The Firezone project develops a VPN server to provide access to hosts on an internal isolated network from user devices located on external networks. The project is aimed at achieving a high level of protection and simplifying the VPN deployment process. The project code is written in Elixir and Ruby and distributed under the Apache 2.0 license.
The project is being developed by a security automation engineer at Cisco, who attempted to create a solution that would automate host configuration and eliminate the problems encountered when establishing secure access to cloud VPCs. Firezone can be considered an open-source alternative. OpenVPN Access Server built on top of WireGuard instead OpenVPN.
RPM and deb packages for different versions are offered for installation. CentOS, fedora, Ubuntu и Debian, installation of which does not require external dependencies, as all necessary dependencies are already included using the Chef Omnibus toolchain. Only the kernel distribution is required for operation. Linux no older than 4.19 and a compiled kernel module with VPN WireGuardAccording to the author, launching and configuring a VPN server can be done in just a few minutes. Web interface components run under an unprivileged user, and access is only possible via HTTPS.
To organize communication channels in Firezone we use WireGuardFirezone also includes built-in firewall functionality using nftables. Currently, the firewall is limited to blocking outgoing traffic to specific hosts or subnets on internal or external networks. Management is performed via a web interface or in command line mode using the firezone-ctl utility. The web interface is built on Admin One Bulma.
Currently, all Firezone components run on a single server, but the project is being developed with modularity in mind from the outset, and future plans include the ability to distribute components for the web interface, VPN, and firewall across different hosts. Plans also include integration of an ad blocker operating at the DNS level, support for host and subnet block lists, LDAP/SSO authentication, and additional user management capabilities.
Source: opennet.ru
