Once again, what is this for unless you are behind some CGNAT and want to host the controller on VPS?
For most users at home selfhosting plain Wireguard or WG-EZ is more simple option, just NAT one port thats it.
With Netbird you have to spin up the controller and NAT 1000 ports, worry about secuirty of it all
Netbird seems better on security when it comes to self-hositng. https://www.reddit.com/r/selfhosted/comments/1fdly7y/why_ive_decided_against_headscale/
If someone accesses the control plan in headscale all your devices are toast
Well I was using netbird until the last update break everything, everytime they update something breaks, but they said everything would work the same.
The problem is that self-host there is not a lot of alternatives
I agree, I get that those solutions are easy, but they are not about self hosting and both Cloudflare and Tailscale lock you into their solution.
Does this bypass CGNAT if run on your home server? Do you have to pair with a VPS?
While I get your point, this weird gatekeepery take you bring forward always irks me (in whatever direction) “This is not like real you know? Because real is only what is up to my standards. Everyone who doesn’t do things the way I do them is a shill and a noob and this sub is soo lost because of those peasants not being up to my standards”
How does it not work? By the way there seems to be an alternative open source client for android.
I found getting certs going on Android to be a massive pita on Nebula about a year ago. Has that gotten any better?
I could never get it to work behind Traefik. They have recently moved away from the TURN server but their documentation hasn’t been updated. Well at least last time I checked it wasn’t updated.
I looked at Netbird for this exact use case but all of the install guides wanted a much larger VPS to get started. Would you mind sharing your netbird setup to squeeze it into a smaller (aka free tier) VPS?
What’s the issue with their app?
It solves for the scenario where you have many devices at different locations but you want to keep a consistent VPN connection no matter the WAN network changes. If that is not an issue or use case for you, then you don’t need it.
I haven’t looked closely at netbird in a while, but the idea is you make a mesh of interconnected endpoints that can communicate directly with each other and traverse NAT without port forwarding in between. It is pretty convenient, depending on your needs.
Different than a lot of other wireguard management interfaces, this one provides sso for the users authenticating to use the vpn. Most of the others when they say sso, they mean when logging onto the management dashboard, not when using the vpn. They just use the vpn with a regular wireguard config and cert using any standard wireguard client. Netbird (and netscale etc) have to use their own client because authentication is baked in. Their server will not accept a connection without authenticating either. It’s also somewhat unique in that, its SSO support is also open source and included for self hosting. No SSO tax.
So if you have users in an idP, in theory they could just start using the vpn without you creating any configs at all, taking all the necessary auth info from your idP.
While the Tailscale client is Open Source, the control plain is not. You can use Headscale for the control plane but it’s not as full featured. Netbird has an open source client and self hostable control plane.
Yes, for people with simple needs and not behind CGNAT I would suggest Wireguard or OpenVPN. But for lots of people that don’t have public IP and or have multiple sites this is a great solution.
Can you tell me why you say they are locking you in and netbird isn’t? To me all three are simply one docker container on host and an app on the client.
I’ve been looking at Headscale and Netbird for self hosting. I will for sure check out your video. I like that tailscale at least did some of the heavy lifting for steam deck users, which is why I’ve looked at Headscale.
No they don’t. They really don’t. I mean… they are trying to, but what specifically are they doing that makes any setup that used them before incompatible with any other solution to do reverse proxying and VPNs?
Do you have to pair with a VPS?
It’s real selfhosting so yeah. You need a VPS not under CGNAT to coordinate all your clients under the CGNAT (also for the relay feature).
That’s unavoidable but there are cheap VPS solutions. A coordination server does not use the same bandwidth as a relay server.