Over the last couple of years, have used Tailscale, Headscale with Tailscale, Twingate... but remove everything to migrate to selfhosted Netbird... Great tool with the right features I need to my personal needs... Well done ... one thing missing though is to be able to route traffic to Internet via a given connected agent
This thing is awesome. I'm searching for like 2 weeks now for a zero trust like get-to-home solution with which I can use domain names, and i think now I don't need to look anywhere else. Thank you for the video, I love all of yours. Thank you for the good content, keep it up!
+1 on the comparison video. Thanks for making this one! After banging my head against the wall getting headscale to run and realising how it is still missing a bunch of features, really excited to give a fully supported foss variant a go! I have no idea why anyone would trust tailscale to run the controllers. So I am super happy that this exists! Thanks netbird team ❤❤❤
Thank you Christian. Since I've struggled the last couple days with installing headscale in my environment, this is really the perfect timing for me, that you released this video 👍👍😁😁
I did like headscale / tailscale, but I needed a LAN-to-LAN solution and headscale seemed to be peer access only. I could be wrong, but I couldn't see a way of configuring LAN-to-LAN.
Without watching the video, yet, I just wanted to chime in and say that I've tried NetBird, too, but gave up due to me not fully understanding it and it giving me a headache but I'll try it at a later stage when I got more time and I'll happily watch your video, too, to get some help and tips on that matter! It's like you've been listening to me!
@@netbirdio It's for home use, really. I guess, it was just the combination of multiple factors: Me getting excited jumping ahead, following your guide and maybe leaving it to early. I'll work on it during the weekend a little further. My main point was (could be HW related!) that Zitadel was awfully slow (want to check out the other options) and I had troubles routing traffic through, for example, Finland (got a server there, where I installed NetBird, too, as well). I will get back to you after watching this video on looking through your documentation a little more. Honestly, it could've been my fault all the time (I'm currently sick as well, which doesn't make things better if you can't think properly lol). Thanks for reaching out!
@@playeronthebeat We probbaly need to improve our advanced guide indeed. The quickstart guide should be enough for home use :) Thank you for the feedback!
@@netbirdio Even when I release the ports correctly on my network, the wainting zitadel message keeps loading forever. I've done everything and I still can't complete the installation.
@@christianlempayeah speed comparison is not very useful. Since all use WG, a features comparison is more important, because it’s how they differentiate from each other.
@@LtdJorgewell it still matters to some people, and we could definitely see some differences cause tailscale has been doing a lot of optimizations on their wireguard integration for the past years iirc tailscale provides its own drivers for wg, which leads to better bandwidth, less latency and less cpu overhead
How is this even possible that you coming up with those ideas/problems that I'm currently trying to solve? It integrates with Authentik identity provider as well, that I recently set up! Nice T-shirt by the way. :D
The thing I love about VPN conversation is that it's nearly always in the context of privacy, on windows devices, while widgets just harvest all of your data and now copilot does the same. Hilarious.
@@christianlempa unfortunately Zitadel won't start up. Somehow some ports don't seem to be open but I setup NAT correctly. 80 and 443 are open but the others are not... maybe it's a layer 8 issue lol I'll try again sometime later today
Hi Christian, First off, I just wanted to say great job on the video-it was really informative! I have a quick question: Could you please share the reason you used a wildcard on the DNS record? I’m curious to understand the rationale behind it. 05:31
Hi Christian, thanks for this video. Netbird is awesome. I only use 2 internal vm´s as a peer group in the netbird server, that are installed in a separate vlan at home. So I have to define access policies in the netbird server ui and I have to create firewall rules at home in order to communicate with any other systems in my homelab (and in other vlans than the both vm´s) over these 2 vm´s. The advantage is, that I have another layer of security (if someone gets access to your admin-account, he could change the access ruls to any/any, but he can not change my firewall-rules in my homelab) and I only have to install 2 internal netbird-clients. Unfortunately some features that you described are only available with business subscription (device posture checks), but the self hosting edition is a really cool and secure solution.
Absolutely have to agree here, some of the more recent videos have been with either closed source or have anti-features, or they've been sponsored ones, which seem not too unbiased of reviews.
I’ve done it at multiple places throughout the video, adding a watermark, mentioning it twice in the video (beginning and end), and added the checkmark on YT it includes a promotion. Please tell me: what else should I have to do in your opinion? Really! Because I don’t know…
Hello Christian, I would be interested in the options for securing the self-hosted version. Whether it is placed in a DMZ or in the LAN, DNAT/PForwarding must be set up in any case, as well as communication in the internal network. Do you have any tips for further security or do you trust the product?
If you don't trust the product/technology there's no reason why you should use it. As this is a critical part of your access control. What I'd do is secure the netbird service as good as possible, adding it to a DMZ (if possible), and adding 2fa to all your users.
Thanks for this video. I've been looking at all the different self hosted options out there. Does netbird work with NGINX Proxy Manager? Also thank you for touching on the routes for connecting to "LAN" resources. Hoping to use this with phones to connect to my pihole instance for on the road DNS filtering. Overall really thorough and well put together video. Keep them coming!
The install script fails with: Creating new Zitadel SPA Cli application ERROR calling create_service_user_secret_id: User could not be found (QUERY-Dfbg2) Probably a zitadel issue... :(
This was a great video mate. You gave a lot of clarity about parts I was not aware. Thank you very much! I think that I am still wondering is how can I selfhost without being inside a VM, I just want to host it either on baremtal or on a docker which is running on baremetal, not inside a VM. Let's see if I can tinker enough with the self-hosting starter script enough to make that happen. Dankeschön!
Came across your channel and liked the videos. very high quality content. It just so happens that there is a cluster of proxmox servers of different configurations at hand. No separate storage. Can you tell me if you have any articles or videos on how to unite different hardware into one convenient interface? How to properly distribute storage and virtual machine management. Thanks in advance!
I have a proxmox ve server with a public IP, several vms (including a proxmox backupserver) and lxcs which I would like to backup on my local network. Any recommendations what would be the best way to go? In my home network, I also have a proxmox ve Server, local IP, running portainer, truenas, nextcloud and a proxmox backup server. I would like to use the pbs to use my local smb or nfs share to backup and restore my machines vise versa. I guess the easiest way would be, if both proxmox servers are sharing a secure connection? What would be best praxis to solve this? Would netbird be fine for that, or maybe tailscale? Does this hast to be installed only on the PVE host or also on every vm or lxc?
Hi christian, we tried it also on our company, but in out test every user on an domain joined laptop had the same connection and no additional authentication was needed. For us this is a no go. In a zero trust setup every user needs the own connection. Is there a setting to change this? Greetings christoph
Hi Cristian, Truly fantastic application. I would like to use it in my homelab but how can I do it since I use NGINX Proxy Manager which also runs on ports 80 and 443?
Nice! You can technically do that, but I haven't done a test setup yet. Maybe I'll make a video to integrate it into authentik and traefik, but not nginx proxy manager.
@@christianlempa I already did it, TRAEFIK + AUTHENTIK + NETBIRD works! The challenge for me now is NETBIRD + NGINX Proxy Manager, but i know you prefer TRAEFIK :-)
So NetBird is Peer to Peer from my understanding and can provide a secure way for other users to work on the same project. Now CloudFlare can also do the same thing basically right if your hosting your server in via a CloudFlare tunnel however its not just Peer to Peer in CloudFlare making it less secure than NetBird? Am I understanding this right Christian? 🤔🤔
@@christianlempa that's be awesome thank you immensely. I get lost in so many facets of different cloud infrastructure and many can be utilized many ways and it's always awesome to explore the possibilities with them.
Hey Christian. Mich würde mal interessieren, als was du arbeitest, also der genaue Fachbereich. Fällt das unter DevOps oder wie ist deine genaue Job Bezeichnung (sofern du nicht vollzeit RUclipsr bist)
Hi! Ich komme aus dem IT Support und bin aktuell als Technical Account Manager angestellt. Allerdings arbeite seit einiger Zeit mehr oder weniger Projekt-basiert was auch viel mit dem Bereich automatisierung, security, usw. zu tun hat. Eventuell werde ich mich da demnächst weiterentwickeln, aber mal sehen... ;)
How fast do you think is this when streaming plex while netbird is on and using your mobile data accessing your plex server at home? Tailscale is doable but i have a problem where it buffers and you have to pause it for 3 to 5minutes to download the stream and watch it.?
Serious question: I have setup NetBird on their servers, I’ve added a few peers, but when I connect two peers to NetBird I’m not able to do or reach anything. My phone says, it’s connected to a vpn, but I’m still getting the ip address from my mobile provider, not from my home network. On my server the NetBird client runs as a docker container.. anybody has some ideas?
Would be more interesting to see a tutorial on how to use another auth provider instead of zitadel or how to deploy zitadel and then attach netbird so you can actually reuse zitadel.
I'm hosting it locally on my own network, but I don't see any of the tabs on the left sidebar when I log into the admin panel, so I can't proceed with adding a peer. Anyone have any idea why? I'm logged in with the automatically created admin account.
Nope. These are available in the cloud but not in the self-hosted version: 1. Identity provider groups and users sync 2. Event streaming to Datadog and others 3. Peers approval 4. Geo distributed relay servers 5. Posture checks with Crowdstrike 6. User invites (thought, as Christian explained in the video, it can be done with Zitadel)
@@netbirdio Maybe you shoud change this sentence on the pricing web page. "The self-hosted version is open-source and free to use "without any limitations"."
@@christianlempaYou are very much welcome :) What do you think of putting their selv-hosted server with so many ports open as a webfaced server ? I am slightly concerned My connections stops working if i make fw rules for the sites i want to be connected aka source ip. - I recon it can be because of the certificates from Letsencrypt cant check the connection server anymore. and Zitidal is doing somthing too, as it stalled first time installing the server when i forgot to open the ports at before install I actually think Headscale is better here, as you can make source ip and still working. Tho i am missing the 2FA method there Thanks again for the video :) :)
Thank you for the video, I`m planning to deploy this solution to have a remote access to clients sites everywhere ,I did test that with a self-hosted server on AWS, I configured a Raspi on my local network to test with, and it`s easily blocked by the snort IPS installed on pfsense. So I imagine it wont work as all our clients have a sophisticated IPS installed.
I must confess I really like Netbird too. However I have had some issues, mainly with LANA to NetBird to LANB routing. I.e. a device on LANA talking to a device on LANB through the NetBird VPN. It only seems to work if the access control default policy is set from all to all, allowing all, which is a shame. I'm sure its a bug, or missing feature, as the UI looks like it should work. Oh Hum. That said I do like NetBird. My favourite VPN solution "would have been" NetMaker, but since features like egress and relay has moved from the CE edition NetBird got one number slot ;-)
It is not behind a paywall. If you use SSO login with Google, MS, Github, etc and enable MFA there, then you will have it in NetBird automatically. Also in the free plan. The paid one is for accounts with username/password where we will need to configure MFA manually.
Hello everyone, I found some more time to test the product. The self-hosted version lacks features. I got a business subscription to test it. That's a joke. 1) If I activate routing, all the firewall rules created are completely ignored. If I deactivate routing, it works again. WTF? 2) User invitations only work halfway. The recipient receives the invitation and has to enter a new password, but the user remains in pending mode after approval. WTF? 3) Any anonymous user can access the web UI and sees a pre-selection of the local users that have already been created. WTF? Personally, I'm not convinced by the product!
Around 8 minutes your screen recording flickers a lot. You are probably using OBS, If you switch to ScreenFlow, You have a way better interface and don't run into those problems. Oops it is visible on all dark screens.
Love the videos Christian and love trying out the different self hosted videos you put up. I have one question am hoping netbird or yourself can help :P . How can I implement this solution if ports 443 / 80 are in use. IE : Traefik
A correct wording would be: „Tailscale as well as Netbird are controller based Wireguard services.“ There are several other competitors in this space, e.g. Netmaker.
Amazing! Thank you, Christian from the whole NetBird team.
Thank you, guys!
Over the last couple of years, have used Tailscale, Headscale with Tailscale, Twingate... but remove everything to migrate to selfhosted Netbird... Great tool with the right features I need to my personal needs... Well done ... one thing missing though is to be able to route traffic to Internet via a given connected agent
PLEASE implement exit nodes!! There is a full git request with multiple votes for this feature
There’s an open draft PR and it is on their roadmap for this month!
The access control policy configuration is intuitive compared to Tailscale. Good job, guys.
This thing is awesome. I'm searching for like 2 weeks now for a zero trust like get-to-home solution with which I can use domain names, and i think now I don't need to look anywhere else. Thank you for the video, I love all of yours. Thank you for the good content, keep it up!
+1 on the comparison video. Thanks for making this one! After banging my head against the wall getting headscale to run and realising how it is still missing a bunch of features, really excited to give a fully supported foss variant a go! I have no idea why anyone would trust tailscale to run the controllers. So I am super happy that this exists! Thanks netbird team ❤❤❤
Glad it helped!
Thank you Christian. Since I've struggled the last couple days with installing headscale in my environment, this is really the perfect timing for me, that you released this video 👍👍😁😁
Awesome! Hope it helps a bit 😊
I did like headscale / tailscale, but I needed a LAN-to-LAN solution and headscale seemed to be peer access only. I could be wrong, but I couldn't see a way of configuring LAN-to-LAN.
@@ichilvers“Network routes“ is where you can configure that with Netbird.
Without watching the video, yet, I just wanted to chime in and say that I've tried NetBird, too, but gave up due to me not fully understanding it and it giving me a headache but I'll try it at a later stage when I got more time and I'll happily watch your video, too, to get some help and tips on that matter!
It's like you've been listening to me!
Haha amazing 🤩
hey there. What exactly you had difficulty understanding? And what is your use case, home or work?
@@netbirdio It's for home use, really.
I guess, it was just the combination of multiple factors: Me getting excited jumping ahead, following your guide and maybe leaving it to early.
I'll work on it during the weekend a little further. My main point was (could be HW related!) that Zitadel was awfully slow (want to check out the other options) and I had troubles routing traffic through, for example, Finland (got a server there, where I installed NetBird, too, as well).
I will get back to you after watching this video on looking through your documentation a little more. Honestly, it could've been my fault all the time (I'm currently sick as well, which doesn't make things better if you can't think properly lol).
Thanks for reaching out!
@@playeronthebeat We probbaly need to improve our advanced guide indeed. The quickstart guide should be enough for home use :) Thank you for the feedback!
@@netbirdio Even when I release the ports correctly on my network, the wainting zitadel message keeps loading forever.
I've done everything and I still can't complete the installation.
thank you for this video! you are always reliable! i have often used in my company solutions that you brought us in your videos
Thank you! That's nice to hear :)
I would love to see a video on Zitadel, too!
It would be interesting, however, I'm looking at another IdP solution called authentik, video is coming next week hopefully ;)
@@christianlempa I've heard of that one as well. I'm excited!
@@christianlempaAuthentik is pretty simple and works well. I’d like to try Keycloak too and maybe integrate it with FreeIPA
A short speed comparison between other providers like tailscale and zerotier would be great.
Since it uses the same protocol stack, I didn’t consider doing it. Maybe when I make a comparison video in the future that would be a good addition 👍
I actually found latency to be double of that to tailscale when I did testing by connecting a dallas vps to a chicago vps
@@christianlempayeah speed comparison is not very useful. Since all use WG, a features comparison is more important, because it’s how they differentiate from each other.
@@LtdJorgewell it still matters to some people, and we could definitely see some differences cause tailscale has been doing a lot of optimizations on their wireguard integration for the past years
iirc tailscale provides its own drivers for wg, which leads to better bandwidth, less latency and less cpu overhead
How is this even possible that you coming up with those ideas/problems that I'm currently trying to solve? It integrates with Authentik identity provider as well, that I recently set up! Nice T-shirt by the way. :D
Awesome! Thanks 😊
The thing I love about VPN conversation is that it's nearly always in the context of privacy, on windows devices, while widgets just harvest all of your data and now copilot does the same. Hilarious.
Thx! Definitly need to check this and think to change from my old one ipsec l2tp vpn.
same for me, using raw WireGuard at the moment and the access policy stuff in Netbird seems like a godsent
I was breakin gmy head with this for the last 3 days and when I finally get it to work I see this video lmao. Still learned some tricks. Great stuff.
Daaaaaaaamnnnnnnn this is awesome!!! Thank you so much for this! Gonna try it right away :D
Cool! Let me know how it works for you :)
@@christianlempa unfortunately Zitadel won't start up. Somehow some ports don't seem to be open but I setup NAT correctly. 80 and 443 are open but the others are not... maybe it's a layer 8 issue lol I'll try again sometime later today
Hi Christian,
First off, I just wanted to say great job on the video-it was really informative! I have a quick question: Could you please share the reason you used a wildcard on the DNS record? I’m curious to understand the rationale behind it. 05:31
Thank you! :) Using wildcards is just simpler because I'm lazy and don't have to add entries for each and every service :D
@ Ohhh😂, got it. For some reason I thought it was part of the setup, but I couldn’t find it anywhere on the docs😅. Thanks!
Hi Christian, thanks for this video. Netbird is awesome. I only use 2 internal vm´s as a peer group in the netbird server, that are installed in a separate vlan at home. So I have to define access policies in the netbird server ui and I have to create firewall rules at home in order to communicate with any other systems in my homelab (and in other vlans than the both vm´s) over these 2 vm´s. The advantage is, that I have another layer of security (if someone gets access to your admin-account, he could change the access ruls to any/any, but he can not change my firewall-rules in my homelab) and I only have to install 2 internal netbird-clients.
Unfortunately some features that you described are only available with business subscription (device posture checks), but the self hosting edition is a really cool and secure solution.
How to configure netbird with nginx proxy manager ?
Very useful video, THX Christian.
Thank you! :)
How to update the latest version in Linux if there is an Update notification?
@18:33 - can you make it so the admin has to approve each connection before the client can access the network?
Awesome demo and setup, thanks for the information. Have a great day
Thanks! you too :)
MFA should not be a paid only option IMO, its an essential feature to a program that can access all my systems
It is available in a free plan via your IDP (Google, MS…) You can enable it there and it will be automatically added to NetBird
MFA is available in the free plan for accessing/protecting the netbird server web-ui. The function descriptions are a bit misleading.
@@Glatze603 yeah installed it myself and found that out, kinda shooting themselves in the foot a bit not pointing out what they really mean
6:00 What are you using to do the arrows and green lines?
It's called "ScreenBrush"
I actually use netbird a long time ago anyway great video ❤
Thank you!
Have they fixed the insane battery usage on the iOS client yet?
It would be nice if you disclosed this is a sponsored / ad video... The watermarks on the top right corner is not enough
Absolutely have to agree here, some of the more recent videos have been with either closed source or have anti-features, or they've been sponsored ones, which seem not too unbiased of reviews.
Instantly what i thought as well... he needs to make it way more clear from the start that its an advert.
He said up front in first minutes that this is sponsored..
Agree! I understand the need for making money, but this channel is switching to an advert instead of tech channel...
I’ve done it at multiple places throughout the video, adding a watermark, mentioning it twice in the video (beginning and end), and added the checkmark on YT it includes a promotion.
Please tell me: what else should I have to do in your opinion? Really! Because I don’t know…
great video Christian!
thank you! :)
Hello Christian,
I would be interested in the options for securing the self-hosted version. Whether it is placed in a DMZ or in the LAN, DNAT/PForwarding must be set up in any case, as well as communication in the internal network. Do you have any tips for further security or do you trust the product?
If you don't trust the product/technology there's no reason why you should use it. As this is a critical part of your access control. What I'd do is secure the netbird service as good as possible, adding it to a DMZ (if possible), and adding 2fa to all your users.
Hello Christian any thoughts or recommendations on how to manage netbird through a reverse proxy?
No, yet. Have just tried this self-hosting version :D
Thanks for this video. I've been looking at all the different self hosted options out there. Does netbird work with NGINX Proxy Manager? Also thank you for touching on the routes for connecting to "LAN" resources. Hoping to use this with phones to connect to my pihole instance for on the road DNS filtering. Overall really thorough and well put together video. Keep them coming!
You're welcome ;) I've not tested it with NPM, but I don't see a reason why it shouldn't
The install script fails with:
Creating new Zitadel SPA Cli application
ERROR calling create_service_user_secret_id: User could not be found (QUERY-Dfbg2)
Probably a zitadel issue... :(
This was a great video mate. You gave a lot of clarity about parts I was not aware.
Thank you very much!
I think that I am still wondering is how can I selfhost without being inside a VM, I just want to host it either on baremtal or on a docker which is running on baremetal, not inside a VM.
Let's see if I can tinker enough with the self-hosting starter script enough to make that happen.
Dankeschön!
Sehr gerne! :)
Newbie qüestion, what if you don't have client software for a device?. Is there a client-docker implementation?. Great Video!
You can just download it for nearly all devices, Windows, Linux, Mac, iOS or Android
Came across your channel and liked the videos. very high quality content. It just so happens that there is a cluster of proxmox servers of different configurations at hand. No separate storage. Can you tell me if you have any articles or videos on how to unite different hardware into one convenient interface? How to properly distribute storage and virtual machine management. Thanks in advance!
Thank you so much! :) I've done some videos on Linux Server OS, featuring Proxmox, etc. Maybe that's gonne be helpful
How to make the docker client persistant, so it doesnt disapears after a restart?
Thanks for the video, Any ideas as to how a self-hosted instance of Netbird can secure a Synology NAS?
Good question, I don't have a Synology NAS to test :/
Might have to try this. I've been looking for an alternative to wireguard.
Netbird is controller based Wireguard. The controller does the annoying key exchange for you.
Great vid! Thanks. A tailscale killer?
Thanks! Maybe? :D
I have a proxmox ve server with a public IP, several vms (including a proxmox backupserver) and lxcs which I would like to backup on my local network. Any recommendations what would be the best way to go? In my home network, I also have a proxmox ve Server, local IP, running portainer, truenas, nextcloud and a proxmox backup server. I would like to use the pbs to use my local smb or nfs share to backup and restore my machines vise versa. I guess the easiest way would be, if both proxmox servers are sharing a secure connection? What would be best praxis to solve this? Would netbird be fine for that, or maybe tailscale? Does this hast to be installed only on the PVE host or also on every vm or lxc?
Hi christian, we tried it also on our company, but in out test every user on an domain joined laptop had the same connection and no additional authentication was needed. For us this is a no go. In a zero trust setup every user needs the own connection. Is there a setting to change this?
Greetings christoph
Does this work behind CGNAT? I do not have VPS or public ip. What is the solution?
In that case you can use the free netbird cloud version
Hi Cristian, Truly fantastic application. I would like to use it in my homelab but how can I do it since I use NGINX Proxy Manager which also runs on ports 80 and 443?
Nice! You can technically do that, but I haven't done a test setup yet. Maybe I'll make a video to integrate it into authentik and traefik, but not nginx proxy manager.
@@christianlempa I already did it, TRAEFIK + AUTHENTIK + NETBIRD works! The challenge for me now is NETBIRD + NGINX Proxy Manager, but i know you prefer TRAEFIK :-)
In the ACL can you set up servers to not talk to each other but a set of clients have access to all servers?
Yes! To allow something you have to explicitly allow it via an access rule. All other traffic is denied - these are firewall basics.
I have a question does autohost have limits?
So NetBird is Peer to Peer from my understanding and can provide a secure way for other users to work on the same project. Now CloudFlare can also do the same thing basically right if your hosting your server in via a CloudFlare tunnel however its not just Peer to Peer in CloudFlare making it less secure than NetBird? Am I understanding this right Christian?
🤔🤔
There will be a comparison video at some point
@@christianlempa that's be awesome thank you immensely. I get lost in so many facets of different cloud infrastructure and many can be utilized many ways and it's always awesome to explore the possibilities with them.
Great Video! Thank you again for that!
Glad you enjoyed it!
Hey Christian. Mich würde mal interessieren, als was du arbeitest, also der genaue Fachbereich. Fällt das unter DevOps oder wie ist deine genaue Job Bezeichnung (sofern du nicht vollzeit RUclipsr bist)
Hi! Ich komme aus dem IT Support und bin aktuell als Technical Account Manager angestellt. Allerdings arbeite seit einiger Zeit mehr oder weniger Projekt-basiert was auch viel mit dem Bereich automatisierung, security, usw. zu tun hat. Eventuell werde ich mich da demnächst weiterentwickeln, aber mal sehen... ;)
Thank goodness for this video
Thanks for watching :)
How fast do you think is this when streaming plex while netbird is on and using your mobile data accessing your plex server at home? Tailscale is doable but i have a problem where it buffers and you have to pause it for 3 to 5minutes to download the stream and watch it.?
Netbird uses the same protocol that tailscale uses, so I'd expect it to have similar performance.
how to increase the data transfer speed. I get a max of around 20mbps only
Maybe check with the netbird support
Hey Christian, your face footage at the start of the video (at least) is quite laggy *(
I have to try this!
Serious question: I have setup NetBird on their servers, I’ve added a few peers, but when I connect two peers to NetBird I’m not able to do or reach anything. My phone says, it’s connected to a vpn, but I’m still getting the ip address from my mobile provider, not from my home network. On my server the NetBird client runs as a docker container.. anybody has some ideas?
new to this , its this like a vpn ?
Would be more interesting to see a tutorial on how to use another auth provider instead of zitadel or how to deploy zitadel and then attach netbird so you can actually reuse zitadel.
Since the installation is using docker, could this be done on TrueNAS Scale? I've been trying to get it working but no luck :(
In theory, yes, but since TrueNAS Scale is using Kubernetes, you'll have to write your own charts and so on. It's a bit complicated.
iOS clients no longer able to be set up? Name/Password - perpetual "connecting." Enter setup key - always "invalid"
Awsome video, can you please cover Zitadel using Google as an identity provider?
Can I encrypt the tunnel with a vpn like NordVPN while using this? So I can have it still hidden by my isp
No idea, I haven't used NordVPN yet.
@@christianlempa dang thanks for responding though
So another tailscale?
But with self-hosting officially supported and documented by the company itself.
More like a Headscale server and Tailscale clients.
I'm hosting it locally on my own network, but I don't see any of the tabs on the left sidebar when I log into the admin panel, so I can't proceed with adding a peer. Anyone have any idea why? I'm logged in with the automatically created admin account.
Maybe check out the support community of netbird
I have stopped using Netbird because of the lack of exit nodes... Once implemented, im switching back!
On the roadmap and we are already working on it!
@@netbirdio Niice! TY!
Thank you ! Amazing !
Thanks 😊
Is the self hosted version have all the same features as the cloud version?
Yes
Nope. These are available in the cloud but not in the self-hosted version:
1. Identity provider groups and users sync
2. Event streaming to Datadog and others
3. Peers approval
4. Geo distributed relay servers
5. Posture checks with Crowdstrike
6. User invites (thought, as Christian explained in the video, it can be done with Zitadel)
@@netbirdio 😒Will they be add at somepoint? Do you have plan for non profit or school entities?
@@patrickcasavant-cssmv we haven’t thought about it but it is possible.
For nonprofits and schools all cloud plans have a 50% discount.
@@netbirdio Maybe you shoud change this sentence on the pricing web page. "The self-hosted version is open-source and free to use "without any limitations"."
QQ: Why someone who uses Tailscale would switch to Netbird?
I tried installing Netbird and found out that without a domain and email server I can't use it, I'm stuck there and can't use it anymore :)
@Christian - you change infrastructure security more often then Matt @ The Linux Cast changes distro's! 🤣
Awsome Video!!!! very very nice :)
Thank you very much!
@@christianlempaYou are very much welcome :)
What do you think of putting their selv-hosted server with so many ports open as a webfaced server ?
I am slightly concerned
My connections stops working if i make fw rules for the sites i want to be connected aka source ip. - I recon it can be because of the certificates from Letsencrypt cant check the connection server anymore. and Zitidal is doing somthing too, as it stalled first time installing the server when i forgot to open the ports at before install
I actually think Headscale is better here, as you can make source ip and still working. Tho i am missing the 2FA method there
Thanks again for the video :) :)
Thank you for the video, I`m planning to deploy this solution to have a remote access to clients sites everywhere ,I did test that with a self-hosted server on AWS, I configured a Raspi on my local network to test with, and it`s easily blocked by the snort IPS installed on pfsense. So I imagine it wont work as all our clients have a sophisticated IPS installed.
is netbird secure? my MacOS 14.4 warns me about the client app that is has to be renewed.
Self host when possible. Using a 3rd party to host your VPN endpoints is an obvious security risk.
I must confess I really like Netbird too. However I have had some issues, mainly with LANA to NetBird to LANB routing. I.e. a device on LANA talking to a device on LANB through the NetBird VPN. It only seems to work if the access control default policy is set from all to all, allowing all, which is a shame. I'm sure its a bug, or missing feature, as the UI looks like it should work. Oh Hum. That said I do like NetBird. My favourite VPN solution "would have been" NetMaker, but since features like egress and relay has moved from the CE edition NetBird got one number slot ;-)
Cool! Yeah, Netbird is truly amazing
Better than cloudflare tunnel?
Cloud flare tunnel are for end user not homelab
@@freestudymusic550That´s not correct. I use cloudflare tunnel for homelab, too. It is another technology than netbird, but awesome, too.
Putting MFA behind a paywall is really bad. Why? It makes no sense
It is not behind a paywall. If you use SSO login with Google, MS, Github, etc and enable MFA there, then you will have it in NetBird automatically. Also in the free plan.
The paid one is for accounts with username/password where we will need to configure MFA manually.
hey yooo!
I wish this would rollout into kubernetes
no IPv6 support unfortunately!
It's cool and all, but netbird is severely lacking in documentation - i ended up just reinstalling tailscale
Las Pollos hermanos... Have the same shirt but purple
Awesome 👊
Hello everyone,
I found some more time to test the product. The self-hosted version lacks features. I got a business subscription to test it. That's a joke.
1) If I activate routing, all the firewall rules created are completely ignored. If I deactivate routing, it works again. WTF?
2) User invitations only work halfway. The recipient receives the invitation and has to enter a new password, but the user remains in pending mode after approval. WTF?
3) Any anonymous user can access the web UI and sees a pre-selection of the local users that have already been created. WTF?
Personally, I'm not convinced by the product!
If only VPS was not so expensive :/
I heard hostinger has some good deals right now for black week :D
Here's a video idea for ya:
MacOS: The linux-distro that will make you sad!
Nah, I don't want to fight or argue with the linux community :D
Looks like the OpenZiti product.
just use wireguard and save money - it is the same core tech
Around 8 minutes your screen recording flickers a lot. You are probably using OBS, If you switch to ScreenFlow, You have a way better interface and don't run into those problems.
Oops it is visible on all dark screens.
Love the videos Christian and love trying out the different self hosted videos you put up. I have one question am hoping netbird or yourself can help :P . How can I implement this solution if ports 443 / 80 are in use. IE : Traefik
Doesn't work, but thanks for the video.
Netbird draining iphone battery hard. More than 50% of used battery by netbird.
from my understanding it is glorified and sophisticated tailscale service.
More like competitor
and i am happy using tailscale
A correct wording would be: „Tailscale as well as Netbird are controller based Wireguard services.“ There are several other competitors in this space, e.g. Netmaker.