Firezone can be self-hosted on a server running a supported Linux distribution in a few minutes. This guide will walk you through the steps to get started.
Start by checking if your environment is listed on supported platforms. A kernel upgrade may be required to ensure WireGuard® is available.
Ensure port forwarding is enabled on your firewall. The default Firezone configuration requires the following ports to be open:
443/tcp: To access the web UI.
51820/udp: The VPN traffic listen-port.
Note: Firezone modifies the kernel netfilter and routing tables. Other programs that modify the Linux routing table or firewall may interfere with Firezone’s operation. For help troubleshooting connectivity issues, see the troubleshooting guide.
Firezone requires the setup of a DNS record and matching SSL certificate for production deployments. See instructions here.
The easiest way to get started using Firezone is via the automatic installation script below.
bash <(curl -Ls https://github.com/firezone/firezone/raw/master/scripts/install.sh)
This will ask you a few questions regarding your install, download the latest release for your platform, then create an administrator user and print to the console instructions for logging in to the web UI.
Note: During install new firewall rules are added, which can interrupt the SSH connection. If this happens and you miss the admin instructions, reconnect to the server to run
firezone-ctl create-or-reset-admin. This will re-create the admin user and output the address of the web UI to the console. We are actively working on a fix for this issue.
By default, the web UI can be reached at the IP or domain name of your server. You can regenerate the admin credentials using the
firezone-ctl create-or-reset-admin command.
If the script fails, follow instructions for manual installation.
Once successfully deployed, users and devices can be added to connect to the VPN server:
- Add Users: Add users to grant them access to your network.
- Client Instructions: Instructions to establish a VPN session.
First, check our troubleshooting guide to see if your issue is covered there. If you are unable to resolve the issue:
- Ask a question in our discussion forums or Slack channel
- Report bugs or propose new features on Github
Congrats! You have completed the setup, but there’s a lot more you can do with Firezone.
- Integrate your identity provider for authenticating clients
- Using Firezone to establish a static IP
- Create tunnels between multiple peers with reverse tunnels
- Only route certain traffic through Firezone with split tunneling
Support us by: