WireGuard Remote Access. Without the Complexity.

Access your home or office network from anywhere — no key generation, no config files, no command-line setup. Deploy the hardened VM appliance, sign in, and manage WireGuard peers from a web dashboard. Self-hosted remote access made simple.

Get Started Learn More
ANYWHERE YOUR GATEWAY YOUR LAN REMOTE ACCESS UPSTREAM VPN FILTERED Remote VPN App NetGuard WG Gateway NAS Camera Server VPN Server Cloud Shield Internet ✓ Protected malware ads
How It Works

WireGuard Remote Access Without the Command Line

Deploy a managed WireGuard appliance on your network — access your LAN from anywhere.

Managed WireGuard

NetGuard handles WireGuard key generation, peer configuration, and tunnel management automatically. Deploy the OVA, sign in, and add peers from the web dashboard — no command-line configuration needed.

Secure Remote Access

Access your home or office LAN from anywhere — NAS, media servers, security cameras, printers, internal tools. Use the VeloGuardian app on any device to connect through a secure WireGuard tunnel.

VeloGuardian NetGuard dashboard showing connected peers, traffic stats, and available tunnels

Upstream VPN Dashboard and Control

VeloGuardian NetGuard remote access page showing registered peers and connection status

Remote Access Dashboard

Who It's For

Built for Every Network

From home labs to remote teams — secure access without complexity.

Home Labs

Access your NAS, media server, security cameras, and home automation from anywhere. No port forwarding, no dynamic DNS hassles — just a secure WireGuard tunnel to your entire home network.

Small Offices

Give your team secure access to office resources — file shares, printers, internal tools — without expensive enterprise VPN hardware. Deploy on existing virtualization infrastructure and manage peers from the dashboard.

Remote Teams

Let remote workers connect to the office LAN as if they were on-site. Each team member gets their own WireGuard peer managed through the dashboard — no manual configuration on either end.

Features

Built for Security, Designed for Simplicity

Everything you need in a managed WireGuard gateway.

WireGuard Protocol

Built on WireGuard — the modern, high-performance VPN protocol. Faster connections, lower latency, and a smaller attack surface than OpenVPN or IPsec.

Peer Management

Add, remove, and monitor peers from the web dashboard. Automatic key exchange and configuration — no manual WireGuard config files to edit.

Web Dashboard

Monitor connected peers, view traffic stats, and manage your gateway from any browser. Runs over HTTPS with a self-signed TLS certificate. All API calls proxied server-side.

Console CLI

Configure network settings (IP, gateway, DNS) through a lightweight console interface on first boot. SSH access available for advanced administration.

Signed Auto Updates

Ed25519-signed update packages ensure tamper-proof updates. Download and apply updates from the web dashboard — no manual file transfers or SSH sessions required.

Hardened Appliance

Purpose-built OVA with a minimal attack surface. Locked-down OS, no unnecessary services, server-side API proxy so your credentials never reach the browser.

Comparison

NetGuard vs Other WireGuard Remote Access Solutions

How NetGuard compares to manual WireGuard, Tailscale, and other VPN solutions for home and small business.

Protocol
NetGuard WireGuard
OpenVPN AS OpenVPN
pfSense / OPNsense OpenVPN / WireGuard
Tailscale WireGuard (modified)
Manual WireGuard WireGuard
Setup complexity
NetGuard Import OVA & sign in
OpenVPN AS Install + license
pfSense / OPNsense Full OS install + config
Tailscale Install agent per device
Manual WireGuard CLI per peer
Web management
NetGuard Yes
OpenVPN AS Yes
pfSense / OPNsense Yes
Tailscale Yes (cloud)
Manual WireGuard No
Self-hosted
NetGuard Yes (OVA appliance)
OpenVPN AS Yes
pfSense / OPNsense Yes
Tailscale Coordination server is cloud
Manual WireGuard Yes
Hardened OS included
NetGuard Yes
OpenVPN AS No
pfSense / OPNsense Yes (is the OS)
Tailscale N/A
Manual WireGuard No (BYO OS)
Automatic peer config
NetGuard Yes
OpenVPN AS Yes
pfSense / OPNsense Manual
Tailscale Yes
Manual WireGuard Manual
Dedicated app
NetGuard Yes (all platforms)
OpenVPN AS Yes
pfSense / OPNsense Third-party clients
Tailscale Yes
Manual WireGuard WireGuard app
Signed updates
NetGuard Yes (Ed25519)
OpenVPN AS Package manager
pfSense / OPNsense Package manager
Tailscale Auto-update
Manual WireGuard Manual
Free tier
NetGuard With Citadel plan
OpenVPN AS 2 connections free
pfSense / OPNsense Free (open source)
Tailscale Free (limited)
Manual WireGuard Free
Getting Started

Get Started in 3 Steps

From download to secure remote access in minutes.

01

Deploy the VM

Download the OVA file and import it into your hypervisor — VMware, VirtualBox, or Proxmox. Boot the VM and follow the console wizard to set a static IP and configure network settings.

02

Connect to Your Account

Open the web dashboard from any browser on your network and sign in with your VeloGuardian account. NetGuard authenticates against the VeloGuardian API and configures the WireGuard gateway automatically.

03

Add Peers

Add your devices as peers from the dashboard. Install the VeloGuardian app on each device, and it will connect to your NetGuard gateway automatically. Access your LAN from anywhere.

Requirements

System Requirements

Lightweight enough to run on any modern hypervisor.

Hypervisor

  • VMware Workstation / ESXi 6.5+
  • VirtualBox 6.0+
  • Proxmox VE 7.0+

Minimum Resources

  • 1 vCPU
  • 1 GB RAM
  • 8 GB disk
  • 1 network adapter (bridged mode)

Learn More

Resources about WireGuard gateways and secure remote access.

WireGuard Remote Access: The Complete Guide

What WireGuard remote access is, why manual setup is painful, and how NetGuard eliminates the complexity for home and business networks.

Read more →

How to Access Your Home Network Remotely

Access your NAS, cameras, and home servers from anywhere without exposing services to the internet. No port forwarding per device.

Read more →

What is WireGuard VPN?

Why WireGuard is the protocol of choice for modern VPN deployments — speed, security, and simplicity compared to OpenVPN and IPsec.

Read more →

VPN for Remote Workers

How a VPN gateway lets remote teams access office resources securely — without exposing your network to the internet.

Read more →
FAQ

Common Questions

Answers to the most frequent questions about VeloGuardian NetGuard.

VeloGuardian NetGuard is a managed WireGuard gateway appliance distributed as a hardened OVA virtual machine. Deploy it on your home or office network to create a WireGuard VPN gateway that lets you securely access your LAN from anywhere. Manage peers, monitor connections, and configure settings through a web dashboard.

Yes. NetGuard authenticates against the VeloGuardian API to manage peer configurations and tunnel settings. You need a VeloGuardian account with a Citadel subscription to use NetGuard.

Manual WireGuard setup requires generating keys, editing configuration files, managing firewall rules, and configuring each peer by hand. NetGuard handles all of this automatically — deploy the OVA, sign in, and manage peers from a web dashboard. No command-line WireGuard configuration needed.

Yes. Use the VeloGuardian app on your phone to connect to your NetGuard gateway. Once connected, you can access any device on your home LAN — NAS, cameras, servers, printers — as if you were physically there.

NetGuard is distributed as an OVA file that works with VMware Workstation, VMware ESXi 6.5+, VirtualBox 6.0+, and Proxmox VE 7.0+. It requires 1 vCPU, 1 GB RAM, 8 GB disk, and one bridged network adapter.

NetGuard uses an Ed25519-signed update package system. Updates are downloaded and verified automatically through the web dashboard. Each update package is cryptographically signed to prevent tampering.

Yes. The dashboard runs over HTTPS with a self-signed TLS certificate on port 443. All API calls are proxied server-side, so your VeloGuardian credentials never reach the browser. The appliance OS is hardened with no unnecessary services.

Yes. Deploy both appliances on the same network for layered protection. NetGuard handles encrypted remote access while VeloGuardian DNS filters malicious domains and ads for all devices on your LAN. Both run as lightweight OVAs on the same hypervisor.

Yes. Once NetGuard is running and you connect through the VeloGuardian app, your device is on your home LAN. You can access your NAS, media server, security cameras, printers — anything on the local network — as if you were physically there. No port forwarding needed for individual services.

Tailscale routes traffic through their cloud coordination servers and requires installing an agent on every device. NetGuard is fully self-hosted — your traffic stays on your network, and the gateway runs as a VM you control. You get WireGuard remote access with a web dashboard, no per-device agent installs, and no dependency on a third-party cloud service.

Much easier. Manual WireGuard setup requires generating key pairs on every device, editing configuration files, setting up port forwarding, managing AllowedIPs, and troubleshooting routing. NetGuard eliminates all of that — deploy the VM, sign in, and add peers from the web dashboard. Key generation and configuration happen automatically.

Secure Your Network

Deploy NetGuard and access your LAN from anywhere — secure, simple, and managed through a web dashboard.

Get Started Explore DNS Filtering