ContextQMD
Back to Wiretrustee

README

README.md

0.71.310.4 KB
Original Source
<div align="center"> <p align="center"> </p> <p align="center"> <a href="https://sonarcloud.io/dashboard?id=netbirdio_netbird"> 
</a>
<a href="https://github.com/netbirdio/netbird/blob/main/LICENSE">
  
</a>
<a href="https://docs.netbird.io/slack-url">
  
</a>
<a href="https://forum.netbird.io">
  
</a>
<a href="https://gurubase.io/g/netbird">
  
</a>
</p> </div> <p align="center"> <strong> Start using NetBird at <a href="https://netbird.io/pricing">netbird.io</a> 
See <a href="https://netbird.io/docs/">Documentation</a>


Join our <a href="https://docs.netbird.io/slack-url">Slack channel</a> or our <a href="https://forum.netbird.io">Community forum</a>
</strong> <strong> ๐Ÿš€ <a href="https://careers.netbird.io">We are hiring! Join us at careers.netbird.io</a> </strong> </p>

NetBird combines a configuration-free peer-to-peer private network and a centralized access control system in a single platform, making it easy to create secure private networks for your organization or home.

Connect. NetBird creates a WireGuard-based overlay network that automatically connects your machines over an encrypted tunnel, leaving behind the hassle of opening ports, complex firewall rules, VPN gateways, and so forth.

Secure. NetBird enables secure remote access by applying granular access policies while allowing you to manage them intuitively from a single place. Works universally on any infrastructure.

https://github.com/user-attachments/assets/10cec749-bb56-4ab3-97af-4e38850108d2

Self-host NetBird (video)

Key features

ConnectivityManagementSecurityAutomationPlatforms
โœ“ Kernel WireGuardโœ“ Admin Web UIโœ“ SSO & MFA supportโœ“ Public APIโœ“ Linux
โœ“ Peer-to-peer connectionsโœ“ Auto peer discovery and configurationโœ“ Access control: groups & rulesโœ“ Setup keys for bulk provisioningโœ“ macOS
โœ“ Connection relay fallbackโœ“ IdP integrationsโœ“ Activity loggingโœ“ Self-hosting quickstart scriptโœ“ Windows
โœ“ Routes to external networksโœ“ Private DNSโœ“ Traffic eventsโœ“ IdP groups sync with JWTโœ“ Android
โœ“ Domain-based DNS routesโœ“ Custom DNS zonesโœ“ Device posture checksโœ“ Terraform providerโœ“ Android TV
โœ“ Exit nodesโœ“ Multiuser supportโœ“ Peer-to-peer encryptionโœ“ Ansible collectionโœ“ iOS
โœ“ IPv6 dual-stack overlayโœ“ Multi-account profile switchingโœ“ SSH with central access policiesโœ“ Apple TV
โœ“ Browser SSH & RDPโœ“ Quantum-resistance with Rosenpassโœ“ FreeBSD
โœ“ Reverse proxy with auto-TLSโœ“ Periodic re-authenticationโœ“ pfSense
โœ“ OPNsense
โœ“ MikroTik RouterOS
โœ“ OpenWRT
โœ“ Synology
โœ“ TrueNAS
โœ“ Proxmox
โœ“ Raspberry Pi
โœ“ Serverless
โœ“ Container

Quickstart with NetBird Cloud

Quickstart with self-hosted NetBird

This is the quickest way to try self-hosted NetBird. It should take around 5 minutes to get started if you already have a public domain and a VM. Follow the Advanced guide with a custom identity provider for installations with different IdPs.

Infrastructure requirements:

  • A Linux VM with at least 1 CPU and 2 GB of memory.
  • The VM should be publicly accessible on TCP ports 80 and 443 and UDP port 3478.
  • A public domain name pointing to the VM.

Software requirements:

Steps

  • Download and run the installation script:
bash
export NETBIRD_DOMAIN=netbird.example.com; curl -fsSL https://github.com/netbirdio/netbird/releases/latest/download/getting-started.sh | bash

A bit on NetBird internals

  • Every machine in the network runs the NetBird agent, which manages WireGuard.
  • Every agent connects to the Management Service, which holds network state, manages peer IPs, and distributes updates to agents.
  • Agents use ICE (via pion/ice) to discover connection candidates for peer-to-peer connections.
  • Candidates are discovered with the help of STUN servers.
  • Agents negotiate a connection through the Signal Service, exchanging end-to-end encrypted messages with candidates.
  • When NAT traversal fails (e.g. mobile carrier-grade NAT) and a direct p2p connection isn't possible, the system falls back to a Relay Service and a secure WireGuard tunnel is established through it.
<p float="left" align="middle"> </p>

See a complete architecture overview for details.

Community projects

Note: The main branch may be in an unstable or even broken state during development. For stable versions, see releases.

Support acknowledgement

In November 2022, NetBird joined the StartUpSecure program sponsored by the Federal Ministry of Education and Research of the Federal Republic of Germany. Together with the CISPA Helmholtz Center for Information Security, NetBird brings security best practices and simplicity to private networking.

Acknowledgements

We build on open-source technologies like WireGuardยฎ, Pion ICE, and Rosenpass. We greatly appreciate the work these projects are doing, and we'd love it if you could support them too (e.g., by starring or contributing).

This repository is licensed under the BSD-3-Clause license, which applies to all parts of the repository except for the directories management/, signal/ and relay/. Those directories are licensed under the GNU Affero General Public License version 3.0 (AGPLv3). See the respective LICENSE files inside each directory.

WireGuard and the WireGuard logo are registered trademarks of Jason A. Donenfeld.