Netbird: The Easy to Use Open-Source Wireguard Based Overlay VPN That You Can Host Yourself

Wait, sooo if I install this as well, do I get a sweet T-shirt?!

This is great Tom. I've heard them mentioned a few times. I love Tailscale, but the requirement of something like Gmail (I don't really want to fight with the OIDC stuff right now) has held me rolling it all over the place at home.

The ACL looks MUCH simpler to quickly glance at and manage.

Still using OpenVPN for clients AND IPSEC for site to site. Why are we continually re-imagining things that work?

Does Netbird support tunneling of general purpose multicast traffic? That was one of my main limitations with Tailscale and benefit of Zerotier.

Looks promising. Can't wait for BSD support to be implemented, so I can run it on OPNsense. Thanks for the video!

I switched from tailscale to netbird initially to try it out as I was having issues with tailscale routing to other advertised subnets (was using it as a tunnel)
It wasnt working that well and the throughput was quite poor (like it was trying to use relays all the time)

Switched to netbird and it has been absolutely flawless, it works perfectly. The throughput maxes out the data links at each site im using it in and the routing between sites is always there

All I really want is a means of doing 2fa or a prompted psk on regular wireguard so that it would be suitable for a client vpn. Don't want a whole thing just for that.

Commendable stuff, but only wake me up when they get port 443 SSL support!

I tried Netbird a while ago but unfortunately the Windows client was super buggy. For me, Tailscale is still the go-to but competition is good.

So, Tom -- do we feel this is suitable for personal use at this point?

Compared to Tailscale this is so much better when it comes to the security rules. Tailscales failure,imo, is forcing a user to write JSON rules to limit access whereas Netbird makes it dead simple and well thought out.

Geo IP filtering is ok but never understood why ISP locking isn't a thing.

Putting MFA on a paid plan is a non-starter. Requiring people to pay for the most basic security features is a bit insane, especially when something like SSO, which is often on a paid tier, is free.

Self hosted or hosted replacement for Zscaler ZPA? Yes, please. ZPA used to be affordable….The question is, can I use this to replace my Silverpeak SDWAN setup with 50+ offices and multiple data centers?

As amazing as always, Tom, thanks!

Still waiting for that pfSense plugin. Will make providing WireGuard VPN to friends much easier to manage

I've tried Netbird, ZeroTier, Twingate, and Tailscale. For me, Tailscale is the winner.

Would be great if you could setup multiple network subnets like you can in Zerotier.

I’ve been a Nebula user for years. One feature of Nevulas that I hope comes to Netbird is the ability for two nodes to choose to communicate locally with each other when they’re both on the same LAN.

Can the server that hosts the netbird also be used as an exit node? Thinking of renting one vm from Hetzner and I would like to use it also as an exit node

How to install it on raspberry pi to access Nas server remotely?

Thanks Tom, I've been looking for something for a while and so glad you brought up netbird. I've used tailscale for a while but switching to netbird was totally worth it. I self host most of my services and this was a no brainer. Excellently done @netbirdio. process took less than 5 mins and works as expected.

Thank you for that great video. I am very thankful for these wonderful open source projects 🥰

This is similar to netmaker and how its different from zerotier? I guess zerotier not using wiregard

Just need bsd support...

I discovered Netbird a month or two ago and I honestly don’t know how I ever functioned without it. Self hosting with Authentik is a breeze. The only thing I’m struggling with is getting my Debian servers to be able to resolve dns properly for other Netbird connected clients.

I'm still missing proper kubernetes support, there are some community made helms but they are undocumented and pretty bad.

Thanks for the introduction. I have a Samsung Galaxy S22 phone with the infamous shitty battery. Now android on it will complain that my tailscale client running in background is consuming to much battery. So I'm looking into moving to another system. However what @PowerUsr1 said is also important, that it's easier to implement security in netbird.

So Netbird has to be running on the other end? This seems very limiting as to who you can communicate with. Also as a complete noob; is this appropriate as a substitute for a regular VPN? I'm a home-based user looking into starting to use a VPN.

Is there a completely self-hosted, on-premises and isolated so that it creates a TRUE virtual private network without requiring any dependency (not neve the creation of an account) on any third-party server? i.e. A zero-trust solution.

I saw that when my main WAN goes down the connection is not restored on the failover, I have to manually restart all agents to get it working again.

Great video Tom as always! - Could we get the Draw_IO diagram added to your Github please?

what app do u use for the diagrams? they are great

So, NetBird vs Zerotier vs TailScale ??

My man sold out for a tee shirt…. lol. Jk xoxoxo always honest and from the heart that’s what we loves about ya.

Alright, that was actually crazy easy to setup. Converted from manually managed Wireguard, what a chore it's been...

Awesome video, but if you just use pure wireguard, you don't need any overlays

Looking at the UI and the shiny bits. it looks a lot more user friendly that wireguard.
Would this be usable for remote access to a small home lab setup or is it complete overkill?

I'm tailscaled, but this looks great!

Why would you want to use this over standard self hosted WG-Easy install or something? Would this be better at bypassing FWs that block VPN traffic?

I'm keeping an eye on the project, I like its design very much. The only thing stopping me from considering it is that the scope of Access Control is only at the peer-level, instead of allowing including arbitrary CIDR definitions in Access Control Policies (so that not every service host itself has to be joined to the overlay network as a peer in order to have control over the peers access to it, which is unfeasible or undesirable in many cases)

Would be good if I could setup certs on this through letsencrypt to all the peers hostnames. So many things don't like it when there's no registered cert on the address.

No Synology client, though. I wonder how difficult would it be to deploy it in an OCI container and allow it to access subnet resources? 🧐

can the server behind cg-nat ?

Netbird is awesome! Thanks for sharing.

Does anyone had success with installing Netbird directly on TrueNAS Scale?

For those considering using the free tier of Netbird.. It is an awesome product. I have been using it and love it. Its great for small deployments with less than 5 users and 100 machines. However, they recently pulled "part" of the rug out from under their free tier users. You used to be able to setup the posture checks on the free tier. But no more. They have removed the posture checks from the free tier (without prior notice) from what I can tell. Now that is a Business plan feature only. Its a "free" tier so we can't complain too much. The connection still work great. But this move has reduced my trust that they won't start removing other features without notice. I will probably switch to self-hosted. But that also makes me wonder if they will start removing features from that too.

what program are you using the map out those networks? That's pretty slick and I haven't seen that before.

Ohhh nooo! Your Testes expired 😁😁

Where is the IDP integration or user assigning to apps as per ZTNA framework?

Thank you for your support and recognition, Tom. Vídeos like this one keep us up and motivated. The whole NetBird team appreciates your work.