[SUPPORT] NetBird

jimrummy101

By jimrummy101
in Docker Containers

Recommended Posts

jimrummy101 Noob

jimrummy101

Posted
Posted (edited)

Overview: Support thread for NetBird

Application: NetBird-Client, NetBird-Dashboard, NetBird-Management, NetBird-Signal - https://netbird.io

About: Connect your devices into a single secure private WireGuard®-based mesh network with SSO/MFA and simple access controls.

Docker Hub: https://hub.docker.com/r/netbirdio/netbird

GitHub: https://github.com/netbirdio/netbird

Documentation: https://netbird.io/docs

NGINX Conf: https://github.com/dannymate/unraid-templates/tree/master/Conf Samples/SWAG/nginx/proxy-confs

 

Please post any questions/issues relating to this docker you have in this thread.

 

2023-07-25 - I've updated the NGINX conf after looking at updated NETBIRD docs.

 

Edited by jimrummy101
Added server container names2023-07-25 - I've updated the NGINX conf after looking at updated NETBIRD docs.
  • Like 2
Link to comment
jimrummy101 Noob

jimrummy101

Posted
  • Author
Posted (edited)

 

Netbird-Server Unraid.pdf

I have created a PDF guide to installing your own NetBird server. 

 

Feel free to give any feedback.

 

UPDATE 19/01/2023: Coturn Configuration has been split into two seperate options. One for those using a shared secret and those who need to use a user account. To check if you've misconfigured your Coturn for NetBird look at your Coturn logs to see if there's any errors regarding not being able to find a user. If you have misconfigured then the Network Route functionality will not work.

Also a note regarding Network Routes is to make sure you are not denying ips in your turnserver.conf. For example if you are trying to route to a 192.168.0.0/24 then make sure the turnserver.conf either explicitly allows that IP range or at least doesn't deny them.

Edited by jimrummy101
Coturn Misconfiguration
Link to comment
jimrummy101 Noob

jimrummy101

Posted
  • Author
Posted (edited)

It doesn't matter what the IP address is. The way devices know which ones they can communicate with is via the Access Control panel in the NetBird Admin. By default everything should be able to connect to everything else. I have had issues with pinging windows based systems personally (but otherwise working fine) as well as issues with a specific client not actually being connected but saying it is.

 

To check if a client is wrong about its connection try getting it to ping itself. If it can't ping itself then disconnect & reconnect or netbird down then netbird up.

The other way to check if two devices can connect to eachother is via an actual service. So using your PC try connecting going to your unraid portal. It should just be typing the unraid ntebird ip into your browser.

 

Let me know how it goes!!

 

Edit: Looks like the comment I replied to was deleted. It was asking for help with an inability to ping thinking it could be due to clients not being on the exact same subnet.

Edited by jimrummy101
Comment Deleted
Link to comment
mlsmaycon Noob

mlsmaycon

Posted
Posted
On 1/4/2023 at 5:10 PM, jimrummy101 said:

Overview: Support thread for NetBird

Application: NetBird-Client, NetBird-Dashboard, NetBird-Management, NetBird-Signal - https://netbird.io

About: Connect your devices into a single secure private WireGuard®-based mesh network with SSO/MFA and simple access controls.

Docker Hub: https://hub.docker.com/r/netbirdio/netbird

GitHub: https://github.com/netbirdio/netbird

Documentation: https://netbird.io/docs

 

Please post any questions/issues relating to this docker you have in this thread.

 

 

I loved the work you've done here @jimrummy101

I will be happy to answer or support if you have any questions or issues with NetBird

Link to comment
jimrummy101 Noob

jimrummy101

Posted
  • Author
Posted (edited)
On 1/16/2023 at 11:57 AM, mlsmaycon said:

I loved the work you've done here @jimrummy101

I will be happy to answer or support if you have any questions or issues with NetBird

I assume you're one of the devs of NetBird. Thanks for your work and support, it's much appreciated.

 

I do have one question. I'm just noticed I'm getting a lot of these messages occuring in my client logs:

time="2023-01-16T14:15:19Z" level=warning msg="disconnected from the Signal service but will retry silently. Reason: rpc error: code = Internal desc = stream terminated by RST_STREAM with error code: PROTOCOL_ERROR" file="grpc.go:144"
time="2023-01-16T14:15:31Z" level=info msg="connected to the Signal Service stream" file="grpc.go:136"
time="2023-01-16T14:15:48Z" level=warning msg="disconnected from the Management service but will retry silently. Reason: rpc error: code = Internal desc = stream terminated by RST_STREAM with error code: INTERNAL_ERROR" file="grpc.go:134"
time="2023-01-16T14:15:49Z" level=info msg="connected to the Management Service stream" file="grpc.go:123"
time="2023-01-16T14:15:49Z" level=error msg="unable to configure DNS for this peer using file manager without a nameserver group with all domains configured" file="server.go:214"

 

I assume I may have misconfigured something with my nginx [config]( https://github.com/dannymate/unraid-templates/blob/7c79534002ce1d2116b9d2ec33ce0cccd372b0df/Conf Samples/SWAG/nginx/proxy-confs/netbird.subdomain.conf.sample).

proxy.conf: https://github.com/linuxserver/docker-swag/blob/96f746d5ce0bb334bba547c44ad0ccac61f6ed1a/root/defaults/nginx/proxy.conf.sample

You can ignore resolver.conf.

Or my management.conf which is basically this https://github.com/dannymate/unraid-templates/blob/7c79534002ce1d2116b9d2ec33ce0cccd372b0df/Conf Samples/NetBird/management.json.sample

 

Do you know what could be the issue here?

 

This github issue seems related: https://github.com/netbirdio/netbird/issues/651

Edited by jimrummy101
Found Github issue
Link to comment
  • 2 weeks later...
mlsmaycon Noob

mlsmaycon

Posted
Posted
On 1/16/2023 at 3:51 PM, jimrummy101 said:

I assume you're one of the devs of NetBird. Thanks for your work and support, it's much appreciated.

 

I do have one question. I'm just noticed I'm getting a lot of these messages occuring in my client logs:

time="2023-01-16T14:15:19Z" level=warning msg="disconnected from the Signal service but will retry silently. Reason: rpc error: code = Internal desc = stream terminated by RST_STREAM with error code: PROTOCOL_ERROR" file="grpc.go:144"
time="2023-01-16T14:15:31Z" level=info msg="connected to the Signal Service stream" file="grpc.go:136"
time="2023-01-16T14:15:48Z" level=warning msg="disconnected from the Management service but will retry silently. Reason: rpc error: code = Internal desc = stream terminated by RST_STREAM with error code: INTERNAL_ERROR" file="grpc.go:134"
time="2023-01-16T14:15:49Z" level=info msg="connected to the Management Service stream" file="grpc.go:123"
time="2023-01-16T14:15:49Z" level=error msg="unable to configure DNS for this peer using file manager without a nameserver group with all domains configured" file="server.go:214"

 

I assume I may have misconfigured something with my nginx [config]( https://github.com/dannymate/unraid-templates/blob/7c79534002ce1d2116b9d2ec33ce0cccd372b0df/Conf Samples/SWAG/nginx/proxy-confs/netbird.subdomain.conf.sample).

proxy.conf: https://github.com/linuxserver/docker-swag/blob/96f746d5ce0bb334bba547c44ad0ccac61f6ed1a/root/defaults/nginx/proxy.conf.sample

You can ignore resolver.conf.

Or my management.conf which is basically this https://github.com/dannymate/unraid-templates/blob/7c79534002ce1d2116b9d2ec33ce0cccd372b0df/Conf Samples/NetBird/management.json.sample

 

Do you know what could be the issue here?

 

This github issue seems related: https://github.com/netbirdio/netbird/issues/651


You are right, it is related to nginx. I want to find a time to validate and test it out. 

The issue only happens when there is a large period of time without new updates and nginx might not be forwarding the keepalive messages between the peer and the signal server.

If possible please share your case in the https://github.com/netbirdio/netbird/issues/651 ticket as well. 

  • Like 1
Link to comment
  • 2 weeks later...
  • 3 months later...
TechWizard Noob

TechWizard

Posted
Posted (edited)

Not sure how to set this up, installed all three container. When checking Netbird docs I got a bit confused, because I think I missed a lot of env variables (docs talking about .env files, configuring scripts etc.) and the compose example from the GitHub repo has a coturn server in it. PDF isn't available anymore. Has anyone a really basic setup example or the PDF?

 

Also 3 containers for one app seems a bit much, what's the reason / approach behind that? Would it be possible to bundle all the services into one container?

Edited by TechWizard
Added some details.
Link to comment
jimrummy101 Noob

jimrummy101

Posted
  • Author
Posted
43 minutes ago, TechWizard said:

Not sure how to set this up, installed all three container. When checking Netbird docs I got a bit confused, because I think I missed a lot of env variables (docs talking about .env files, configuring scripts etc.) and the compose example from the GitHub repo has a coturn server in it. PDF isn't available anymore. Has anyone a really basic setup example or the PDF?

 

Also 3 containers for one app seems a bit much, what's the reason / approach behind that? Would it be possible to bundle all the services into one container?

The PDF is uploaded to the Unraid Forums and I just tested it's still available. I'll try uploading it again here for you. If no luck I'll add it to the repo later for you to look at.

Netbird-Server Unraid.pdf

Link to comment
  • 5 months later...
Itserver Noob

Itserver

Posted
Posted

Hi,

I am noob to this topic and have one question about this app in unraid community store. There are the docker apps in store:

1. NetBird-Client

2. NetBird-Management,

3. NetBird-Signal 

 

And they all have same description under info.

 

so my question is that what is the difference and use case of all three different apps. It would be very helpful and appreciated if you could mention and update these details on info of these apps.

 

Link to comment
jimrummy101 Noob

jimrummy101

Posted
  • Author
Posted (edited)
8 hours ago, Itserver said:

Hi,

I am noob to this topic and have one question about this app in unraid community store. There are the docker apps in store:

1. NetBird-Client

2. NetBird-Management,

3. NetBird-Signal 

 

And they all have same description under info.

 

so my question is that what is the difference and use case of all three different apps. It would be very helpful and appreciated if you could mention and update these details on info of these apps.

 

Yeah that would make sense. I thought I had :p. I'll give the descriptions an update when I get the chance. It's probably because the NetBird folks don't give an explanation themselves at the time I made it.

 

There's actually 4:

1. NetBird-Client - The NetBird Client application (or agent) is a software that is installed on your machines. It is an entry point to you private network that makes it possible for machines to communicate with each other. Once installed and registered, a machine becomes a peer in the network.

2. NetBird-Management - The Management service is the central coordination component for NetBird. It keeps the network state, public Wireguard keys of the peers, authenticates and distributes network changes to peers.

3. NetBird-Signal - The Signal Service or simply Signal is a lightweight piece of software that helps peers to negotiate direct connections. It does not store any data and no traffic passes through it.

4. NetBird-Dashboard - The Dashboard service provides a user friendly interface for management of peers and the overall network.

(Apps 2, 3, 4 comprise the server-side of NetBird and aren't necessary if you just want to use their hosted service.)

 

Feel free to read more about it here: https://docs.netbird.io/about-netbird/how-netbird-works

In this example for reference the "Relay Service" is a Coturn server as referenced in my guide. 

The "Management Service" listed in the example has joined together the NetBird-Management and NetBird-Dashboard though they are two seperate apps/docker containers.

If you look at the first picture in the example there's an "Indentity Provider" box for authentication, in my guide we use Keycloak though you can now use others if you figure it out yourself.

 

I'll work on getting these descriptions added to the templates if you're happy with them.

Edited by jimrummy101
  • Thanks 1
Link to comment
Itserver Noob

Itserver

Posted
Posted
16 minutes ago, jimrummy101 said:

Yeah that would make sense. I thought I had :p. I'll give the descriptions an update when I get the chance. It's probably because the NetBird folks don't give an explanation themselves at the time I made it.

 

There's actually 4:

1. NetBird-Client - The NetBird Client application (or agent) is a software that is installed on your machines. It is an entry point to you private network that makes it possible for machines to communicate with each other. Once installed and registered, a machine becomes a peer in the network.

2. NetBird-Management - The Management service is the central coordination component for NetBird. It keeps the network state, public Wireguard keys of the peers, authenticates and distributes network changes to peers.

3. NetBird-Signal - The Signal Service or simply Signal is a lightweight piece of software that helps peers to negotiate direct connections. It does not store any data and no traffic passes through it.

4. NetBird-Dashboard - The Dashboard service provides a user friendly interface for management of peers and the overall network.

(Apps 2, 3, 4 comprise the server-side of NetBird and aren't necessary if you just want to use their hosted service.)

 

Feel free to read more about it here: https://docs.netbird.io/about-netbird/how-netbird-works

In this example for reference the "Relay Service" is a Coturn server as referenced in my guide. 

The "Management Service" listed in the example has joined together the NetBird-Management and NetBird-Dashboard though they are two seperate apps/docker containers.

 

I'll work on getting these descriptions added to the templates if you're happy with them.

I really appreciate your hard work for unraid community and thanks for your quick and detailed response. Yes, I really helpful for others users too if you could add it to description of app whenever you get chance. Thanks again.

  • Like 1
Link to comment
  • 4 weeks later...
bthoven Rookie

bthoven

Posted
Posted (edited)

Thanks a lot for these dockers. I am selfhosting my headscale and I wan’t to try netbird. I have not tried the selfhosting part yet because I want to familiarize myself with the netbird ecosystem first. So I’m using netbird server/dashboard.

As my pfSense can have tailscale client installed, I use it as subnet router for accessing non-tailscale devices from outside my network. As my pfSense uses its own (unbound) dns resolver and has pfblockerng installed for blocking Ads, all my tailscale devices have Ads blocked automatically by pfblockerng.

As netbird has not supported pfsense yet, I run your netbird client docker and set it as subnet router for accessing my main LAN subnet. My question is how can I make all my netbird clients have Ads blocked by pfblockerng on my pfsense?

Thanks

Update: I believe I've accomplished it by adding my pfSense local ip and port 53 as a name server (dns-->nameservers) on admin page  and applied it to all peers. If it is not the right way, please let me know...thanks.

Edited by bthoven
more clarification
Link to comment
jimrummy101 Noob

jimrummy101

Posted
  • Author
Posted
23 hours ago, bthoven said:

Thanks a lot for these dockers. I am selfhosting my headscale and I wan’t to try netbird. I have not tried the selfhosting part yet because I want to familiarize myself with the netbird ecosystem first. So I’m using netbird server/dashboard.

As my pfSense can have tailscale client installed, I use it as subnet router for accessing non-tailscale devices from outside my network. As my pfSense uses its own (unbound) dns resolver and has pfblockerng installed for blocking Ads, all my tailscale devices have Ads blocked automatically by pfblockerng.

As netbird has not supported pfsense yet, I run your netbird client docker and set it as subnet router for accessing my main LAN subnet. My question is how can I make all my netbird clients have Ads blocked by pfblockerng on my pfsense?

Thanks

Update: I believe I've accomplished it by adding my pfSense local ip and port 53 as a name server (dns-->nameservers) on admin page  and applied it to all peers. If it is not the right way, please let me know...thanks.

Your update is exactly how I handle it as well. I have adguardhome installed on my openwrt router and route all netbird traffic through that with my routers local ip and the dns port of 53. 

  • Like 1
Link to comment
bthoven Rookie

bthoven

Posted
Posted (edited)

Thanks.
However, I found later my android mobile can no longer access any local network devices and can't access internet. The app shows connected with 0/4 peers. I have to change server to netbird server again (i.e., create a new peer) to make it work again, but later I got the same problem.
Do you have the same issue?

 

ps. I'm not sure if this is relevant. My Unraid also have headscale running, but not tailscale client (not installed). I turned off my tailscale on my phone when I connect netbird on it.

 

update: I disable network route on netbird on unraid, spin up my ubuntu vm (on unraid), installed native netbird and set network route to my local network on it. My phone still connects with 0/5 peers and no internet.
I also found netbird on my ipad is working fine with either network route on unraid docker or ubuntu native. So it must be issue on the andriod app? But netbird app on andriod has been up for quite some time compared with it on iOS.

The problem is on my android 12 phone (xiaomi mi10t pro). It can connect to my ipad netbird only. The same problem does not happen to my android 10 phone (xiaomi poco f1). I’m consulting the issue with Netbird support on Slack chat.

Edited by bthoven
add more information
Link to comment
  • 1 month later...
  • 4 weeks later...
fiR3W4LL Apprentice

fiR3W4LL

Posted
Posted (edited)

I have an issue with managing Docker. It seems it's not starting correctly. I'm encountering this error: "Error: failed reading provided config file: /etc/netbird/management.json: read /etc/netbird/management.json: is a directory."

I haven't made any changes. Any ideas?

Edited by fiR3W4LL
Link to comment
BerndJ Noob

BerndJ

Posted
Posted

I have the same problem. My first installation attempt was on 2024-04-03. 

Error: failed reading provided config file: /etc/netbird/management.json: read /etc/netbird/management.json: is a directory
 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing