Just an FYI - Netbird reached out, and I didn't realize it, but the Linux Client install does install a small GUI application. It's still being developed, but has some good functionality, so make sure to check your application menu to find it. I didn't notice it, but when I run it on KDE it gives me a tray icon with settings for the Management URL, Admin URL, Connect / Disconnect, and other info as well.

Looks very promising, will test it out! thanks.

@AwesomeOpenSource

6 ай бұрын

Hope you enjoy it!

Thats funny I had found this Product yesterday and now this Video comes Online 😂

@AwesomeOpenSource

6 ай бұрын

Awesome Timing!

Great video, thanks

@AwesomeOpenSource

6 ай бұрын

No problem 👍

Thanks for this

@AwesomeOpenSource

6 ай бұрын

My pleasure!

Would love to see more about this, doesn't seem to be a whole lot of info out there yet on youtube

@AwesomeOpenSource

3 ай бұрын

It's really a great setup. I have setup a bunch of machines, have my own Authentik IdP setup, and it is working quite well. I did have to uninstall the tailscale client on a couple of machines as they appear to interfere with each other. Not sure why though.

Thank you Brian for your continued help with using open source. Videos are looking very professional now. Could this be used with opensense like tailscale?

@AwesomeOpenSource

6 ай бұрын

I don't knwo if they officially support OPNSense yet, but maybe in the future. Definitely worth a request on their project pages on github.

@netbirdio

5 ай бұрын

NetBird doesn't yet support OPNSense but we will add the support

That’s a great! Would you show an OpenWrt setup like the one you mentioned where the whole network is the client?

@AwesomeOpenSource

6 ай бұрын

Let me see if I can get something setup. I'll add it to my list.

@mlsmaycon

6 ай бұрын

Netbird is being released in the official Openwrt repository

@AwesomeOpenSource

6 ай бұрын

That's awesome

Awesome Project! I was looking for something similar. I'm just stuked into the last step: you add a peer in linux by installing with the oneline command and then log in within the brower, but how about linux VM machine with no desktop enviorment? Thanks so much!

@AwesomeOpenSource

6 ай бұрын

On your management page, you will create a setup key, then copy that key immediately. You can set how many times that key can be used (so if you have 5 machines, you can use it 5 times). Next, use that key on each machine you're adding to the network with the command 'netbird up --management-url netbird.yourgreatdomain.com:443 --setup-key your-key'. I have this in my show notes link in the description as well.

This is pretty cool in terms of simple wireguard self-hosting solution. I can't find anywhere if there is a user / peer limit when self-hosted. I can see that if you use their cloud solution.

@AwesomeOpenSource

6 ай бұрын

Don't believe there is a limit via the software stopping you, but only what your hardware may can handle.

@magog6852

6 ай бұрын

Is there a better answer on this? This is SUPER important

@AwesomeOpenSource

6 ай бұрын

I would have to refer you to the Netbird team for that. I don't have a good answer based on what's on their site. I was looking at a question on Reddit from last year to them about them ever changing the self hosted model. They didn't answer, and honestly, as a business I understand why. They want to make money. As a business that makes their software open source, I appreciate that about them.

@Darkk6969

6 ай бұрын

@@AwesomeOpenSource Yep, I totally agree. If there is a limit say 10 peers for self hosted without some sort of a license or support subscription I'm perfectly fine with that for home use. If there is no limit then that is even better. If used in a business to support large number of peers and is self hosting I would expect them to get a business support subscription. That's what I did with ProxMox servers for work.

Hello Brian, did you see "dockge" uptime kuma devs another project?

@AwesomeOpenSource

6 ай бұрын

I hadn't, but it looks pretty cool! Thanks for pointing it out.

12:00 digital ocean, linode mentioned as good VPS providers. What do others think of Azure or AWS?

@StrikevonNice

6 ай бұрын

Both are very good but for me the simple online interface, simple (and cheaper I believe) pricing it makes sense to go with providers like Linode, Ocean, OVH. While lots more intergration with infrastrcture as code is great the often have lots of hidden charges and often lead the price increases. E.G. AWS charging for ip4 external address when some services can still only use that. Also just because there is wide intergration does not mean there are not bugs (I'm looking at you AWS terraform). If you want the cheapest there are websites and subreddit on cheap VPS but be warned, these are often companies trying to get market share and may close down suddenly as they run out of money (shame really as more comptation the better). All in all don't get hung on the pence/cent per machine like I have done. Chose something with a good dashbored and decent price, the time you spend to find the perfect thing when you can get something good is often never worth it.

@AwesomeOpenSource

6 ай бұрын

Well said!

Followed your instructions for a self hosted install on Oracle OCI. Everything goes well until it gets to the "Waiting for Zitadel to become ready" part. Then it just prints dots to the screen for like, well ever. It doesn't stop or move on to the next phase of the install. This is the third time I've tried to install on a freshly created Ubuntu VPS. Am I missing a step or does it normally take a few weeks for Zitadel to "become ready"? And thanks for the video/info.

@AwesomeOpenSource

6 ай бұрын

I had a couple of times where it did take a long time, and seemingly never started. No logging showing so hard to tell what happens. But, I just followed their instructions to remove it and tried agaon. Essentially, use CTRL + C to stop the process (may have to do it a few times), then use "docker compose down --volumes" to stop all containers and remove the volumes, then run "rm -f docker-compose.yml Caddyfile zitadel.env dashboard.env machinekey/zitadel-admin-sa.token turnserver.conf management.json" to remove all the files it downloaded and setup, and then I'd just try again. Generally worked fine second time around. Maybe that will help.

first, thank you for this awesome channel. one question, can you define a peer as an exit route ? basically meaning that all traffic can be routed through that peer ? tailscale has the ability to do that. thats very important to me, and I'm liking Netbird so far, only this feature is not clear

@AwesomeOpenSource

5 ай бұрын

I haven’t set that up yet, but yes as a I recall you can do all of those things from the server console. You can also set ACLs and so on with it.

@AwesomeOpenSource

5 ай бұрын

Here is a link to their docs on the topic. In this case the route would be out to the internet, but hopefully this helps. docs.netbird.io/how-to/routing-traffic-to-private-networks

I was having so much problems setting up netbird and at the end my problem was that I had installed and running in Proxmox VM with wireguard....As soon as I turn it off (and setup everything like in this video) everything started to work!

@AwesomeOpenSource

18 күн бұрын

Glad my video helped.

👍 on the gui

@AwesomeOpenSource

5 ай бұрын

Agree, it's super nice.

Hey is it possible to setup Netbird server togther with a client and nginx proxy manager on one VPS (2core 4gb ram) So i can point my domain to the proxy manager which then routes all traffic over the client to the sever which is connected to another client installed on my (unraid)homesever so i can access my services from every where without installing the client on every system? and would u use headscale, netbird or netmaker for this use case?

@AwesomeOpenSource

4 ай бұрын

Maybe, you'd need to make sure you are using their advanced setup, and change the ports that netbird dashboard is using so you can have 80 adn 443 used in NGinX Proxy Manager.

Hi Brian, thanks for your video, it's very helpful. I also tried to install Netbird on Oracle Cloud Infrastructure vps and, as happened to you, once the management interface is opened I get an error message (Network error) and the menu only shows the Peer item. How did you solve the problem? Thank you, Lorenzo.

@AwesomeOpenSource

4 ай бұрын

In Cloudflare, I had to enable gRPC. Not sure how to do that in Oracle Free Tier.

Amazing video & wiki... Cheers

@AwesomeOpenSource

3 ай бұрын

Thank you!

@randall_live

3 ай бұрын

@@AwesomeOpenSource Do you think it is safe to use this Docker in production environments or would it be preferable to do a more secure installation of each component?

Great video, great channel, thanks! What i didn't get from this video is why this wireguard implementation might be preferred to other implementations? It seems to have a bigger attack surface, you need to trust that netbird is doing things right in the background plus theres multiple web guis and other additional logic which could be faulty. This is not a criticism, i just didn't manage to answer those questions from the video

@AwesomeOpenSource

6 ай бұрын

It's the open source way of thinking really. You have the opportunity to see exactly how things are being implemented by Netbird because it's open source. If you find faults, you have the options to help them address the issues. As for whether it's better or worse, I think it's simply another option. We all want options, and I try to let you all know about various options. Tailscale is cool, Headscale makes it self hostable, and with some work you can even setup IdP with it, but Netbird does that for you much easier. So it's another option. Just depends on what you need at the end of the day.

Could you please do a video about the assetmanagement open source shelf? Its "new" and looks nice but i dont know how to install xD

@AwesomeOpenSource

6 ай бұрын

is it called "Open Source Shelf"? If so, I'll look into it and add it to my list.

I found the Android client did not transition between WiFi and cell service. Lost connectivity. After disconnecting I could continue. Hopefully this issue is fixed. I wish they would work with the existing WireGuard client. Otherwise it works great, and I appreciate the SSO authentication with Azure AD

@AwesomeOpenSource

6 ай бұрын

Definitely let them know about the bug on their github Issues page. That's the best way to get them to fix it.

Does the self-hosted netbird coordination server is for single-tenancy ?

@AwesomeOpenSource

4 ай бұрын

It can be configured for Single, or multi-tenant. Up to you to decide which. This is a setting in the setup.env file.

Why self-hosting this on a VPS? Would it be better to host it locally in your homelab?

@AwesomeOpenSource

4 ай бұрын

I do it so that I get the better up time, and so I don't have to open a bunch of ports on my home network to allow traffic through.

I followed the steps and is met with Zitadel's introduction screen when login in with the credentials provided. I don't see any way to get to peers whatsoever.

@AwesomeOpenSource

2 ай бұрын

I have to ask, have you added peers to the system? Where are you looking for peers? I'm just not following your issue as described.

Hey Sir, Needed some help i was trying to set that up on my machine inside pfsense firewall network with a public IP. I have pointed the domain as well Where as I managed to setup the netbird as well, as it shows the credential towards where process ends but can't see the dashboard online. When tried with Static IP, it just shows Login Error: User state: Unauthenticated ; Please help!!!!!!1

@AwesomeOpenSource

6 ай бұрын

Are you authenticating with the username and password provided in the terminal when the install finishes? Did you forward all ports as detailed in their documentation?

i've been trying to host this locally but it always hangs on the zitadel part.

@AwesomeOpenSource

3 ай бұрын

Sorry to hear that. Not sure why that would happen, but maybe the project folks can help if you post an issue and some logging.

Did we talk about the ports earlier? 10:13

@AwesomeOpenSource

6 ай бұрын

I may have edited our my earlier discussion on the number of ports that would need to be open. sometimes I talk about things a few times, but edit it down.

Hi Brian, netbird seems to be a nice solution for self hosting, but it seems that ios support is still not implemented - I found forum comments from 2021, that ios support is planed, so what happened in the last 2 years? It seems that this product is not maintained really regularly.

@AwesomeOpenSource

6 ай бұрын

I believe I said it in the video, but they have their iOS client in Beta right now, so will be released after beta is done.

@Glatze603

6 ай бұрын

@@AwesomeOpenSource I am looking forward. Then this app will be my favorite VPN-Solution.

how do you handle the tls certificate on the VPS? it kinda poses a security risk to login without a signed certificate in this case, i believe

@AwesomeOpenSource

6 ай бұрын

You can add your own certificate if you wish, it's in their more advanced documentation. Self signed certs aren't inherently risky, because they are your cert. If you are trusting a site you don't know, and who's owner / maintainer you don't know, then trusting their self-signed cert is risky indeed.

@plasticpippo201

6 ай бұрын

@@AwesomeOpenSource thanks so much for your reply! i thought self signed certs were susceptible to man in the middle attacks

@danbrown586

6 ай бұрын

I just ran through this setup an hour or so ago on an Oracle VPS, and it got a trusted cert--there weren't any cert warnings or other issues. But in principle, a self-signed cert (that you control) is even safer than a publicly-trusted cert, in that you can verify for yourself that it's the right cert. The problem is that very few people do that.

I like your videos, they are excellent. openvpn and wireguard protocols can be identify and therefor neutralize by ISP. openconnect does not have that vulnerability. i like something like this based on openconnect.

@AwesomeOpenSource

6 ай бұрын

Indeed, and that could happen, but good to know there are alternatives out there.

Can i make a site to site VPN with netbird? and is it better than netmaker?

@AwesomeOpenSource

6 ай бұрын

Can't say it's better than Netmaker. I'd say it's on par with it. The SSO integration with their quick start is a definite plus, and yes, you should be able to make a site to site setup. I haven't done it yet myself, so you may need to dig through their docs a bit.

Thank you for the tutorial.. I can get to about 90%. :( , then I get the error when it wants to start the coturn part. >> Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: open /proc/sys/kernel/domainname: permission denied: unknown. Any Idea pls? I am on proxmox , a lxc container with ubuntu 22.04.04 LTS . I would really like to set this up behind nginx if you can maybe make a tutorial on this? Thank you.

@AwesomeOpenSource

2 ай бұрын

Running docker on LXC can sometimes be a bit tricky. I'd say, just to start see if you can spin up a VM, and do the setup there just to see if it works, then you'll know if it's the Netbird side, or the LXC causing the issue. Also, Wireguard on Proxmos in LXC requires you to set some stuff on the host system so it will all function correctly, or at least I had to do that for the client to run in an LXC container. Do make sure you've enabled nesting in the LXC at the very least.

is this similar with tailscale?

@AwesomeOpenSource

6 ай бұрын

Similar to it, but a bit easier in my opinion.

The vps setup mentioned opening ports 80, 443 and one other. A comment was made that this would be a bad idea on your home network. Why is this? Isn't it this what would be necessary to self host this stuff?

@geogmz8277

6 ай бұрын

80 and 443 are attractive for botnets as they're well known ports and there are plenty! Of misconfigured Web Servers out there. Plus you can't trust the software you're running isn't vulnerable to any exploit... For a home lab environment you usually don't follow all the good practices and security policies you'll normally follow on an enterprise/professional level. In other words because we tend to neglect things and because there are bad actors out better expose the least amount of ports possible especially! Well known ports when you can.

@haraldwolte3745

6 ай бұрын

@@geogmz8277 thanks but how can you do anything without those ports exposed? He says to do it on a VPS rather than your home network but what is the difference? You still have to secure it somewhere

@PopularWebz

6 ай бұрын

Netbird offers their SaaS for free. For home use, you are better off using it than hosting the control server yourself. If you do self-host, you are better off using a VPS so you are not messing with NAT

@AwesomeOpenSource

6 ай бұрын

The idea behind services like these are that you run the server in a VPS, then the client on your home network machines. Those machines can reach out and connect through the encrypted tunnel, and no firewall ports are required to be opened on your home network. It's a more secure way to run, but nothing is perfect, so keep adding layers of security where you can.

@AwesomeOpenSource

6 ай бұрын

Great questions. but it's not just 80 and 443, there is a whole range of ports required for this to run properly, and opening that many ports on your home network really expands the attack surface.

Netbird is something like tailscale? Please explain

@AwesomeOpenSource

6 ай бұрын

It is similar in concept, but in my opinion a bit easier to install self hosted, and get SSO setup using Zitadel as part of their installer. So, like Tailscale, but IMO better.

@cig_in_mouth3786

6 ай бұрын

@@AwesomeOpenSource tailscale for personal use and this for team, I will watch again like single computer shared with my team?

@AwesomeOpenSource

6 ай бұрын

This can be for singlue user, or Team. It's up to you how you use it.

@alexandrearruda

5 ай бұрын

@@AwesomeOpenSourceand Netbird have awesome features like groups and ACLs in a very very simple way to configure. Before NB, I used a self-hosted version os Zerotier and it is great too, but ACLs in Netbird is another level. The ideia os the setup-keys ('one-shot' or multiple use) , attaching a host automatically to a group is great.

The quick install script use specific version of docker container for zitadel:v2.31.3 and cockroach:v22.2.2 and when you update Netbird according to the official doc they will never be updated. What is the best way for this can I update Zitadel safely its almost 7 months old...

@AwesomeOpenSource

4 ай бұрын

You'd have to ask the folks at Netbird about that. Not sure.

@x1dzero

4 ай бұрын

@@AwesomeOpenSource I updated the container to the latest version of Zitadel and encountered an error during the database update process. To resolve this issue, I had to first update to an older version before proceeding to the latest one. The system is now functioning perfectly, and it's more secure, considering that Zitadel in the QuickStart script is now seven months old.

@gadirlgadirk

4 ай бұрын

@@x1dzerohow do you do this? i’m not so familiar with docker so idk how or where in the file system to run the commands

@gadirlgadirk

4 ай бұрын

@@x1dzeroalso, what versions of everything were you on before and then after your updates?

You only used cloudflare to create a DNS entry that pointed directly to your droplet, without being proxied. It is not very clear why you had to enable this grpc option when you're not using something like a cloudflare tunnel.

@AwesomeOpenSource

6 ай бұрын

I was having issues getting the client to connect, and one of the things they said was it needs gRPC enabled if using cloudflare for DNS. They told me thins without me telling them I was using Cloudflare, so I enabled it, and it started working properly. You can ask them why it's required if you're looking for a more technical answer. I"m sure they'd be happy to explain.

@UltimateJiuJitsu

6 ай бұрын

I got it setup through a cf tunnel. I just set the domain to http in cloudflare and everything is working perfectly

@ralph4370

6 ай бұрын

When I had setup my DDNS and inturn VPN Access via Cloudflare. I had to disable the Cloudflare Proxy to make it work. If you read the Cloudflare documentation VPN does not work well with CLoud Flare's proxy enabled.

Hi, nicely Tutorial. I have question: Doesn't work for me. I have to wait a very long time. Waiting for Zitadel to become ready .............. Why? Please help. Thank you very much. (I have VPS by Oracle Cloud tier).

@AwesomeOpenSource

4 күн бұрын

I don't know for sure. May depend on the server resources. But, if it still won't work after making sure it meets the requirements, it may just be worth starting fresh on a new instance.

@khanhthedag7269

3 күн бұрын

@@AwesomeOpenSource I have deleted instance, and make a new instance. But, It's not working. I don't use again by oracle cloud tier. I have another question. Can I setup netbird server on Proxmox (VM)?

@AwesomeOpenSource

Күн бұрын

You can, but you'll have to do a lot of port forwarding.

How to make this work with Nginx? As a noob, this is all frustrating. The Netbird documentation is so vague...

@AwesomeOpenSource

Ай бұрын

When you say NGinX, what do you mean specifically? To use as a web-server, or as a reverse proxy?

@austin_colt

Ай бұрын

@@AwesomeOpenSource Reverse proxy for the web management. From my understanding, If I want to use this on my server at home, I would need to open ports 80, 443, and whatever UDP port that wireguard needs. I just want a self hosted wireguard VPN that has a web interface!

And what about iOS clients?

@AwesomeOpenSource

5 ай бұрын

I’ve been keeping an eye and the iOS client is now available as well from the App Store.

@yuriw777

5 ай бұрын

@@AwesomeOpenSource it’d be nice to have a video about it Thx and Happy New Year 🎆

Does it support LDAP ?

@AwesomeOpenSource

6 ай бұрын

I believe Zitadel does support LDAP. Here's a link to the Zitadel site on configuring LDAP as an identity provider. zitadel.com/docs/guides/integrate/identity-providers/ldap

@Richard-kl8wr

6 ай бұрын

@@AwesomeOpenSource Wow thank you :)

Is it better Than net maker

@AwesomeOpenSource

6 ай бұрын

I answered this before, but I think it's on par with netmaker. The setup is a bit easier, and you get SSO with Zitadel with this one, but functionality -wise, they are really close I think.

hello thanks man i have this error root@free:~# netbird up Error: unable to get daemon status: rpc error: code = FailedPrecondition desc = failed while getting Management Service public key: rpc error: code = PermissionDenied desc = unexpected HTTP status code received from server: 403 (Forbidden); transport: received unexpected content-type "text/html; charset=UTF-8"

@AwesomeOpenSource

5 ай бұрын

Maybe you ran it as root, or the Zitadel server didn't come up fast enough? Maybe just do a docker compose down, then docker compose up again and see if that resolves it. It's a forbidden access error.

netbird is solution for tailscale

@AwesomeOpenSource

6 ай бұрын

I find Netbird a bit easier for self hosting for sure.

3:20 they the opposite of redis

I appreciate your content but you're seemingly an advocate for "Big Cloud" services rolled out by Big Tech- Cloudflare, Digital Ocean, Vultr. $144/year ($12 x 12mos) to host that Netbird instance with Digital Ocean or some budget providers who can do a VPS service with similar specs for $48/year with the upcoming holidays?

@rouchar

6 ай бұрын

So?

@magog6852

6 ай бұрын

@@roucharHe has a point. why build big companies up if youre an “open source advocate”? Do as a i say, not as I do…

@rouchar

6 ай бұрын

@@magog6852 that's not how it works...

@geogmz8277

6 ай бұрын

Or get a free ARM instance from Oracle OCI... 😊 I'm running Wireguard in Phoenix Data Center for 2 years now... 4 cores, 24GB of RAM, and 200GB SSD... for free.. (of course nothing is free so privacy isn't something you should expect but I can live with) I only use it to tunnel back home via reverse proxy.

@rouchar

6 ай бұрын

@@magog6852 or have freedom to choose whatever you wanna do. curious how you're going to scale with 3 raspberry pi's

First viewer

@AwesomeOpenSource

6 ай бұрын

Glad you're here.

When they monitor and steal all your trafic data, that is free? Also they are breaking EU rules on cookie usage and user choice on their homepage.

@AwesomeOpenSource

6 ай бұрын

If you don't want to use their hosted offering, then you can run it self hosted, as I show in the video. As for the cookies, you can let them know that there's an issue, and I'm sure they'd be happy to update it. I don't think it's a European company, so they may simply not realize they arent compliant with GDPR.

@mrmotofy

6 ай бұрын

@@AwesomeOpenSource It's darn hard to make sure one complies with laws in every country haha

@littlepeon

25 күн бұрын

​@@mrmotofyseems that it is just easier to say that your company is not GDRP complaint and EU users should not use the software!

This actually seems more complicated than to simply use wireguard directly😂. In addition it requires alot of dependencies and a fairly potent VPS. I don't see the benefit here.

@AwesomeOpenSource

24 күн бұрын

The benefit is that a lot of olks are better with a GUI. Not strictly a requirement. You can absolutely do all of this in Wireguard with configuration files, but sometimes a control system like this makes it easier.

If there are limits to use the software, it's not open source, it's bullshit.

@AwesomeOpenSource

6 ай бұрын

I don't guess I understand where this comment is coming from. The limits are on a hosted plan by Netbird, not the self hosted version. The software is open source, and Licensed with BSD-3.

@RomvnlyPlays

6 ай бұрын

Yea it is open source. If I make the source malicious (ie selling your data , extreme telemetry, DRM) itself but you’re free to do as you wish with the program, it is still open source. What you’re thinking about is the term ‘free software’ by the FSF.

You should never have a non root user ffs

@AwesomeOpenSource

6 ай бұрын

Did I say this by mistake? I'm not understanding the comment.

Russia already blocked the whole wireguard protocol. There is no reason for use this solutions. Teach on our examples. Modern governments can block it in one day.😢

@kenny45532

6 ай бұрын

I'm curious to know what examples. How do they achieve that level of blocking? Or is it simply banned and not permitted for use?

@EvgeniyDev41

6 ай бұрын

@@kenny45532 This works in the DPI method. All providers have equipment installed that analyzes traffic. The whole protocol is blocked, it is physically impossible to connect to any server.

@GrishTech

6 ай бұрын

Well. It’s going to use turn relay, right? So it should still somewhat work.

@AwesomeOpenSource

6 ай бұрын

Sorry to hear this. It sucks when a government won't allow the citizens the freedom to choose how they communicate securely with others. Maybe someone will come up with a way to bypass it someday.

@vobaboba

6 ай бұрын

Actually Wireguard does work between peers inside Russia. I am using it every day in my work, and have no problem except shitty Rostelecom routers sometimes refusing to work properly (they brake Wireguard and OpenVPN UDP handshakes until you reboot them). And Netbird does work too. But I didn't test peers outside Russia.

This is BAD , you dont want a third party in managing your vpn.

@AwesomeOpenSource

6 ай бұрын

It's okay to not trust others with your networking, that's why they made it open source, and allow you to run it yourself. But others find value in a cloud hosted offering.

@magog6852

6 ай бұрын

Burken your comments suck. Elaborate on your points like an adult

@w0ode198

6 ай бұрын

At least when deciding to make a comment, kindly elaborate so it's contains more information. Your comments suck.

@BPL-Whipster

2 ай бұрын

There are lots of companies that offer this as a service, including companies that open source and companies that don't. For instance, lots of companies pay for zScaler, Azure WAN, and commercial Tailscale or Zerotier for instance.