r/netbird

Update or Not?

Hi Netbird Community,

I currently run a self-hosted instance of Netbird in a production environment, and I’ve been reviewing the recent issues many of you have reported following updates.

Would it be safe for me to proceed with updating to v2.90.3 and v0.74.2? Could anyone share their experience running these specific versions so far? I’d appreciate knowing if everything has been stable and running smoothly on your end.

I’m planning to take some dedicated time off with my family soon, so I want to ensure the update goes as smoothly as possible and avoid any urgent issues that might require attention while I’m away.

Any insights or feedback you can share would be greatly appreciated. Thank you in advance!

reddit.com
u/dre_skul — 19 hours ago
▲ 14 r/netbird

Path Rules for the Reverse Proxy - Is this in the works?

Hi everyone,

After migrating my whole network from Pangolin to Netbird, the main issue with its reverse proxy implementation is that I can't apply a zero-trust based policy of only allowing certain paths to be accessed. I haven't found any other posts complaining so I thought that maybe someone thought alike.

Does anyone know if this is a planned feature?

reddit.com
u/krinkuto11 — 1 day ago
▲ 61 r/netbird

Awesome NetBird (community projects and content)

Hey everyone! We've put together awesome-netbird, a repo to highlight some of the awesome projects built by the team and the community. This is going to be our official listing for 3rd party tools.

🔗 github.com/netbirdio/awesome-netbird

It's set up so anyone can open a PR to get their project listed, both in the repo and on our website. The site side isn't live yet, but soon there will be a /community page that pulls in everything from this repo.

Do note that anyone can submit a project, and a project being added to the repo doesn't mean it was tested or validated by the NetBird team. Only entries marked Official or Endorsed have actually been tested and validated by us.

CONTRIBUTING.md

Same goes for content. If you've made a video, article, or write-up about NetBird, you can add it here with a PR and it'll show up on the site once that feature is live.

If you've already built a tool or integration, this is the place to get it seen. Give it a star, open a PR, and let me know what you think.

u/TechHutTV — 2 days ago

Can’t connect to local game server with Netbird on

So I have been trying to set up a local Palworld server with reverse proxy.

After spending 2 night's trouble shooting Connection timed out issue. I narrowed it down to having netbird turned on on the server pc.

Once netbird is off. I can connect to the Palworld game server normally Via local IP

Exit node is turned off on the server netbird setting.

also tried “this peer won’t act as router for others”

and lower the Automatic metric on the netbird network adapter to lower than my ethernet card.

but none works.

and the instant netbird is turned off, I can connect via local connection again.

any help or suggestion will be greatly appreciated. thank you.

Forgot to mention. My local client does not have Netbird installed.

Ok, found a solution, but not a permanent one, I can connect to server without turning off netbird, but will have to set netbird's interfacemetric down to something much lower. current setting is 5000

the issue? On every single system restart, the Netbird Interfacemetric is reset to 5

reddit.com
u/GameAudioPen — 3 days ago
▲ 18 r/netbird

Upgrading netbird-server 0.73.2 → 0.74.0 breaks WireGuard handshakes (reverse-proxy 502s, fixed by downgrading server only)

Upgraded my self-hosted server (management + signal + relay + STUN) from 0.73.2 to 0.74.0 and all my reverse-proxy services started returning 502 errors.

What was happening:

  • The proxy authenticates with management fine
  • The proxy connects to the relay fine
  • ICE never finishes starting up ("ICE Agent is not initialized yet", repeating forever)
  • WireGuard handshake times out and never completes
  • This still happened even with NB_FORCE_RELAY=true, which is supposed to skip ICE completely

What I checked and ruled out:

  • Config files, Traefik, CrowdSec: all fine, nothing changed
  • Container permissions: added NET_ADMIN, NET_RAW, and /dev/net/tun to the proxy container, no difference
  • Just the proxy image: downgraded only the reverse-proxy container to 0.73.2 while keeping the server on 0.74.0, still broken
  • STUN port (3478/udp) was reachable the whole time

Downgraded netbird-server itself to 0.73.2 (matching the proxy version). Everything came back up right away.

Anyone else run into this?

reddit.com
u/allxm4 — 4 days ago
▲ 25 r/netbird

NetBird v0.74 is here: Agent Network, keyless AI provider access tied to your identity provider

If you manage AI access for your team you’ve probably handed out plenty API tokens to individuals or a key for an entire team. That key gets copied into agents, scripts, and .env files. Someone leaves, who knows what they did with the keys. It's the same mess we all lived through with SSH keys for years: shared, copied onto machines by hand, and never revoked when people move on.

https://preview.redd.it/jqnlw679xqah1.png?width=2036&format=png&auto=webp&s=0f5797c558494558ff3c0ef780bce5c27791839f

A lot of customers had started using an AI gateway with their stack and tried to come up with their own solution to wire it back into their identity provider. One night, after a customer call, Misha (our CEO) and Maycon (our CTO) realized the reverse proxy we already shipped was, with a few tweaks, already most of an AI gateway. So we didn't build some giant new AI platform. We wrapped what was already there.

Checkout the release here: https://github.com/netbirdio/netbird/releases/tag/v0.74.0

That's NetBird Agent Network. Any person or agent can use any AI provider without ever holding a key. NetBird holds the provider key server-side, injects it per request, and ties every call to a real identity from your IdP (Okta, Entra ID, Google, and others). And all it requires for the end user is a gateway url and the NetBird client running in the background. The tunnel is the credential. No tunnel, no access, same rule you already know. It allows you to securely route agents to any major AI provider or local model, while simultaneously controlling agent access to internal network resources like databases and APIs. With centralized guardrails such as budget caps, model allowlists, and PII redaction, you maintain complete visibility and control through detailed per-request audit logs, making it simple to manage access and security without the headache of rotating keys.

https://preview.redd.it/qg13f679xqah1.png?width=2048&format=png&auto=webp&s=9a644aa63103d6a51865242358faf1c94c07daac

It's open source and self-hostable. You can test out the Agent Network using this one-liner:

curl -fsSL https://pkgs.netbird.io/getting-started.sh | NETBIRD_AGENT_NETWORK_ONLY=true bash

Already running NetBird? 

You don't redeploy anything. It ships in the same backend, so you flip one environment variable and it shows up in the left menu next to the reverse proxy. Set NETBIRD_AGENT_NETWORK_ENABLED=true to turn it on next to everything else, or NETBIRD_AGENT_NETWORK_ONLY=true if you'd rather have the stripped-down, Agent-Network-only dashboard instead. 

Don't want it at all? There's nothing to do, leave both unset and it stays off. The command above is really just the fast path for people coming purely for the LLM and agentic-access use case, we did this to prevent people coming for the Agent Network getting overwhelmed with our platform. 

We'd love feedback!

- Overview: https://docs.netbird.io/agent-network

- Quickstart: https://docs.netbird.io/agent-network/quickstart

- Interview with Misha: https://youtu.be/IFT-nTyLDro

- Demo video: https://www.youtube.com/watch?v=oqkcFI_3WAU

- Release Article: https://netbird.io/knowledge-hub/netbird-agent-network

reddit.com
u/netbirdio — 4 days ago

New bug, or feature?

So I'm glad netbird is getting new things, but I'm running an Rsync between two servers, and previously I would enter my password to access the other server, but now I get a netbird sso request that I need to go to a web page to use?

This isn't really too much of a headache, but this tells me there is a way I can get around any kind of password using netbird (which I would like as it keeps things 'in house')

Are there any instructions on how to do this?

I am literally copying this cli command from a notepad, so it hasn't changed in the last week, but this started happening today (7/1). Eventually my plan is to use cron to do this automatically, but honestly this keeps me engaged with the server while I'm still learning, which is good.

Thanks for the help!

reddit.com
u/PfzMfg — 4 days ago

Anyone having issues pinging to their netbird peers?

I am unable to ping to any of my peers after updating to the latest version v0.74.0. Is anyone having the same issue? How do I fix it?

reddit.com
u/lelleepop — 4 days ago

Netbird self host on Oracle cloud free tier - Help Please

I have installed Netbird self host on my Oracle cloud free tier and my peers show connected but they can not talk to one another. Is there any setting I am missing that Oracle has locked down? I am using the Ubuntu vm in the Ampere level vm.

reddit.com
u/-K1ngJ0hn- — 4 days ago

Reverse Proxy - setting up multiple domains

Cheers!

While setting up the VPN-portion of Netbird has been a breeze and is working absolutely fantastically, the Reverse Proxy portion is giving me quite some headaches.

I'm currently running netbird on an example domain of mydomain.com, but would also like to use i.e seconddomain.io and homedomain.tech, each with a couple of subdomains, on the reverse-proxy.

From my understanding, I'd first need to create a new Cluster, which then prompts me to set up a new "reverse-proxy" docker container, presumably on another server/VPS, since itself exposes ports 80+443 and connects back to the main instance.

BUT I want it to run from my main netbird instance, which itself has already the reverse proxy running.
I guess I'd should need to edit the proxy.env and somehow add the new domain(s)?

The file currently reads NB_PROXY_DOMAIN=mydomain.com amongst others. Would it suffice to possibly just add my other domains to this line as a comma separated list, or is there any other way? Sadly couldn't find anything regarding this setup in the docs.

Any help is much appreciated!

reddit.com
u/Turnspit — 5 days ago

Netbird hinter GCNAT

Hey,

Ich hab Starlink und die nutzen ja leider GCNAT..

Ich hab nun einige Sachen probiert aber bekomms einfach nicht zum laufen...leider, ich finde Netbird super interessant, aber muss dann wohl leider weiter mit tailscale arbeiten..

Ja VPS wäre möglich, seh ich aber nicht ein..

reddit.com
u/Vocalle — 5 days ago

Netbird as Software Defined Network

Hi, is anyone using Netbird as SDN, not just VPN? What's your experience?

EDIT: sorry for not being clear - I mean to replace vlans, subnets, internal firewalls between subnets,.. simply to break old school networking and replace it using SDN

reddit.com
u/Past-Vegetable-9186 — 5 days ago

I'm still stumped about internal DNS routing

Since my last post, what I did was to modify my PiHole deployment to listen to all interfaces so that it would hypothetically be able to see the WireGuard interface that Netbird uses. I'm not sure what to configure or how inside the Netbird settings though in order to make Netbird use PiHole. I know that PiHole is accessible on my internal network on the 192.168.0.0/24 subnet, and that my particular Netbird network uses the 10.0.0.0/8 subnet (which is probably way too big). I think the question I need to ask is how do I make the two completely different networks communicate.

reddit.com
u/ferriematthew — 7 days ago

Netbird iOS

What's up with the iOS client? It didn't get any updates since 5+ weeks and it still doesn't support IPv6.

reddit.com
u/a594 — 6 days ago

Installing and connecting netbird makes system lose complete network access

Going to preface this by stating I'm a new Netbird user coming from Tailscale, and have read the documentation to ensure I'm not missing anything.

Immediately after installing netbird and running "netbird up", all network connectivity to the system becomes lost. There's no "network routes" configured in the Netbird management panel, no custom DNS zones, etc. This is the cloud version, not self-hosted. Debian 12 if that matters.

I'm not sure what I'm missing here but the issue fixes itself once I stop the netbird service, and can reach the public internet no issue.

Any insights would be appreciated

reddit.com
u/CanadianStormChaser — 7 days ago
▲ 7 r/netbird+1 crossposts

Netbird On Steam Deck

Hi, I was wondering if Anyone knew how to install Netbird on Steam Deck? I was looking at the docs and it said something about installing through Homebrew but as far as I can tell SteamOS doesn't have homebrew or no way to install it. If anyone knows a way to install it that would be great, thank you!

reddit.com
u/silverkingdra — 8 days ago

Netbird self-hosted and Google oauth - managing users & devices (+AppleTV)

So I was baking off headscale vs netbird for a while. I like netbird better in many regards. Integrated idp, easier control, I just like it. That said, I’m still using preauth keys and a bunch of my users are actual literal grandmothers. Google oauth would be simpler, and I’m not above outsourcing a portion of my perimeter to ye olde Google.

A few questions before I go down the rabbit hole:

  1. Can anyone go to https://nb.mydomain.com and auth with their Google account and it creates a “pending” new user with no policies and hence no access until I enable them, or do I have to pre-create all users?
  2. If a user is trying to use the AppleTV app, do they get the “nice sso flow” where they can scan a QR code and/or enter a code from their screen on their mobile device to authenticate?
  3. Other than the fact that if someone’s Google account is compromised, then they have all the access that that person has, are there any downsides to this approach?
reddit.com
u/SparhawkBlather — 8 days ago

Android apps can't connect via private reverse proxy

Hey there,

I have not managed to get both the android nextcloud app and the android jellyfin app working via netbird-only access (private reverse proxy). It works fine in browsers (both android and linux). It also works great with the nextcloud desktop client (arch linux). So the private proxy should be setup correctly I assume. But the android apps just can't reach the server, so I'm not getting past the login screen. This happens regardless of wether I'm logged into the netbird vpn with or without an ext. IdP.

I then tested it with the public reverse proxy (without auth), and the android nextcloud app suddenly worked.

Is this behavior expected? If not, what could be the issue?

Let me know if you need more infos. Thanks!

reddit.com
u/dercudalacht — 7 days ago
▲ 16 r/netbird

Automatic Updates feature request

I’ve noticed with auto updates, post v0.61.0 of course, some of the servers running v61-69ish, the UI doesn’t automatically start when the machine is rebooted, but the background services are working just fine.

The machines where the UI doesn’t start don’t seem to receive auto updates. Is there a feature in the pipeline where we can force an update for those machines which don’t automatically receive them?

reddit.com
u/seanpetro — 9 days ago