c20f98c8b6
* ACL firewall manager fix/improvement Fix issue with rule squashing, it contained issue when calculated total amount of IPs in the Peer map (doesn't included offline peers). That why squashing not worked. Also this commit changes the rules apply behaviour. Instead policy: 1. Apply all rules from network map 2. Remove all previous applied rules We do: 1. Apply only new rules 2. Remove outdated rules Why first variant was implemented: because when you have drop policy it is important in which order order you rules are and you need totally clean previous state to apply the new. But in the release we didn't include drop policy so we can do this improvement. * Print log message about processed ACL rules |
||
---|---|---|
.github | ||
base62 | ||
client | ||
dns | ||
docs/media | ||
encryption | ||
formatter | ||
iface | ||
infrastructure_files | ||
management | ||
release_files | ||
route | ||
sharedsock | ||
signal | ||
util | ||
version | ||
.gitignore | ||
.goreleaser_ui_darwin.yaml | ||
.goreleaser_ui.yaml | ||
.goreleaser.yaml | ||
AUTHORS | ||
CODE_OF_CONDUCT.md | ||
CONTRIBUTING.md | ||
CONTRIBUTOR_LICENSE_AGREEMENT.md | ||
go.mod | ||
go.sum | ||
LICENSE | ||
README.md | ||
SECURITY.md |
🐣 New Release! Peer expiration. Learn more
Start using NetBird at app.netbird.io
See Documentation
Join our Slack channel
NetBird is an open-source VPN management platform built on top of WireGuard® making it easy to create secure private networks for your organization or home.
It requires zero configuration effort leaving behind the hassle of opening ports, complex firewall rules, VPN gateways, and so forth.
NetBird uses NAT traversal techniques to automatically create an overlay peer-to-peer network connecting machines regardless of location (home, office, data center, container, cloud, or edge environments), unifying virtual private network management experience.
Key features:
-
x] Automatic IP allocation and network management with a Web UI ([separate repo](https://github.com/netbirdio/dashboard))
-
x] Automatic WireGuard peer (machine) discovery and configuration.
-
x] Encrypted peer-to-peer connections without a central VPN gateway.
-
x] Connection relay fallback in case a peer-to-peer connection is not possible.
-
x] Desktop client applications for Linux, MacOS, and Windows (systray).
-
x] Multiuser support - sharing network between multiple users.
-
x] SSO and MFA support.
-
x] Multicloud and hybrid-cloud support.
-
x] Kernel WireGuard usage when possible.
-
x] Access Controls - groups & rules.
-
x] Remote SSH access without managing SSH keys.
-
x] Network Routes.
-
x] Private DNS.
-
x] Network Activity Monitoring.
Coming soon:
-
] Mobile clients.
Secure peer-to-peer VPN with SSO and MFA in minutes
https://user-images.githubusercontent.com/700848/197345890-2e2cded5-7b7a-436f-a444-94e80dd24f46.mov
Note: The main
branch may be in an unstable or even broken state during development.
For stable versions, see releases.
Start using NetBird
- Hosted version: https://app.netbird.io/.
- See our documentation for Quickstart Guide.
- If you are looking to self-host NetBird, check our Self-Hosting Guide.
- Step-by-step Installation Guide for different platforms.
- Web UI repository.
- 5 min demo video on YouTube.
A bit on NetBird internals
- Every machine in the network runs NetBird Agent (or Client) that manages WireGuard.
- Every agent connects to Management Service that holds network state, manages peer IPs, and distributes network updates to agents (peers).
- NetBird agent uses WebRTC ICE implemented in pion/ice library to discover connection candidates when establishing a peer-to-peer connection between machines.
- Connection candidates are discovered with a help of STUN servers.
- Agents negotiate a connection through Signal Service passing p2p encrypted messages with candidates.
- Sometimes the NAT traversal is unsuccessful due to strict NATs (e.g. mobile carrier-grade NAT) and p2p connection isn't possible. When this occurs the system falls back to a relay server called TURN, and a secure WireGuard tunnel is established via the TURN server.
Coturn is the one that has been successfully used for STUN and TURN in NetBird setups.
See a complete architecture overview for details.
Roadmap
Community projects
Support acknowledgement
In November 2022, NetBird joined the StartUpSecure program sponsored by The Federal Ministry of Education and Research of The Federal Republic of Germany. Together with CISPA Helmholtz Center for Information Security NetBird brings the security best practices and simplicity to private networking.
Testimonials
We use open-source technologies like WireGuard®, Pion ICE (WebRTC), and Coturn. We very much appreciate the work these guys are doing and we'd greatly appreciate if you could support them in any way (e.g. giving a star or a contribution).
Legal
WireGuard and the WireGuard logo are registered trademarks of Jason A. Donenfeld.