extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2024-11-07 16:54:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
Connect your devices into a single secure private WireGuard®-based mesh network with SSO/MFA and simple access controls.
410 Commits 127 Branches 193 Tags 196 MiB
Go 98.1%
Shell 1.7%
C 0.1%
87631cbc8b
Go to file
Misha Bragin 87631cbc8b
Replace IP allocation logic (#342) 
The peer IP allocation logic was allocating sequential peer IP from the 100.64.0.0/10 
address block.
Each account is created with a random subnet from 100.64.0.0/10.
The total amount of potential subnets is 64.
The new logic allocates random peer IP
from the account subnet.
This gives us flexibility to add support for
multi subnet accounts without overlapping IPs.
2022-05-29 22:43:39 +02:00
.github/workflows Update MacOS and Windows installers (#325) 2022-05-25 19:41:03 +02:00
client Replace IP allocation logic (#342) 2022-05-29 22:43:39 +02:00
docs Replace README gifs (#332) 2022-05-26 15:53:38 +02:00
encryption Rename module to netbirdio/netbird (#288) 2022-03-26 12:08:54 +01:00
iface Get Device Authorization Flow information from management (#308) 2022-05-08 11:04:57 +02:00
infrastructure_files Add NETBIRD_MGMT_GRPC_API_ENDPOINT support to our scripts (#341) 2022-05-28 20:47:44 +02:00
management Replace IP allocation logic (#342) 2022-05-29 22:43:39 +02:00
release_files Update MacOS and Windows installers (#325) 2022-05-25 19:41:03 +02:00
signal Rebrand client cli (#320) 2022-05-22 18:53:47 +02:00
util Rename module to netbirdio/netbird (#288) 2022-03-26 12:08:54 +01:00
.gitignore Add Settings window to Agent UI 2022-04-15 17:30:12 +02:00
.goreleaser_ui_darwin.yaml Renaming project builds and including new Icons (#318) 2022-05-21 18:42:56 +02:00
.goreleaser.yaml Added Netbird as dependency and renamed linux shortcut name (#330) 2022-05-26 15:29:55 +02:00
AUTHORS chore: update license and AUTHORS 2022-01-19 16:22:40 +01:00
CODE_OF_CONDUCT.md Conduct (#205) 2022-01-26 09:33:16 +01:00
go.mod Replace IP allocation logic (#342) 2022-05-29 22:43:39 +02:00
go.sum Replace IP allocation logic (#342) 2022-05-29 22:43:39 +02:00
LICENSE chore: update license and AUTHORS 2022-01-19 16:22:40 +01:00
README.md Referer README installation steps to docs website (#344) 2022-05-29 22:39:33 +02:00

README.md

🐣 New release! Beta Update May 2022. Learn more


Start using Netbird at app.netbird.io
See Documentation
Join our Slack channel


Netbird is an open-source VPN management platform built on top of WireGuard® making it easy to create secure private networks for your organization or home.

It requires zero configuration effort leaving behind the hassle of opening ports, complex firewall rules, VPN gateways, and so forth.

Netbird creates an overlay peer-to-peer network connecting machines automatically regardless of their location (home, office, datacenter, container, cloud or edge environments) unifying virtual private network management experience.

Key features:

  • Automatic IP allocation and management.
  • Automatic peer (machine) discovery and configuration.
  • Encrypted peer-to-peer connections without a central VPN gateway.
  • Connection relay fallback in case a peer-to-peer connection is not possible.
  • Network management layer with a neat Web UI panel (separate repo)
  • Desktop client applications for Linux, MacOS, and Windows.
  • Multiuser support - sharing network between multiple users.
  • SSO and MFA support.
  • Multicloud and hybrid-cloud support.
  • Kernel WireGuard usage when possible.
  • Access Controls - groups & rules (coming soon).
  • Private DNS (coming soon).
  • Mobile clients (coming soon).
  • Network Activity Monitoring (coming soon).

Secure peer-to-peer VPN with SSO and MFA in minutes

Note: The main branch may be in an unstable or even broken state during development. For stable versions, see releases.

Start using NetBird

See our documentation for Quickstart Guide.

If you are looking to self-host NetBird, check our Self-Hosting Guide.

Step-by-step Installation Guide for different platforms.

Hosted version: https://app.netbird.io/.

Web UI repository.

A bit on Netbird internals

  • Every machine in the network runs Netbird Agent (or Client) that manages WireGuard.
  • Netbird features a Management Service that offers peer IP management and network updates distribution (e.g. when a new machine joins the network others are getting notified if allowed by access controls). Simply put, this service holds the state of the network.
  • Every agent is connected to Management Service.
  • Netbird agent uses WebRTC ICE implemented in pion/ice library to discover connection candidates when establishing a peer-to-peer connection between machines.
  • Connection candidates are discovered with a help of STUN server.
  • Agents negotiate a connection through Signal Service.
  • Signal Service uses public Wireguard keys to route messages between peers. Contents of the messages sent between peers through the signaling server are encrypted with Wireguard keys, making it impossible to inspect them.
  • Sometimes the NAT traversal is unsuccessful due to strict NATs (e.g. mobile carrier-grade NAT) and p2p connection isn't possible. When this occurs the system falls back to a relay server called TURN, and a secure Wireguard tunnel is established via the TURN server.

Coturn is the one that has been successfully used for STUN and TURN in Netbird setups.

See a complete architecture overview for details.

Testimonials: We use open-source technologies like WireGuard®, Pion ICE (WebRTC), and Coturn. We very much appreciate the work these guys are doing and we'd greatly appreciate if you could support them in any way (e.g. giving a star or a contribution).

Product Roadmap

Legal

WireGuard is a registered trademark of Jason A. Donenfeld.