Launch HN: Firezone (YC W22) – Zero-trust access platform built on WireGuard
Jamil Bou Kheir's Firezone is a remote access platform using WireGuard to enhance security for remote work, simplifying access control and deployment while addressing traditional VPN limitations.
Jamil Bou Kheir, the founder of Firezone, introduces a remote access platform designed to replace traditional corporate VPNs. Firezone utilizes WireGuard, a modern VPN protocol, to secure applications, networks, and services through access policies linked to identity providers. The platform allows for the deployment of small, self-contained binaries in various infrastructures, enabling remote workers to access protected resources via client apps. The traditional VPN model, which relies on a single perimeter for security, has become less effective as remote work and cloud resources have increased. Bou Kheir shares his experience with security challenges at Cisco, where malware spread from remote laptops to internal systems, highlighting the limitations of conventional firewalls and VPNs. Firezone addresses these issues by creating multiple smaller perimeters closer to resources, allowing for lightweight WireGuard tunnels that can handle thousands of connections. The system features a simple access control model to avoid complexity as the number of perimeters increases. Bou Kheir acknowledges the need for improvements in the user interface and user experience, emphasizing that Firezone is built by engineers for engineers. Users can try Firezone without signing up and access demo instances and client downloads through the provided links.
- Firezone is a remote access platform that replaces traditional corporate VPNs.
- It uses WireGuard for lightweight, secure connections and simplifies access control.
- The platform addresses security challenges posed by remote work and cloud resources.
- Firezone allows for easy deployment of access gateways in various infrastructures.
- The team is working on enhancing the user interface and experience.
Related
Sans-IO: The secret to effective Rust for network services
Firezone utilizes connlib, a Rust library for managing network connections and WireGuard tunnels sans-IO. This approach enhances testing, customization, and functionality assurance, promoting efficient and flexible network services development.
SSH has become our universal (Unix) external access protocol
SSH is widely used at a university for remote access. Organizations prefer a single VPN for security in low external access environments. WireGuard is suggested for personal use due to its security advantages over SSH.
Ask HN: I built a Yubikey-based domain controller. Is it sellable?
The individual discusses their R&D experience, highlighting a security appliance for remote access, targeting SMBs with varying IT budgets, and seeking marketing strategies amid challenges with legacy systems and client support.
How to Use Tailscale VPN to Embrace Remote Work and Explore the World
The rise of remote work has led to increased interest in digital nomadism, with Tailscale recommended for secure, flexible internet access through a self-hosted VPN, enhancing privacy while traveling.
- Users appreciate Firezone's use of WireGuard and its open-source nature, contrasting it with proprietary alternatives like Tailscale.
- There are inquiries about how Firezone competes with established products like WARP, Cisco AnyConnect, and Zscaler.
- Some users express concerns about the trust model of zero trust solutions and the potential risks involved.
- Feedback suggests improvements in product demonstrations and marketing strategies to enhance user engagement.
- Users share personal experiences and challenges with traditional VPNs, indicating a demand for better management of network connections.
17 commentsI'm curious how you guys are competing with the other folks in the space. WARP was/is a really tough product to maintain (crossplatform networking is very difficult). CF was doing well with WARP mostly due to the distribution advantage. I imagine it's harder for startups to break into the space.
It was before the refactoring and the move to zero trust, so back then it was a simple admin panel. It was maybe mid 2022 I implemented it.
There was a terraform module I created for setting up the basic infrastructure, but there is no way the module supports the current state of the product. I guess it moved way quicker than I was able to follow LOL. The module was accepted in the Firezone group but later discontinued, for obvious reasons. I wish I had the time to contribute to the project supporting an official module for it, but I guess life happens to everyone haha
Good luck with the project! This is really good and very needed, the only other alternative being Tailscale, which is all closed source.
Love that you are using rust!
For a small example, when working from home, we want to connect to SMB shares over the vpn, with regular traffic going over the regular LAN interface of the computer. When the same person comes into the main office, just use the LAN. The simplest solution is to teach users to make sure they turn their VPN off when in the office, but that’s a super easy step to forget.
Could Firezone help managing these quality-of-life details for end users?
I see the difference though. Tailscale goes with "secure this and that." It appears to attract people who don't already use a VPN, while you compare it straight to a VPN, which may be more enterprise crowd.
I'm not sure what your exact market is, but for a young startup at the very least, Tailscale marketing and UX appears a lot nicer.
I see that tailscale addresses this now somewhat: https://tailscale.com/kb/1226/tailnet-lock
Related
Sans-IO: The secret to effective Rust for network services
Firezone utilizes connlib, a Rust library for managing network connections and WireGuard tunnels sans-IO. This approach enhances testing, customization, and functionality assurance, promoting efficient and flexible network services development.
SSH has become our universal (Unix) external access protocol
SSH is widely used at a university for remote access. Organizations prefer a single VPN for security in low external access environments. WireGuard is suggested for personal use due to its security advantages over SSH.
Ask HN: I built a Yubikey-based domain controller. Is it sellable?
The individual discusses their R&D experience, highlighting a security appliance for remote access, targeting SMBs with varying IT budgets, and seeking marketing strategies amid challenges with legacy systems and client support.
How to Use Tailscale VPN to Embrace Remote Work and Explore the World
The rise of remote work has led to increased interest in digital nomadism, with Tailscale recommended for secure, flexible internet access through a self-hosted VPN, enhancing privacy while traveling.