, which was missed in the 0.4.35 release (<a href="https://redirect.github.com/chronotope/chrono/issues/1486">#1486</a>)</li> </ul> <h1>Documentation</h1> <ul> <li>Correct version number of deprecation notices (<a href="https://redirect.github.com/chronotope/chrono/issues/1486">#1486</a>)</li> <li>Fix some typos (<a href="https://redirect.github.com/chronotope/chrono/issues/1505">#1505</a>)</li> <li>Slightly improve serde documentation (<a href="https://redirect.github.com/chronotope/chrono/issues/1519">#1519</a>)</li> <li>Main documentation: simplify links and reflow text (<a href="https://redirect.github.com/chronotope/chrono/issues/1535">#1535</a>)</li> </ul> <h1>Internal</h1> <ul> <li>CI: Lint benchmarks (<a href="https://redirect.github.com/chronotope/chrono/issues/1489">#1489</a>)</li> <li>Remove unnessary <code>Copy</code> and <code>Send</code> impls (<a href="https://redirect.github.com/chronotope/chrono/issues/1492">#1492</a>, thanks <a href="https://github.com/erickt"><code>@​erickt</code></a>)</li> <li>Backport streamlined <code>NaiveDate</code> unit tests (<a href="https://redirect.github.com/chronotope/chrono/issues/1500">#1500</a>, thanks <a href="https://github.com/Zomtir"><code>@​Zomtir</code></a>)</li> <li>Rename <code>LocalResult</code> to <code>TzResolution</code>, add alias (<a href="https://redirect.github.com/chronotope/chrono/issues/1501">#1501</a>)</li> <li>Update windows-bindgen to 0.55 (<a href="https://redirect.github.com/chronotope/chrono/issues/1504">#1504</a>)</li> <li>Avoid duplicate imports, which generate warnings on nightly (<a href="https://redirect.github.com/chronotope/chrono/issues/1507">#1507</a>)</li> <li>Add extra debug assertions to <code>NaiveDate::from_yof</code> (<a href="https://redirect.github.com/chronotope/chrono/issues/1518">#1518</a>)</li> <li>Some small simplifications to <code>DateTime::date_naive</code> and <code>NaiveDate::diff_months</code> (<a href="https://redirect.github.com/chronotope/chrono/issues/1530">#1530</a>)</li> <li>Remove <code>unwrap</code> in Unix <code>Local</code> type (<a href="https://redirect.github.com/chronotope/chrono/issues/1533">#1533</a>)</li> <li>Use different method to ignore feature-dependent doctests (<a href="https://redirect.github.com/chronotope/chrono/issues/1534">#1534</a>)</li> </ul> <p>Thanks to all contributors on behalf of the chrono team, <a href="https://github.com/djc"><code>@​djc</code></a> and <a href="https://github.com/pitdicker"><code>@​pitdicker</code></a>!</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/chronotope/chrono/commit/7d62045ec4cd667e240fde899a99458bf8eae1f1"><code>7d62045</code></a> Prepare 0.4.37</li> <li><a href="https://github.com/chronotope/chrono/commit/6857d00070378037392fd9f029ccbf78a19ef2c3"><code>6857d00</code></a> Hide re-export of <code>LocalResult</code> in docs</li> <li><a href="https://github.com/chronotope/chrono/commit/9e22e48d156d4c581e4f3d54cd8b2dcf77b5ae0a"><code>9e22e48</code></a> Swap <code>MappedLocalTime</code> and <code>LocalResult</code> type alias</li> <li><a href="https://github.com/chronotope/chrono/commit/ca3c3b6293c20284405b1fa6c6895c7f2a33caf9"><code>ca3c3b6</code></a> Prepare 0.4.36</li> <li><a href="https://github.com/chronotope/chrono/commit/1850198da9f91fb0f4181e30947cbecb944cde74"><code>1850198</code></a> Revert <code>TimeDelta</code> deprecations</li> <li><a href="https://github.com/chronotope/chrono/commit/e05ba8b9c2a98943d129e664c7615bd3724e069e"><code>e05ba8b</code></a> Add <code>MappedLocalTime::and_then</code></li> <li><a href="https://github.com/chronotope/chrono/commit/3adfd88ce05756e3bd0baa7e008abbe6d5b61076"><code>3adfd88</code></a> Main documentation: simplify links and reflow text</li> <li><a href="https://github.com/chronotope/chrono/commit/1e8df65f47577c0db3e2790660b00d728145cde2"><code>1e8df65</code></a> Rustfmt doc comments</li> <li><a href="https://github.com/chronotope/chrono/commit/1b578597827d0a850acb81b9cbbd1835b2141a8d"><code>1b57859</code></a> Run doctests with <code>alloc</code> feature if possible</li> <li><a href="https://github.com/chronotope/chrono/commit/6f2c7ccabd94e78f4bbf585085b54e21eb6e99fe"><code>6f2c7cc</code></a> Use different method to run feature-dependent doctests</li> <li>Additional commits viewable in <a href="https://github.com/chronotope/chrono/compare/v0.4.35...v0.4.37">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chrono&package-manager=cargo&previous-version=0.4.35&new-version=0.4.37)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

  • Thomas Eizinger (04 Apr 24)

    refactor(relay): remove heap-allocations from hotpath (#4457) This required a mid-sized refactor of the relay's eventloop. The idea is that we can use [`mio`](https://docs.rs/mio/latest/mio/) to do the actual IO handling instead of `tokio`. `tokio` depends on `mio` internally but doesn't expose its primitives. Most importantly, we don't get access to the API where we can dynamically register file descriptors to watch for readiness. In order to avoid allocations on the relaying hotpath, we need to listen on a dynamic number of sockets: 1. Our client-facing socket on port 3478 2. All sockets allocated by clients `mio` is the building block of the async tokio runtime, hence it does not provide an async primitives. Instead, it blocks the current thread that it is running on and feeds you events that you need to deal with. We still need our `tokio` runtime to register timers and for communication with the portal. To integrate the two, we spawn a dedicated thread for `mio::Poll` and communicate with it via channels within the `Sockets` abstraction. Thus, the `Eventloop` itself has no idea that `mio` is used for all the network communication. Whenever `mio` sends us an event that a socket is ready, we try to read from that specific socket. We must read from this socket until it returns `WouldBlock` at which point we move on to the next event. We only register for read-readiness. If a socket is not ready for writing, we just drop the packet. With this design in place, we can now have a single buffer that we read incoming packets into and dispatch it to `Server`, depending on which port is what received on. A future refactoring could maybe even unify these functions and let the `Server` deal with the ports internally. Resolves: #4366.

  • Jamil (04 Apr 24)

    chore(ci): scope cache by arch too (#4512) https://github.com/firezone/firezone/actions/runs/8558739208/job/23453931061

  • Jamil (04 Apr 24)

    feat(docs): Add link to Terraform examples (#4508) Fixes #2620

  • Jamil (04 Apr 24)

    chore(ci): Scope GH rust cache per os type (#4504) I suspect this is a cache issue: https://github.com/firezone/firezone/actions/runs/8549331928/job/23424473070 --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> Co-authored-by: Reactor Scram <ReactorScram@users.noreply.github.com>

  • Thomas Eizinger (04 Apr 24)

    chore(connlib): remove stale callback (#4501) The associated functionality as already been completed removed in #4390.

  • Jamil (04 Apr 24)

    refactor(apple): Collapse SwiftUI codepaths across platforms and remove dead code (#4417) ~~Had to do another big round of ball-of-yarn untangling in order to create two auth flows for iOS / macOS.~~ ~~This is required because of App Store guidelines.~~ Edit: Appeal filed. There seems to be no good way to have a nice browser-based auth experience without using ASWebAuthenticationSession. The last resort would be to open a normal browser tab and push the client's token over an unauthenticated websocket channel from the portal to the client. This PR is now just to clean up the SwiftUI mess. --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> Co-authored-by: Reactor Scram <ReactorScram@users.noreply.github.com>

  • Thomas Eizinger (04 Apr 24)

    fix(relay): don't busy-loop on `poll_timeout` (#4497) The value returned from `poll_timeout` needs to only reset the `Sleep` but don't need to go back to the top of the loop. Instead, we move its polling to below the resetting of `Sleep`. This will correctly register a waker in case we did change `Sleep`. This `continue` causes a busy-loop and stops the relay from dealing with the `phoenix-channel` which means the portal will eventually consider it offline. This was first introduced in #4455.

  • Andrew Dryga (04 Apr 24)

    Fix typo

  • Andrew Dryga (04 Apr 24)

    chore(portal): Allow rolling back cloud component versions

  • Andrew Dryga (04 Apr 24)

    Fix typo

  • Thomas Eizinger (04 Apr 24)

    fix(relay): always `continue` after ready events (#4494) This is a similar fix as to #4486. I am not sure if this is / was actively causing problems but using `continue` after _any_ ready event is definitely more correct. This is a low-risk change.

  • Thomas Eizinger (04 Apr 24)

    fix(relay): only unbind a channel if it is actually bound (#4495) Currently, we are emitting the "Channel is now expired" message multiple times because we don't filter for the ones we have already unbound.

  • Andrew Dryga (04 Apr 24)

    Allow enabling beta features on prod

  • Andrew Dryga (04 Apr 24)

    Fix network name for relays ssh access firewall rule

  • Andrew Dryga (04 Apr 24)

    Log whenever somebody connects to prod SSH using IAP

  • Thomas Eizinger (03 Apr 24)

    fix(gateway): don't errenously suspend eventloop (#4486) Within the gateway's eventloop, we MUST only return `Poll::Pending` if `Waker`s are registered for anything that needs to happen. To ensure that, we MUST `loop` around our the calls to `poll()` to ensure we drain everything that is `Poll::Ready`. Only once all sub-state machines return `Poll::Pending`, we can return `Poll::Pending`.

  • Andrew Dryga (03 Apr 24)

    chore(portal): Increase websocket api timeout to 307 seconds (#4489)

  • Andrew Dryga (03 Apr 24)

    revert(portal): Re-enable CDN on staging (#4490)

  • Reactor Scram (03 Apr 24)

    refactor(client-tunnel): remove redundant main (#4478) `client-tunnel` is a library used by `linux-client` and `gui-client` and doesn't need its own main.

  • Jamil (03 Apr 24)

    revert(portal): Disable CDN on staging (#4483) seeing if this helps with https://github.com/firezone/firezone/issues/4481

  • Andrew Dryga (03 Apr 24)

    Fix tests

Firezone Website

Website

Redirects

Does not redirect

Security Checks

2 security checks failed (64 passed)

  • Robots Noindex
  • Empty Page Title

Server Details

  • IP Address 76.76.21.93
  • Location Walnut, California, United States of America, NA
  • ISP Vercel Inc
  • ASN AS16509

Associated Countries

  • US

Saftey Score

Website marked as moderately safe

90%

Blacklist Check

www.firezone.dev was found on 0 blacklists

  • ThreatLog
  • OpenPhish
  • PhishTank
  • Phishing.Database
  • PhishStats
  • URLhaus
  • RPiList Not Serious
  • AntiSocial Blacklist
  • PhishFeed
  • NABP Not Recommended Sites
  • Spam404
  • CRDF
  • Artists Against 419
  • CERT Polska
  • PetScams
  • Suspicious Hosting IP
  • Phishunt
  • CoinBlockerLists
  • MetaMask EthPhishing
  • EtherScamDB
  • EtherAddressLookup
  • ViriBack C2 Tracker
  • Bambenek Consulting
  • Badbitcoin
  • SecureReload Phishing List
  • Fake Website Buster
  • TweetFeed
  • CryptoScamDB
  • StopGunScams
  • ThreatFox
  • PhishFort

Website Preview

View full report at
web-check.xyz

Firezone Reviews

More Self-Hosted Network Security

View More...

About the Data: Firezone

API

You can access Firezone's data programmatically via our API. Simply make a GET request to: 

https://api.awesome-privacy.xyz/networking/self-hosted-network-security/firezone

The REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.

About the Data

Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.

Share Firezone

Help your friends compare Self-Hosted Network Security, and pick privacy-respecting software and services.
Share Firezone and Awesome Privacy with your network!

← Previous

Zeek
View Self-Hosted Network Security (8)