Firezone and Zero-Trust Network Security with Thomas Eizinger

Dec 23, 2025

Ask episode

Chapters

Transcript

Episode notes

episode 19 — Firezone and Zero-Trust Network Security with Thomas Eizinger.

In this episode of Netstack.fm, Glen talks with Thomas Eizinger from Firezone about designing a zero trust enterprise VPN built on top of WireGuard. They break down how modern VPNs work in practice, covering virtual network adapters, split tunneling, DNS interception, policy based access, and secure packet routing using WireGuard, ICE, and TURN relays.

The discussion highlights how Firezone differs from legacy VPNs by focusing on performance, reliability, and minimal user friction, while also touching on the role of Rust and Elixir in Firezone’s architecture and the long term importance of IPv6 adoption.

Learn more:

https://github.com/firezone/firezone — Firezone main repository
https://github.com/firezone/firezone/tree/main/rust/relay/ebpf-turn-router — Firezone eBPF in kernel relay router
https://www.firezone.dev/kb/architecture/critical-sequences#detailed-connection-setup — Firezone Connection Setup
https://www.wireguard.com/papers/wireguard.pdf — WireGuard whitepaper
https://github.com/firezone/boringtun — Firezone fork of boringtun user space WireGuard
https://www.rfc-editor.org/rfc/rfc8656 — TURN RFC 8656
https://x.com/firezonehq — Firezone on X
https://x.com/oetzn — Thomas Eizinger on X
https://hachyderm.io/@wheezle — Thomas Eizinger on Mastodon
https://github.com/thomaseizinger — Thomas Eizinger on GitHub

Rama

If you like this podcast you might also like our modular network framework in Rust: https://ramaproxy.org

Chapters

00:00 Intro
00:42 Introduction to Thomas Eizinger
05:19 Firezone's Turn implementation
11:00 Understanding VPNs and Firezone's Approach
29:27 Legacy VPNs vs. Firezone: A New Era of Networking
36:19 Firezone is opensource
37:27 Zero-Trust VPNs
40:28 What is WireGuard
43:36 Firezone's Integration with WireGuard
50:19 Handling Connection Failures
58:00 Geolocation and Relay Selection
01:04:45 Elixir Developer Experience (DX)
01:10:19 IPv6 Adoption and Future Considerations
01:15:03 Outro

Netstack.FM

More information: https://netstack.fm/#episode-19
Join our Discord: https://discord.gg/29EetaSYCD
Reach out to us: hello@netstack.fm

Music for this episode was composed by Dj Mailbox. Listen to his music at https://on.soundcloud.com/4MRyPSNj8FZoVGpytj