Releases: DefGuard/gateway
Release list
v2.0.2
This is a patch for the major 2.0 release. It fixes FreeBSD packaging, and allows to clean WireGuard interfaces on quit, as an option.
The 2.0 was a significant step up from version 1.x, featuring:
🎨 a completely redesigned UI,
📦 a new and easy deployment approach (and component communication security),
🛠️ and some other major architectural changes.
More details with videos in this blogpost.
⬆︎ If you will be upgrading from 1.x - here you can find relevant documentation about the upgrade.
🚅 If you would like to test Defguard - we offer a quick and easy One-line install script.
Previously, these features were available without registration (within certain limits).
Starting from 2.0, a free Business license registration is required to use them.
👉 https://defguard.net/get-free-business/
Once registered, simply apply your license to your instance and enjoy access to Business functionality.
We want to get as much feedback as possible, so we encourage you to:
💬 open a GitHub discussion
🪲 report any missing features or bugs as issues
Other Changes
- Fix config file in FreeBSD package by @moubctez in #336
- Clean on quit by @moubctez in #331
- Purge on disconnect by @moubctez in #342
Full Changelog: v2.0.1...v2.0.2
v2.1.0-alpha1
🎉 Welcome to Defguard 2.1 Alpha 1 🎉
First of all, this is an actual alpha, not meant for production, but a technology preview of what’s to come.
2.1 brings exciting new features:
-
Completely redesigned Desktop Client - try it out by installing the package for your OS from the client release assets


🚀 Here you can find a quick tutorial on how to quickly launch 2.1α using one-line-script in pre-relase mode.
We want to get as much feedback as possible, so we encourage you to:
💬 open a GitHub discussion
🪲 report any missing features or bugs as issues
What's Changed
- Expand example-config.toml by @moubctez in #326
- chore(CI): update CI workflows for new branching setup by @wojcik91 in #327
- Build debs for debian 12/ubuntu 22.04 by @jakub-tldr in #328
- chore: bump version to 2.1.0 & merge upstream changes from stable/2.x… by @wojcik91 in #330
- Updated README by @kchudy in #334
- Fix config file in FreeBSD package by @moubctez in #336
- merge stable/2.x -> dev by @wojcik91 in #338
- Clean on quit by @moubctez in #331
- Stable to dev by @moubctez in #340
Full Changelog: v2.0.1...v2.1.0-alpha1
v2.0.1
This is a patch for the major 2.0 release. It fixes packaging and linking problem for FreeBSD 14 / OPNsense and updates dependencies to the latest versions.
The 2.0 was a significant step up from version 1.x, featuring:
🎨 a completely redesigned UI,
📦 a new and easy deployment approach (and component communication security),
🛠️ and some other major architectural changes.
More details with videos in this blogpost.
⬆︎ If you will be upgrading from 1.x - here you can find relevant documentation about the upgrade.
🚅 If you would like to test Defguard - we offer a quick and easy One-line install script.
Previously, these features were available without registration (within certain limits).
Starting from 2.0, a free Business license registration is required to use them.
👉 https://defguard.net/get-free-business/
Once registered, simply apply your license to your instance and enjoy access to Business functionality.
We want to get as much feedback as possible, so we encourage you to:
💬 open a GitHub discussion
🪲 report any missing features or bugs as issues
What's Changed
Full Changelog: v2.0.0...v2.0.1
v2.0.0
🎉 Welcome to Defguard 2.0 🎉
It’s a significant step up from version 1.x, featuring:
🎨 a completely redesigned UI,
📦 a new and easy deployment approach (and component communication security),
🛠️ and some other major architectural changes.
More details with videos in this blogpost.
⬆︎ If you will be upgrading from 1.x - here you can find relevant documentation about the upgrade.
🚅 If you would like to test Defguard - we offer a quick and easy One-line install script.
Previously, these features were available without registration (within certain limits).
Starting from 2.0, a free Business license registration is required to use them.
👉 https://defguard.net/get-free-business/
Once registered, simply apply your license to your instance and enjoy access to Business functionality.
We want to get as much feedback as possible, so we encourage you to:
💬 open a GitHub discussion
🪲 report any missing features or bugs as issues
What's Changed
- Release 1.5 merger by @wojcik91 in #211
- Fixes pentest issue DG25-29 from 2025-09-02 by @j-chmielewski in #212
- Merge main into dev after 1.5.1 release by @j-chmielewski in #215
- Create SBOM files by @j-chmielewski in #216
- CI: scan code with trivy by @j-chmielewski in #217
- Periodic sbom regeneration by @j-chmielewski in #218
- Merge SBOM CI pipelines into main by @j-chmielewski in #219
- Health check rename by @jakub-tldr in #221
- APT uploading/signing workflow by @jakub-tldr in #223
- List whole directory by @jakub-tldr in #224
- Merge main into dev before 1.6 release by @j-chmielewski in #228
- Reverse gRPC communication by @moubctez in #233
- Limit connections to one Core by @moubctez in #241
- Enable use of fwmark by @moubctez in #242
- Disable APT repository signing/upload by @jakub-tldr in #244
- Core certificate authority, part 2: Gateway by @t-aleksander in #250
- Install missing build dependencies by @t-aleksander in #254
- Install missing dependencies, take 2 by @t-aleksander in #255
- MTU and FwMark are not optional by @moubctez in #256
- Gateway wizard by @t-aleksander in #257
- Update OPNsense plugin: add ACL, fix service by @moubctez in #259
- Purge RPC by @j-chmielewski in #268
- Update nftnl and mnl by @moubctez in #273
- Skip stats collection when disconnected by @j-chmielewski in #275
- Proper socket handing for mnl by @moubctez in #279
- Use proper file permissions for certificates by @moubctez in #281
- Prepare Alpha2 by @moubctez in #283
- Fix build PF on platforms other then FreeBSD and macOS by @moubctez in #286
- Allow SNAT bindings when masquerade is disabled by @moubctez in #287
- OPNsense plugin for Gateway 2.0 by @moubctez in #290
- Fix nft socket error by @moubctez in #293
- Error handling for network services by @moubctez in #294
- Faster cargo deny by @moubctez in #296
- Remove obsolete name option by @moubctez in #299
- support protobuf versioning by @wojcik91 in #292
- Fix masquerade, second attempt by @t-aleksander in #303
- Add docker tagging workflow by @wojcik91 in #301
- copy APT repo update workflow from main by @wojcik91 in #305
- Get rid of Cross-rs by @moubctez in #308
- Adoption time limit by @jakub-tldr in #310
- Preserve old package versions on APT repository by @jakub-tldr in #315
- add core client cert validation by @wojcik91 in #309
- Add defaults when parsing toml by @t-aleksander in #316
- Save certificates before completing setup, test write access by @t-aleksander in #317
- Better packages by @moubctez in #318
- update core deps in preparation for 2.0 release by @wojcik91 in #320
Full Changelog: v1.5.1...v2.0.0
v2.0.0-beta2
🎉 Welcome to Defguard 2.0 Beta 2 🎉
This is the final beta before the stable release. Our primary focus has been on stabilising the platform and ensuring everything is ready for a smooth, production-grade launch.
📖 A comprehensive list of the changes implemented since Alpha 2 is documented in detail here: https://defguard.net/blog/defguard-2-0-release-beta-1/.
🛠️ We highly recommend previewing it yourself. We prepared a guide explaining how to run the alpha2 before. To run the beta2 just use 2.0.0-beta2 image tags instead of 2.0.0-alpha2.
We want to get as much feedback as possible, so we encourage you to:
💬 open a GitHub discussion
🪲 report any missing features or bugs as issues
What's Changed
- Add docker tagging workflow by @wojcik91 in #301
- copy APT repo update workflow from main by @wojcik91 in #305
- Get rid of Cross-rs by @moubctez in #308
- Adoption time limit by @jakub-tldr in #310
- Preserve old package versions on APT repository by @jakub-tldr in #315
- add core client cert validation by @wojcik91 in #309
- Add defaults when parsing toml by @t-aleksander in #316
- Save certificates before completing setup, test write access by @t-aleksander in #317
- Better packages by @moubctez in #318
Full Changelog: v2.0.0-beta1...v2.0.0-beta2
v1.6.5
This is a patch for the major 1.6 release. It fixes a problem with automatically applying masquerade when using DEFGUARD_MASQUERADE environment variable/argument.
What's Changed
Other Changes
- Fix applying masquerade by @t-aleksander in #313
Full Changelog: v1.6.4...v1.6.5
v2.0.0-beta1
🎉 Welcome to Defguard 2.0 Beta 1 🎉
📖 A comprehensive list of the changes implemented since Alpha 2 is documented in detail here: https://defguard.net/blog/defguard-2-0-release-beta-1/
🛠️ We highly recommend previewing it yourself. We prepared a guide explaining how to run the alpha2 before. To run the beta1 just use 2.0.0-beta1 image tags instead of 2.0.0-alpha2.
We want to get as much feedback as possible, so we encourage you to:
💬 open a GitHub discussion
🪲 report any missing features or bugs as issues
What's Changed
- Fix build PF on platforms other then FreeBSD and macOS by @moubctez in #286
- Allow SNAT bindings when masquerade is disabled by @moubctez in #287
- OPNsense plugin for Gateway 2.0 by @moubctez in #290
- Fix nft socket error by @moubctez in #293
- Error handling for network services by @moubctez in #294
- Faster cargo deny by @moubctez in #296
- Remove obsolete name option by @moubctez in #299
- support protobuf versioning by @wojcik91 in #292
- Fix masquerade, second attempt by @t-aleksander in #303
Full Changelog: v2.0.0-alpha2...v2.0.0-beta1
v1.6.4
This is a patch for the major 1.6 release. It fixes a problem with applying many firewall rules at once.
What's Changed
Other Changes
- Update nftnl and mnl by @moubctez in #274
- Defguard Gateway service not registered on opnsense in 1.6.3 by @jamtur01 in #278
- Proper socket handing for mnl by @moubctez in #280
- Fix build PF on platforms other then FreeBSD and macOS by @moubctez in #285
- Fix socket error by @moubctez in #295
- Update workflows by @moubctez in #300
Full Changelog: v1.6.3...v1.6.4
v2.0.0-alpha2
🎉 Welcome to Defguard 2.0 Alpha 2 🎉
📖 A comprehensive list of the changes implemented since Alpha 1 is documented in detail here: https://defguard.net/blog/defguard-2-0-release-alpha-2/
🛠️ We also highly recommend reviewing our detailed technical overview of all changes and the comprehensive showcase of all features in this article.
We want to get as much feedback as possible, so we encourage you to:
💬 open a GitHub discussion
🪲 report any missing features or bugs as issues
Detailed Changes
- Release 1.5 merger by @wojcik91 in #211
- Fixes pentest issue DG25-29 from 2025-09-02 by @j-chmielewski in #212
- Merge main into dev after 1.5.1 release by @j-chmielewski in #215
- Create SBOM files by @j-chmielewski in #216
- CI: scan code with trivy by @j-chmielewski in #217
- Periodic sbom regeneration by @j-chmielewski in #218
- Merge SBOM CI pipelines into main by @j-chmielewski in #219
- Health check rename by @jakub-tldr in #221
- APT uploading/signing workflow by @jakub-tldr in #223
- List whole directory by @jakub-tldr in #224
- Merge main into dev before 1.6 release by @j-chmielewski in #228
- Reverse gRPC communication by @moubctez in #233
- Limit connections to one Core by @moubctez in #241
- Enable use of fwmark by @moubctez in #242
- Disable APT repository signing/upload by @jakub-tldr in #244
- Core certificate authority, part 2: Gateway by @t-aleksander in #250
- Install missing build dependencies by @t-aleksander in #254
- Install missing dependencies, take 2 by @t-aleksander in #255
- MTU and FwMark are not optional by @moubctez in #256
- Gateway wizard by @t-aleksander in #257
- Update OPNsense plugin: add ACL, fix service by @moubctez in #259
- Purge RPC by @j-chmielewski in #268
- Update nftnl and mnl by @moubctez in #273
- Skip stats collection when disconnected by @j-chmielewski in #275
- Proper socket handing for mnl by @moubctez in #279
- Use proper file permissions for certificates by @moubctez in #281
- Prepare Alpha2 by @moubctez in #283
Full Changelog: v1.5.1...v2.0.0-alpha2
v1.6.3
This is a security patch for the major 1.6 release.
It includes dependency updates to resolve the following CVEs:
What's Changed
Other Changes
- update dependencies & prepare 1.6.3 release by @wojcik91 in #269
- update boringtun & wireguard-rs by @wojcik91 in #272
Full Changelog: v1.6.2...v1.6.3