Netbird

提供: ArchWiki
2023年4月11日 (火) 13:33時点におけるKusanaginoturugi (トーク | 投稿記録)による版 (英語版より転載)
(差分) ← 古い版 | 最新版 (差分) | 新しい版 → (差分)
ナビゲーションに移動 検索に移動

関連記事

NetBird is an open-source VPN management platform built on top of WireGuard making it easy to create secure private networks for your organization or home. It is very similar to Tailscale, and has very similar features.

Netbird can be self-hosted.

Initial network setup

[htps://app.netbird.io/ Sign up] for an account, and then install netbird on each of your devices. By signing up for an account, a virtual network will be created automatically.

Installation

Install netbirdAUR.

Join the network

The netbird service is installed as a template unit. Create a default instance:

# systemctl enable --now netbird@main.service

Then join the network:

# netbird up

If communication with the management server is successful, it will print a URL. Open it in a browser and sign in with your account credentials if needed. Follow the prompt on the browser, after which a success message will be printed on the console.

ノート: Sometimes the netbird CLI will fail to connect to the netbird daemon, or fail to connect to the management server. In that case, just retry the command until it works.

Just like Tailscale, it is possible to use a setup key to add a node:

# netbird up --setup-key 2CA35F84-3D54-4997-884D-FE72864ACFD7

Troubleshooting

Network inaccessible

One possible cause is conflict with Tailscale. By default, the Tailscale service will create firewall entries to filter traffic within the virtual network. All traffic originating from Tailscale's subnet must come from Tailscale's network interface. However, Tailscale and Netbird both use the same 100.64.0.0/10 subnet, thus Tailscale traffic will work fine, but Netbird traffic will be completely blocked.

This is the offending rule:

-A ts-input -s 100.64.0.0/10 ! -i tailscale0 -j DROP

Removing this rule on all affected nodes resolves the issue. However, this is not a permanent solution. Instead, disable the iptables rules entirely:

# tailscale up --netfilter-mode off

A better solution would be to use different subnets for Tailscale and Netbird, but at the moment they are not supported: