Connect your devices into a single secure private WireGuard®-based mesh network with SSO/MFA and simple access controls.
Go to file
Misha Bragin 06055af361
Super user invites (#483)
This PR brings user invites logic to the Management service
via HTTP API. 
The POST /users/ API endpoint creates a new user in the Idp
and then in the local storage. 
Once the invited user signs ups, the account invitation is redeemed.
There are a few limitations.
This works only with an enabled IdP manager.
Users that already have a registered account can't be invited.
2022-10-13 18:26:31 +02:00
.github/workflows Support custom redirect URIs (#499) 2022-10-12 12:25:46 +02:00
client Disable uninstall message when upgrade is silent (#505) 2022-10-13 15:00:39 +02:00
dns Feature/add nameservers API endpoint (#491) 2022-10-10 11:06:54 +02:00
docs/media Add SSO MFA demo gif (#489) 2022-10-10 11:06:25 +02:00
encryption Make Signal Service listen on a standard 443/80 port instead of 10000 (#396) 2022-07-25 19:55:38 +02:00
iface Improve module load (#470) 2022-09-15 01:26:11 +05:00
infrastructure_files Support custom redirect URIs (#499) 2022-10-12 12:25:46 +02:00
management Super user invites (#483) 2022-10-13 18:26:31 +02:00
release_files Add homebrew bin path on Apple Silicon (#365) 2022-06-20 11:34:24 +02:00
route Add Network ID and rename Prefix to Network (#432) 2022-08-22 14:10:24 +02:00
signal Fix Management and Signal gRPC client stream leak (#482) 2022-09-26 18:02:20 +02:00
util Load user profile when SSH (#380) 2022-07-07 11:24:38 +02:00
.gitignore Update self hosting scripts (#367) 2022-06-24 14:50:14 +02:00
.goreleaser_ui_darwin.yaml Fix checksum conflict and version injection (#409) 2022-08-01 12:20:30 +02:00
.goreleaser_ui.yaml Split goreleaser for UI and parallelized workflow (#405) 2022-07-30 14:44:01 +02:00
.goreleaser.yaml Split goreleaser for UI and parallelized workflow (#405) 2022-07-30 14:44:01 +02:00
AUTHORS chore: update license and AUTHORS 2022-01-19 16:22:40 +01:00
CODE_OF_CONDUCT.md Conduct (#205) 2022-01-26 09:33:16 +01:00
go.mod Super user invites (#483) 2022-10-13 18:26:31 +02:00
go.sum Super user invites (#483) 2022-10-13 18:26:31 +02:00
LICENSE chore: update license and AUTHORS 2022-01-19 16:22:40 +01:00
README.md Add SSO MFA demo gif (#489) 2022-10-10 11:06:25 +02:00

🐣 New release! NetBird Easy SSH. Learn more


Start using NetBird at app.netbird.io
See Documentation
Join our Slack channel


NetBird is an open-source VPN management platform built on top of WireGuard® making it easy to create secure private networks for your organization or home.

It requires zero configuration effort leaving behind the hassle of opening ports, complex firewall rules, VPN gateways, and so forth.

NetBird creates an overlay peer-to-peer network connecting machines automatically regardless of their location (home, office, datacenter, container, cloud or edge environments) unifying virtual private network management experience.

Key features:

  • x] Automatic IP allocation and network management with a Web UI ([separate repo](https://github.com/netbirdio/dashboard))
    
  • x] Automatic WireGuard peer (machine) discovery and configuration.
    
  • x] Encrypted peer-to-peer connections without a central VPN gateway.
    
  • x] Connection relay fallback in case a peer-to-peer connection is not possible.
    
  • x] Desktop client applications for Linux, MacOS, and Windows (systray).
    
  • x] Multiuser support - sharing network between multiple users.
    
  • x] SSO and MFA support. 
    
  • x] Multicloud and hybrid-cloud support.
    
  • x] Kernel WireGuard usage when possible.
    
  • x] Access Controls - groups & rules.
    
  • x] Remote SSH access without managing SSH keys.
    
  • x] Network Routes.  
    
    

Coming soon:

  •  ] Private DNS.
    
  •  ] Mobile clients.
    
  •  ] Network Activity Monitoring.
    
    

Secure peer-to-peer VPN with SSO and MFA in minutes

Note: The main branch may be in an unstable or even broken state during development. For stable versions, see releases.

Start using NetBird

A bit on NetBird internals

  • Every machine in the network runs NetBird Agent (or Client) that manages WireGuard.
  • Every agent connects to Management Service that holds network state, manages peer IPs, and distributes network updates to agents (peers).
  • NetBird agent uses WebRTC ICE implemented in pion/ice library to discover connection candidates when establishing a peer-to-peer connection between machines.
  • Connection candidates are discovered with a help of STUN servers.
  • Agents negotiate a connection through Signal Service passing p2p encrypted messages with candidates.
  • Sometimes the NAT traversal is unsuccessful due to strict NATs (e.g. mobile carrier-grade NAT) and p2p connection isn't possible. When this occurs the system falls back to a relay server called TURN, and a secure WireGuard tunnel is established via the TURN server.

Coturn is the one that has been successfully used for STUN and TURN in NetBird setups.

See a complete architecture overview for details.

Roadmap

Community projects

Testimonials

We use open-source technologies like WireGuard®, Pion ICE (WebRTC), and Coturn. We very much appreciate the work these guys are doing and we'd greatly appreciate if you could support them in any way (e.g. giving a star or a contribution).

WireGuard is a registered trademark of Jason A. Donenfeld.