Hey folks! We have just released NetBird. It is a big update so I decided to share it here and get your feedback :)<p>NetBird creates an overlay peer-to-peer network connecting machines automatically regardless of their location (home, office, data center, container, cloud, or edge environments) unifying virtual private network management experience. It uses ICE protocol (WebRTC) to negotiate p2p connections and WireGuard (kernel module, when possible) to create a fast and encrypted tunnel between machines, falling back to relay (TURN) in case a p2p connection isn't possible. Pretty much just a client application installation is needed, the rest is done by the software!<p>Sharing the project with you wasn't the only purpose of the post. I wanted to discuss the future and vision behind it.
I'm pretty sure that in a few years, such seamless connectivity without the hassle of configuring firewalls, managing IPs, manual key rotations, centralized gateways, etc. will become a commodity and the majority won't be talking about traditional VPNs.<p>But what we think is becoming more relevant is advanced network security. We've seen the rise of Zero Trust with its ZTNA solutions in the past years. There are big vendors like ZScaler or Palo Alto already offering advanced network security features that leverage ML or contextual access controls to allow/block access based on context, not just identity.<p>Why can't this be open-source and built on top of universal connectivity that works anywhere? That is what we are setting as a mission for our project - to bring seamless connectivity and advanced network security together in a single open-source solution.
What do you think about it?<p>We welcome contributors and if your excited of what we are building, feel free to reach out to us!<p>P.S. We've been previously know as Wiretrustee :)
Nice work!<p>"rise of Zero Trust ... like ZScaler ... why can't this be open-source and built on top of universal connectivity that works anywhere"<p>Have you checked out OpenZiti? It's very similar to Zscaler ZPA in that its an opensource project based on zero trust principles incl. being able to close all inbound ports, have a SDP and private DNS. Its even better in that it can be applied to any use case (remote access, multi-cloud, IoT, DevOps and more) while it also ofers a quite of SDKs which can allow it to be embedded at the app level as well as tunnelers for any popular OS or virtual network appliances.<p>I think you will find it interesting.
I'll be looking forward to see how your access control feature works. I am currently using netmaker (netmaker.org) which is limited to allow/deny per endpoint instead of service based policy.<p>I really like you auth0 option for the self-hosted version. Having to host identity can be quite the security risk.<p>What I dislike a little right now are all the required open ports. I see of course why they are required, However having to secure all of them would be quite a feat. I am always a "simpler is better" proponent. Fewer ports will reduce the attack-surface to manage in the enterprise.<p>Keep up the good work!
Keep up the great work :)<p>I am really rooting for NetBird. It has been such a joy interacting with you all through Pion. I also love how you are embracing/building upon Open Standards. You are making these protocols and software better for everyone.
Currently using Tailscale but looking to switch due to it's reliance on a centralised proprietary control node. From what I understand NetBird is a true mesh VPN with no central node reliance? Eager to try this once a mobile app is available.