Hey Jim! One of our users just shared this video with us. Somehow we missed it. We had a few users that struggled to set up NetBird behind a proxy and had a few issues with Authentik. This video will be definitely useful for these users and the whole NetBird community. Thank you so much for making amazing content! 🎉
So we can not create sub-accounts nor separate networks? why do the open source version is so limited? I will be more than happy to paid a license to be able to have more options !
@@GpconnectInfohotspot It is not possible to create sub accounts and separate networks within one org account in the cloud version too. What is your use case for that?
I discovered this channel about 1.5 months ago. Excellent content and it really helped with improving my homelab. From all homelab channels, it is the best one I have seen so far. Setting up a self hosted VPN was the next step (searched for it an hour ago). Nice to piggyback of your work instead of figuring it out myself.
Jim - you have absolutely some of the best tutorials on YT and do a great job. I would agree with one other comment - I do not use Traefik nor do I have your knowledge and expertise. For me, the Traefik integration makes it difficult for me to implement. However, I completely understand that is your setup so that is how you have it setup. Keep up the great work.
@@ellieminette6463 very kind, thanks. I get it, it's hard to please everyone. For those who need it they can just run the script, albeit it's likely to replicate much of what you already have. Plus, even if you don't do it this way many of the things the script does are still relevant to my explanation.
@@Jims-Garage I really like it. It helps that the clients feel polished, but between setting up my policies, routes and groups I’m really happy with how it’s working. I’ll be sticking with it for the foreseeable future. 😄
@@Jims-Garage aha yeah, that’d be a pain. Im on my iPhone rotation this year. Haven’t tested an actual exit node on it yet but the defined routes work a treat.
Hi Jim. Thank you for your channel. It was one of the things why I decided to start my home server journey. It’s absolutely fantastic to have comprehensive information how to setup things. My setup is going great and growing every day. One thing I’m struggling now is how to structure my network regarding I’m being CGNAT. Your videos about NetBird and Headscale helped a lot. Could you consider to make a video for newbies with general overview how to structure setup for those pure things stucked without port forwarding. E.g. you have your docker containers, their networks, network of Proxmox VM, your Opnsense/Pfsense and VPS for self hosting NetBird/Headscale and maybe few more things in docker. How to configure flow of data, do you need to have reverse proxy at home and/or at VPS in this setup, do you need DMZ and so on. Just traffic flow and general structure, considering that all vms and basic networks already set up. It sounds like a lot but such video would be a lifesaver for those who just starting out and don’t understand why one needs certain things.
Jim, I'm so glad I watched this video. I have just replaced our works 90 user tailscale that was costing a lot per month per user. I have it set up with a postgres back end and using gsuite for auth, its working brilliantly.
@@Jims-Garage I haven't tested performance yet but I will. Its main role is just to allow access to a couple of applications, for the majority, hosted in Google cloud. For devs and it admin, we 781 Google VMs!
FYI - Cloudflare users need to set "Allow gRPC connections to your origin server" to "On" under "Network" for the relevant domain. Without that I get an error on the netbird client: "failed while getting Management Service public key".
I just found this channel while searching yt for tutorials. This is my first home server. What setup/tutorials of yours should I start out with. Ive installed dockge and a few containers such as dashy, audiobookshelf, etc. I'm feeling overwhelmed but I like a good puzzle.
Hey, welcome to the channel. Most of the early videos are sequential so start with those. Worth setting up a proxy and putting some security in place before you start opening up services to the web (Traefik, CrowdSec, Authentik etc).
The documentation and app itself looks great but with your presentation was even better. Do you use Tailscale still Jim or you are fully on Netbird now?
Hi Jim, I am about to start with Netbird. First need to check some more basic boxes I missed, like Authentik. My idea is to share the VPN with some family and close friends. To do that I also need to expose the Authentik service to internet right? Do you have any recommendation or tip on that? Cheers!
Hi Jim, thanks for another awesome video. I did setup netbird, authentik works but dashboard just stuck on loading, I saw several people had that issue too, did you notice same kind of issue yourself?
Thanks Jim. I did double check and it looks OK. Authentik only shows successful logins for the Netbird user and the container logs do not have anything suspicious. There is also a github issue raised that is matching the symptoms but they talk more about cert issues - none in my logs. Will try to build it without traefik and see.
managed to solve this with a few tweaks but I believe the main one was adding "@docker" at the end of "traefik.http.routers.netbird-management.service=netbird-management" label. I noticed an error in the logs of traefik after I rebooted the container - it could not find the IP
18:06, nope, won't log in. I see the pulsating orange vertical lines on black background, then it redirects to Authentik for a second, then back to the orange lines, but then I just get a 404 error and it remains stuck on the black page with orange lines. :/
@@kbsao5 I eventually gave up on self-hosting anything as I couldn't get this to work with Authentik, and without remote access, it's of little use in my specific circumstances. One day I'll try again but for now, I don't have the time/energy, and there isn't any support available anywhere. Headscale might be an easier option for a self-hosted VPN.
Shut down, delete and redeploy (if you have a volume mapped you won't lose the data). Otherwise you can use docker pull, or something like watchtower which I've recently covered (auto update).
I have struggled a lot with the coturn server as well. I get this repeated log error: "bind: Address already in use Cannot bind local socket to addr: Address already in use 2: (1): WARNING: Trying to bind fd 348 to : errno=98 2: (1): WARNING: Cannot bind DTLS/UDP listener socket to addr 127.0.0.1:3478 2: (1): INFO: Trying to bind DTLS/UDP listener socket to addr 127.0.0.1:3478, again..." Everything else is workning and I can follow along with all the instructions in the video. It is also possible to ping the different peers as log as the are in the same LAN but as soon as I turn off WiFi in my android phone, I can no longer ping the other peers 😞 and vice versa. Any suggestions where to look/troubleshoot is most appreciated.
One question, why in the exit node configuration it only allows me to choose the UBUNTU machine and not the other one, for example the Windows machine?
"I see the pulsating orange vertical lines on black background, then it redirects to Authentik for a second, then back to the orange lines, but then I just get a 404 error and it remains stuck on the black page with orange lines." Hello. I'm having a login problem. The error that appears is 404. I've already reviewed all the settings, but I didn't find anything wrong. I'm using Oracle Cloud. Do you have any idea what it could be?
Hi James. Once again thanks for another great video. I’d very much like to hear your thoughts on restricting external access to something like this with the addition of hardware attestation. Would you have any thoughts on combining something like a yubbikey with an internal Certificate authority, proxy and Authentik for self hosted VPN access? Your thoughts critical or otherwise would be valued but either way thanks again for another great video they are appreciated
You're most welcome. To start with you can copy and paste my configs. Once it works I'd start subbing out values e.g., keys etc (you'll need to change domain name regardless).
Hey, how do you use the exit node funcion to create a self hosted VPN at home, so I can connect to it from anywhere else? I tried setting up one myself but nothing shows up in the exit nodes routes tab on a peer laptop?
Hi Jim, great channel. If one puts this on a small VPS, and have all other homelab servers/containers at home behind a cgnat / opnsense box, would this work ? I am thinking of a scenario like you presented some time ago for the headscal/tailscale solution. Thanks for your interesting videos !
thanks again for your tutorials. i am running the single traefik approach with the -external labels. however i am unable to access netbird UI using my mobile phone (authentication error). it seems that the redirection is not working correctly. i must say, that my current router does not support nat hairpin, so i used unbound to create a corresponding a-record. any hint?
@@Jims-Garage . the only errors i have are in traefik.log, : ERR error="service \"netbird-management\" error: unable to find the IP address for the container \"/artifacts-management-1\": the server is ignored" container=management-artifacts-a5c7289b9ce0b02a37a594871dd78df1a9f5f19d409744b2c2bb3fbc44b2a5ba providerName=docker 2024-08-01T19:45:50+03:00 ERR error="service \"api\" error: unable to find the IP address for the container \"/artifacts-management-1\": the server is ignored" container=management-artifacts-a5c7289b9ce0b02a37a594871dd78df1a9f5f19d409744b2c2bb3fbc44b2a5ba providerName=docker any hint?
@@ramomammah yes. Add the record in Cloudflare or any supported domain registrar and then configure DDNS to keep it up to date (there are specific docker containers for it and can also be done with firewalls that support it)
The current lack of BSD support makes it difficult to integrate with OPNsense and other similar firewalls.. Edit: they _do_ have BSD, pfsense and opnsense on their roadmap, but it doesn't seem like it's very active. They seem to have some initial support for BSD, but it looks like you're building it from source, which isn't super helpful.
I agree, same with Android mobile and exit nodes. They're a small team but they've achieved a lot so far. Fingers crossed they deliver, would be ace to have it in OPNSense.
This limitation is exactly why I passed over Netbird when first seeing their product about a year ago. I'm hopeful they will eventually have OPNsense support, though!
I have struggled a lot with the coturn container. I get this repeated log error: "bind: Address already in use Cannot bind local socket to addr: Address already in use 2: (1): WARNING: Trying to bind fd 348 to : errno=98 2: (1): WARNING: Cannot bind DTLS/UDP listener socket to addr 127.0.0.1:3478 2: (1): INFO: Trying to bind DTLS/UDP listener socket to addr 127.0.0.1:3478, again..." Everything else is workning and I can follow along with all the instructions in the video. It is also possible to ping the different peers as long as they are in the same LAN but as soon as I turn off WiFi in my android phone, I can no longer ping the other peers 😞 and vice versa. I also loose the connection to the netbird admin page as soon as I connect the Netbird client on my Windows maskin. Can this also be part of the newely released client problem or is this something else?
Can someone here help me i did everything like the video, and i tried on my phone outside from my home network and it connects but none of my computers inside my network connect. the problem seems to be with port 33080 the relay one i dont have a redirect anywere so why does it work from the outside and from inside it doesnt work?
They're completely different types of VPNs, one is point to point (Unifi) and the other is a mesh. It depends what you want. Both should be equally performant.
I am curious if anyone has done a performance comparison between this and headscale? I put about 200 nodes on a single headscale tailnet using an AWS EC2 m5.xlarge (4 VCPUs) and the CPU started cooking, I was able to mitigate this a bit, but i have never really tried NetBird
@@user-qh5zz7dy1h I like them both, but I prefer Authentik for a homelab as it has the proxy option for all the homelab apps that don't support oauth2.
Has anyone done a speed test of WireGuard vs NetBird? I’m asking as I’ve used both but with different implementations, self hosted vs cloud. And I did notice a speed difference. But I’d like to know the difference with both self hosted.
I tried it for a couple of weeks then gave up - management interface etc all fine and could connect clients, but they couldn't ping each other unless on the same LAN, which was kinda the point! Seemed to be mainly issues around the coturn server not working properly but I gave up in the end.
I got the same result, really unfortunate when seeing how well it can work. I have tried both with and without forwarded ports in the Firewall, no difference. It was not mentioned in the video if it is necessary or not when using it behind Traefik.
Currently trying to setup netbird on oracle hub and spoke network and connect to home network.....its not easy lol would be absolutely baller if you had a tutorial of this sometime 💀
Was meaning to ask on the headscale video and forgot, but would it be possible to include docker compose files that do not have all the traefik stuff. I think alot of people including myself use NPM and it would be easier to follow along with a file like that, not just this video but there have been others. Up to you only ask you to consider this.@@Jims-Garage
@@Jims-Garage I can only install it as a docker stack. And that is Netbird only. All other things you show in the video dont work. And after it runs i cant acces lan from outside.
Sorry but netbird is $hit... It have so much issues that this is not production ready and not something I want to use in any scenario. Still Tailscale wins, Netbird s*cks. Tailscale also has amazing support, Netbird is just a toy for kids with no support, any support.
They encourage people to join their slack channel for support…but the invite has been expired for some time. They have a Reddit page…but posting is not permitted, and no new posts in almost a year. There are no organized places to even ask peers for support! So frustrating when some of the docs are vague or too advanced for newbies.
Hey Jim! One of our users just shared this video with us. Somehow we missed it. We had a few users that struggled to set up NetBird behind a proxy and had a few issues with Authentik. This video will be definitely useful for these users and the whole NetBird community. Thank you so much for making amazing content! 🎉
@@netbirdio that's great to hear, appreciate the feedback
So we can not create sub-accounts nor separate networks? why do the open source version is so limited? I will be more than happy to paid a license to be able to have more options !
@@GpconnectInfohotspot It is not possible to create sub accounts and separate networks within one org account in the cloud version too. What is your use case for that?
@@GpconnectInfohotspot This isn't possible in the cloud too. What is your use case? MSP?
I discovered this channel about 1.5 months ago. Excellent content and it really helped with improving my homelab. From all homelab channels, it is the best one I have seen so far.
Setting up a self hosted VPN was the next step (searched for it an hour ago). Nice to piggyback of your work instead of figuring it out myself.
Welcome aboard! Thanks for the kind feedback.
Spot on comment! 👌
Jim - you have absolutely some of the best tutorials on YT and do a great job. I would agree with one other comment - I do not use Traefik nor do I have your knowledge and expertise. For me, the Traefik integration makes it difficult for me to implement. However, I completely understand that is your setup so that is how you have it setup. Keep up the great work.
@@ellieminette6463 very kind, thanks. I get it, it's hard to please everyone. For those who need it they can just run the script, albeit it's likely to replicate much of what you already have. Plus, even if you don't do it this way many of the things the script does are still relevant to my explanation.
Hah I just the day before implemented Netbird for my own network, and loving it so far. Good video.
@@pandie_me awesome, how are you finding it?
@@Jims-Garage I really like it. It helps that the clients feel polished, but between setting up my policies, routes and groups I’m really happy with how it’s working. I’ll be sticking with it for the foreseeable future. 😄
@@pandie_me me too. Just wish Android client supported exit nodes...
@@Jims-Garage aha yeah, that’d be a pain. Im on my iPhone rotation this year. Haven’t tested an actual exit node on it yet but the defined routes work a treat.
Hi Jim. Thank you for your channel. It was one of the things why I decided to start my home server journey. It’s absolutely fantastic to have comprehensive information how to setup things. My setup is going great and growing every day. One thing I’m struggling now is how to structure my network regarding I’m being CGNAT. Your videos about NetBird and Headscale helped a lot. Could you consider to make a video for newbies with general overview how to structure setup for those pure things stucked without port forwarding. E.g. you have your docker containers, their networks, network of Proxmox VM, your Opnsense/Pfsense and VPS for self hosting NetBird/Headscale and maybe few more things in docker. How to configure flow of data, do you need to have reverse proxy at home and/or at VPS in this setup, do you need DMZ and so on. Just traffic flow and general structure, considering that all vms and basic networks already set up. It sounds like a lot but such video would be a lifesaver for those who just starting out and don’t understand why one needs certain things.
Thanks for the video, Jim! Regards from Chile
You are welcome!
Outstanding trainings on this channel. Subbed! Please keep it up!
Awesome, thank you!
Jim, I'm so glad I watched this video. I have just replaced our works 90 user tailscale that was costing a lot per month per user. I have it set up with a postgres back end and using gsuite for auth, its working brilliantly.
That's amazing and equally daunting! Really interested to hear how this works out. What's performance like?
@@Jims-Garage I haven't tested performance yet but I will. Its main role is just to allow access to a couple of applications, for the majority, hosted in Google cloud. For devs and it admin, we 781 Google VMs!
FYI - Cloudflare users need to set "Allow gRPC connections to your origin server" to "On" under "Network" for the relevant domain. Without that I get an error on the netbird client: "failed while getting Management Service public key".
Thank you so much for this comment. Hero!
I just found this channel while searching yt for tutorials. This is my first home server. What setup/tutorials of yours should I start out with. Ive installed dockge and a few containers such as dashy, audiobookshelf, etc. I'm feeling overwhelmed but I like a good puzzle.
Hey, welcome to the channel. Most of the early videos are sequential so start with those. Worth setting up a proxy and putting some security in place before you start opening up services to the web (Traefik, CrowdSec, Authentik etc).
@@Jims-Garage perfect, I will start there. Thank you for your direction.
Thanks Jim. I'll give it a test against wireguard this weekend.
Jim excellent video... I have my own issues using NGNPM but I'll work on a resolution there. Thanks!
@@Sapious1 thanks 👍
The documentation and app itself looks great but with your presentation was even better. Do you use Tailscale still Jim or you are fully on Netbird now?
I'm trialling netbird, so far so good.
Thanks for the great video.
Waiting for a Kubernetes deployment reference, How soon will you create a video for that?
Hi Jim, I am about to start with Netbird. First need to check some more basic boxes I missed, like Authentik. My idea is to share the VPN with some family and close friends. To do that I also need to expose the Authentik service to internet right? Do you have any recommendation or tip on that? Cheers!
Hi there.. one more awesome tutorial!
Glad you liked it! Thanks.
Nice but a bit diffucult when deploing in your homelab behind traefik and authentik. I prefer using it on a small vps.
Yes, I get that, makes sense in many ways. Good to have both options.
Hi Jim, thanks for another awesome video. I did setup netbird, authentik works but dashboard just stuck on loading, I saw several people had that issue too, did you notice same kind of issue yourself?
@@omerta3393 thanks, which dashboard?
I have the same issue. First time I try to open Netbird, it just hangs at the "Peers - NetBird Dashboard" page title and /peers web address.
@@dionisierus5055 do you have all of the domains, subdomains setup? Double checked the config for Authentik?
Thanks Jim. I did double check and it looks OK. Authentik only shows successful logins for the Netbird user and the container logs do not have anything suspicious.
There is also a github issue raised that is matching the symptoms but they talk more about cert issues - none in my logs.
Will try to build it without traefik and see.
managed to solve this with a few tweaks but I believe the main one was adding "@docker" at the end of "traefik.http.routers.netbird-management.service=netbird-management" label. I noticed an error in the logs of traefik after I rebooted the container - it could not find the IP
18:06, nope, won't log in. I see the pulsating orange vertical lines on black background, then it redirects to Authentik for a second, then back to the orange lines, but then I just get a 404 error and it remains stuck on the black page with orange lines. :/
Check your Traefik labels for a typo, I initially had that issue.
I'm having the same problem. How did you resolve this?
@@kbsao5 I eventually gave up on self-hosting anything as I couldn't get this to work with Authentik, and without remote access, it's of little use in my specific circumstances. One day I'll try again but for now, I don't have the time/energy, and there isn't any support available anywhere.
Headscale might be an easier option for a self-hosted VPN.
Great video Jim. How do you update (to the latest container image) of this stack in docker?
Shut down, delete and redeploy (if you have a volume mapped you won't lose the data). Otherwise you can use docker pull, or something like watchtower which I've recently covered (auto update).
Nice video, just watched your other headscale/tailscale video... hmm... how would you compare twingate and netbird?
@@GundamExia88 thanks. I'm yet to look into twingate, it's on the list though.
Trying to understand why my coturn server is not working
I have struggled a lot with the coturn server as well. I get this repeated log error:
"bind: Address already in use
Cannot bind local socket to addr: Address already in use
2: (1): WARNING: Trying to bind fd 348 to : errno=98
2: (1): WARNING: Cannot bind DTLS/UDP listener socket to addr 127.0.0.1:3478
2: (1): INFO: Trying to bind DTLS/UDP listener socket to addr 127.0.0.1:3478, again..."
Everything else is workning and I can follow along with all the instructions in the video. It is also possible to ping the different peers as log as the are in the same LAN but as soon as I turn off WiFi in my android phone, I can no longer ping the other peers 😞 and vice versa.
Any suggestions where to look/troubleshoot is most appreciated.
what are the advantages over other solutions?
@@ponbcka it's self hosted and very easy to administrate via the included web gui
Hello Jim ! Nice video !
On my end, I like Twingate. Why would you choose this instead of Twingate ? ;)
See ya !
@@avidflyer17 thanks. No idea 😂 I'm yet to investigate. I'll put on the list!
One question, why in the exit node configuration it only allows me to choose the UBUNTU machine and not the other one, for example the Windows machine?
On the windows machine, add it as an exit node
"I see the pulsating orange vertical lines on black background, then it redirects to Authentik for a second, then back to the orange lines, but then I just get a 404 error and it remains stuck on the black page with orange lines."
Hello.
I'm having a login problem.
The error that appears is 404.
I've already reviewed all the settings, but I didn't find anything wrong.
I'm using Oracle Cloud.
Do you have any idea what it could be?
404 is not found. Make sure you have the redirect set correctly, DNS matches and ports are forwarded.
Hi James. Once again thanks for another great video. I’d very much like to hear your thoughts on restricting external access to something like this with the addition of hardware attestation. Would you have any thoughts on combining something like a yubbikey with an internal Certificate authority, proxy and Authentik for self hosted VPN access?
Your thoughts critical or otherwise would be valued but either way thanks again for another great video they are appreciated
here we go =D
Lets see if with your help i can set this up
thanks for the excelent content
You're most welcome. To start with you can copy and paste my configs. Once it works I'd start subbing out values e.g., keys etc (you'll need to change domain name regardless).
@@Jims-Garage the problem is that im using NGXPM and i can't make it work =(
Nice, been waiting for this. Have you heard about defguard?
Only in discord, it's on the list
defguard looks interesting, too!
Great! Thanks!
You're welcome!
Hey, how do you use the exit node funcion to create a self hosted VPN at home, so I can connect to it from anywhere else? I tried setting up one myself but nothing shows up in the exit nodes routes tab on a peer laptop?
On the node you want you need to advertise as exit node then add a route as I show in the video.
Netbird is nice but their mobile clients are still rough, but in 1-2 years its gonna be wild. 😁
@@EDIIIZ yeah, seems to be some truth in that
Hi Jim, great channel. If one puts this on a small VPS, and have all other homelab servers/containers at home behind a cgnat / opnsense box, would this work ? I am thinking of a scenario like you presented some time ago for the headscal/tailscale solution. Thanks for your interesting videos !
Yes, this is a perfect solution for cirumventing the limitations of CGNAT.
Thanks, just to clarify: Traefik only on the VPS, open relevant ports at my local opnsense, and my local lan would be the "proxy" subnet ?
thanks again for your tutorials.
i am running the single traefik approach with the -external labels. however i am unable to access netbird UI using my mobile phone (authentication error). it seems that the redirection is not working correctly. i must say, that my current router does not support nat hairpin, so i used unbound to create a corresponding a-record.
any hint?
@@TheXalloumi anything in the logs? Usually it's a config error
@@Jims-Garage . the only errors i have are in traefik.log, :
ERR error="service \"netbird-management\" error: unable to find the IP address for the container \"/artifacts-management-1\": the server is ignored" container=management-artifacts-a5c7289b9ce0b02a37a594871dd78df1a9f5f19d409744b2c2bb3fbc44b2a5ba providerName=docker
2024-08-01T19:45:50+03:00 ERR error="service \"api\" error: unable to find the IP address for the container \"/artifacts-management-1\": the server is ignored" container=management-artifacts-a5c7289b9ce0b02a37a594871dd78df1a9f5f19d409744b2c2bb3fbc44b2a5ba providerName=docker
any hint?
Thanks Jim! Have you tried this on Kubernetes yet?
@@ryanarnold2293 yes, I've spun it up but haven't started to use it yet.
@@Jims-Garage Any caveats compared to the Docker setup? I want to try this on my k3s cluster with Traefik
Do your domain need to be pointed at the web for this to work?
@@Michael-v3v2u yes (albeit if you're behind cgnat you can put a node in the cloud and route through that to internal).
Hi Jim, do you need a static IP to run this as a self hosted VPN instance?
@@ramomammah no, you can use DDNS (like I do) to ensure your domain record remains accurate.
@@Jims-Garage Thanks! Do you use cloudflare for example to point the DDNS address to your machine hosting netbird?
@@ramomammah yes. Add the record in Cloudflare or any supported domain registrar and then configure DDNS to keep it up to date (there are specific docker containers for it and can also be done with firewalls that support it)
As always 👍🏻
Thanks again!
The current lack of BSD support makes it difficult to integrate with OPNsense and other similar firewalls..
Edit: they _do_ have BSD, pfsense and opnsense on their roadmap, but it doesn't seem like it's very active. They seem to have some initial support for BSD, but it looks like you're building it from source, which isn't super helpful.
I agree, same with Android mobile and exit nodes. They're a small team but they've achieved a lot so far. Fingers crossed they deliver, would be ace to have it in OPNSense.
@@Jims-Garage yeah, it's definitely a product to watch and good luck to them
@@djsmeguk 💯
This limitation is exactly why I passed over Netbird when first seeing their product about a year ago. I'm hopeful they will eventually have OPNsense support, though!
Have you used the Android client with it? I'm connected, but can't reach any other clients, or be reached.
I have struggled a lot with the coturn container. I get this repeated log error:
"bind: Address already in use
Cannot bind local socket to addr: Address already in use
2: (1): WARNING: Trying to bind fd 348 to : errno=98
2: (1): WARNING: Cannot bind DTLS/UDP listener socket to addr 127.0.0.1:3478
2: (1): INFO: Trying to bind DTLS/UDP listener socket to addr 127.0.0.1:3478, again..."
Everything else is workning and I can follow along with all the instructions in the video. It is also possible to ping the different peers as long as they are in the same LAN but as soon as I turn off WiFi in my android phone, I can no longer ping the other peers 😞 and vice versa.
I also loose the connection to the netbird admin page as soon as I connect the Netbird client on my Windows maskin.
Can this also be part of the newely released client problem or is this something else?
My question was: Do you need to open ports like WireGuard?
Yes
For the control layer (management). For the clients you won't need to open ports.
Can someone here help me
i did everything like the video, and i tried on my phone outside from my home network and it connects but none of my computers inside my network connect.
the problem seems to be with port 33080 the relay one
i dont have a redirect anywere so why does it work from the outside and from inside it doesnt work?
I believe the Netbird app was updated right after I published the video changing things with the relay. I'll have to do an update...
@@Jims-Garage Is the update still in the plan?
Thank you :D
No problem!
Is there a use case for a stack deployed VPN like this vs setting up a VPN on my router (I have Unifi, so I think I have a few options)
They're completely different types of VPNs, one is point to point (Unifi) and the other is a mesh. It depends what you want. Both should be equally performant.
Is there limit for number of users. Or is it paid for more users?
@@ashoktvm there's no limit on users that I'm aware of
I am curious if anyone has done a performance comparison between this and headscale? I put about 200 nodes on a single headscale tailnet using an AWS EC2 m5.xlarge (4 VCPUs) and the CPU started cooking, I was able to mitigate this a bit, but i have never really tried NetBird
@@brinkoo7 wow, that's a big scale. I would love to know if someone has done a similar comparison.
another good solution to scale up is Nebula. It is meant for that.
Thanks Jim!
Zitadel or Authentik which you like more?
//edited :)
@@user-qh5zz7dy1h I like them both, but I prefer Authentik for a homelab as it has the proxy option for all the homelab apps that don't support oauth2.
@@Jims-Garage damn, you're faster than I edit my comments haha, thanks! That helped me a lot to decide :)
A video on how to set up authentik proxy would be nice. For apps that don't have oauth
@@Shaq2k think I did that for my first Authentik video
how to setup this using nginx proxy manager
@@jomijohn7068 I'm not sure. I don't recommend using NPM, it's security track record is poor.
Has anyone done a speed test of WireGuard vs NetBird? I’m asking as I’ve used both but with different implementations, self hosted vs cloud. And I did notice a speed difference. But I’d like to know the difference with both self hosted.
I will look to do some, there's a few on Reddit.
I tried it for a couple of weeks then gave up - management interface etc all fine and could connect clients, but they couldn't ping each other unless on the same LAN, which was kinda the point! Seemed to be mainly issues around the coturn server not working properly but I gave up in the end.
I got the same result, really unfortunate when seeing how well it can work. I have tried both with and without forwarded ports in the Firewall, no difference. It was not mentioned in the video if it is necessary or not when using it behind Traefik.
Why did you use Authentik instead of zitadel? Just curious since I redo my whole setup. Which one do you prefer?
As I mention in the video I use Authentik as it does everything Zitadel does plus it has the option of a proxy for apps that don't support OAuth
Currently trying to setup netbird on oracle hub and spoke network and connect to home network.....its not easy lol would be absolutely baller if you had a tutorial of this sometime 💀
Do you have a video on how to use vscode?
Yes
No simpler docker way without all the treafik etc? This is for many people a way to complicated way. No offence.
@@Snoekverslaafde check the video at the start, there's a single click script that does everything for you.
Was meaning to ask on the headscale video and forgot, but would it be possible to include docker compose files that do not have all the traefik stuff. I think alot of people including myself use NPM and it would be easier to follow along with a file like that, not just this video but there have been others. Up to you only ask you to consider this.@@Jims-Garage
@@Jims-Garage Not working if you on lets say a Synology
@@Snoekverslaafde what error do you receive?
@@Jims-Garage I can only install it as a docker stack. And that is Netbird only. All other things you show in the video dont work. And after it runs i cant acces lan from outside.
Sorry but netbird is $hit... It have so much issues that this is not production ready and not something I want to use in any scenario. Still Tailscale wins, Netbird s*cks. Tailscale also has amazing support, Netbird is just a toy for kids with no support, any support.
They encourage people to join their slack channel for support…but the invite has been expired for some time. They have a Reddit page…but posting is not permitted, and no new posts in almost a year. There are no organized places to even ask peers for support! So frustrating when some of the docs are vague or too advanced for newbies.
Jim please help. How to use netbird. Like im making a dockerswarm connect the workers. And deploy apps in the worker access them from managers ip?