Gateway

Don't forget to copy DEFGUARD_TOKEN necessary to start gateway connection from modal available on overview page under Docker run command

Binary Install

  1. Checkout Gateway releases here and download compatible binary from Github page.

  2. Decompress and move to bin directory

tar xcf ./gateway.tar.gz
sudo chmod +x gateway
sudo mv gateway /usr/bin/

  1. Start gateway gateway -g defguard.com:50055 -t <DEFGUARD_TOKEN>

Package Install

  1. On the release page find and download a correct software package for your system (currently DEB, RPM and TXZ are available).

  2. Install the package using relevant system tools: Ubuntu/Debian:

    sudo dpkg -i <path_to_deb_package>

    Fedora/Red Hat Linux/SUSE:

    sudo rpm -i <path_to_rpm_package>

    FreeBSD:

    pkg add <path_to_txz_package>

  3. Fill in the default configuration file (/etc/defguard/gateway.toml) with values corresponding to your Defguard installation (token and gRPC enpoint URL).

  4. Enable and start the systemd service.

    sudo systemctl enable defguard-gateway.service
sudo systemctl start defguard-gateway.service

Docker-compose

To start your gateway using docker-compose:

  1. We prepared a git repository with docker-compose configuration, clone it:

git clone --recursive https://github.com/DefGuard/deployment.git && cd deployment/gateway

  1. Copy and fill in the .env file:

cp .env.template .env

  1. Finally, run the service with docker-compose:

docker-compose up

If everything went well, your Gateway should be connected to Defguard and you can start adding new devices to your network.

SSL

You'll need a valid CA certificate to connect Gateway to Defguard. See SSL instructions.

OPNsense plugin

GitHub doesn't support FreeBSD runners - because of that it's hard to automate building/releasing the plugin (which is on freebsd).

Thus we have an issue that packages gateway are build with wrong architecture:

pkg: wrong architecture: Linux:6:x86:64 instead of FreeBSD:13:amd64
Failed to install the following 1 package(s)

There is a workarond for that:

mkdir -p pp zz
tar Jxf defguard-gateway.pkg -C zz
sed -e 's,Linux:5,FreeBSD:13,' zz/+MANIFEST > MANIFEST
rm zz/+COMPACT_MANIFEST zz/+MANIFEST
pkg create -M MANIFEST -o pp -r zz

To start your gateway as OPNsense plugin:

  1. On the release page find and download OPNsense package which will be named: defguard-gateway_VERSION_x86_64-unknown-opnsense.txz .

  2. Install the package

pkg add <path_to_txz_package>

  1. Refresh your OPNsense UI by running below command:

opnsense-patch

  1. Go to you OPNsense UI and navigate VPN -> Defguard Gateway .

  1. Fill form with appropriate values click Save then Start/Restart

You can find detailed description of all fields here.

If everything went well, your Gateway should be connected to Defguard and you can start adding new devices to your network.

PreviousKubernetesNextUpgrading

Last updated