:hatching_chick: New Release! Peer expiration. Learn more



Start using NetBird at app.netbird.io
See Documentation
Join our Slack channel


**NetBird is an open-source VPN management platform built on top of WireGuard® making it easy to create secure private networks for your organization or home.** It requires zero configuration effort leaving behind the hassle of opening ports, complex firewall rules, VPN gateways, and so forth. NetBird uses [NAT traversal techniques](https://en.wikipedia.org/wiki/Interactive_Connectivity_Establishment) to automatically create an overlay peer-to-peer network connecting machines regardless of location (home, office, data center, container, cloud, or edge environments), unifying virtual private network management experience. **Key features:** - \[x] Automatic IP allocation and network management with a Web UI ([separate repo](https://github.com/netbirdio/dashboard)) - \[x] Automatic WireGuard peer (machine) discovery and configuration. - \[x] Encrypted peer-to-peer connections without a central VPN gateway. - \[x] Connection relay fallback in case a peer-to-peer connection is not possible. - \[x] Desktop client applications for Linux, MacOS, and Windows (systray). - \[x] Multiuser support - sharing network between multiple users. - \[x] SSO and MFA support. - \[x] Multicloud and hybrid-cloud support. - \[x] Kernel WireGuard usage when possible. - \[x] Access Controls - groups & rules. - \[x] Remote SSH access without managing SSH keys. - \[x] Network Routes. - \[x] Private DNS. - \[x] Network Activity Monitoring. **Coming soon:** - \[ ] Mobile clients. ### Secure peer-to-peer VPN with SSO and MFA in minutes https://user-images.githubusercontent.com/700848/197345890-2e2cded5-7b7a-436f-a444-94e80dd24f46.mov **Note**: The `main` branch may be in an *unstable or even broken state* during development. For stable versions, see [releases](https://github.com/netbirdio/netbird/releases). ### Start using NetBird - Hosted version: [https://app.netbird.io/](https://app.netbird.io/). - See our documentation for [Quickstart Guide](https://netbird.io/docs/getting-started/quickstart). - If you are looking to self-host NetBird, check our [Self-Hosting Guide](https://netbird.io/docs/getting-started/self-hosting). - Step-by-step [Installation Guide](https://netbird.io/docs/getting-started/installation) for different platforms. - Web UI [repository](https://github.com/netbirdio/dashboard). - 5 min [demo video](https://youtu.be/Tu9tPsUWaY0) on YouTube. ### A bit on NetBird internals - Every machine in the network runs [NetBird Agent (or Client)](client/) that manages WireGuard. - Every agent connects to [Management Service](management/) that holds network state, manages peer IPs, and distributes network updates to agents (peers). - NetBird agent uses WebRTC ICE implemented in [pion/ice library](https://github.com/pion/ice) to discover connection candidates when establishing a peer-to-peer connection between machines. - Connection candidates are discovered with a help of [STUN](https://en.wikipedia.org/wiki/STUN) servers. - Agents negotiate a connection through [Signal Service](signal/) passing p2p encrypted messages with candidates. - Sometimes the NAT traversal is unsuccessful due to strict NATs (e.g. mobile carrier-grade NAT) and p2p connection isn't possible. When this occurs the system falls back to a relay server called [TURN](https://en.wikipedia.org/wiki/Traversal_Using_Relays_around_NAT), and a secure WireGuard tunnel is established via the TURN server. [Coturn](https://github.com/coturn/coturn) is the one that has been successfully used for STUN and TURN in NetBird setups.

See a complete [architecture overview](https://netbird.io/docs/overview/architecture) for details. ### Roadmap - [Public Roadmap](https://github.com/netbirdio/netbird/projects/2) ### Community projects - [NetBird on OpenWRT](https://github.com/messense/openwrt-netbird) - [NetBird installer script](https://github.com/physk/netbird-installer) ### Support acknowledgement In November 2022, NetBird joined the [StartUpSecure program](https://www.forschung-it-sicherheit-kommunikationssysteme.de/foerderung/bekanntmachungen/startup-secure) sponsored by The Federal Ministry of Education and Research of The Federal Republic of Germany. Together with [CISPA Helmholtz Center for Information Security](https://cispa.de/en) NetBird brings the security best practices and simplicity to private networking. ![CISPA_Logo_BLACK_EN_RZ_RGB (1)](https://user-images.githubusercontent.com/700848/203091324-c6d311a0-22b5-4b05-a288-91cbc6cdcc46.png) ### Testimonials We use open-source technologies like [WireGuard®](https://www.wireguard.com/), [Pion ICE (WebRTC)](https://github.com/pion/ice), and [Coturn](https://github.com/coturn/coturn). We very much appreciate the work these guys are doing and we'd greatly appreciate if you could support them in any way (e.g. giving a star or a contribution). ### Legal _WireGuard_ and the _WireGuard_ logo are [registered trademarks](https://www.wireguard.com/trademark-policy/) of Jason A. Donenfeld.