PickYourTechPickYourTech home
NetBird logo

NetBird

Zero-config peer-to-peer VPN with centralized access control

VPN & Zero Trust Networks

NetBird creates a WireGuard-based overlay network that auto-connects devices, provides granular policies, SSO/MFA, and a web UI, simplifying secure private networking for teams and homes.

NetBird banner

Overview

Overview

NetBird delivers a configuration‑free, WireGuard‑based overlay that automatically connects machines across any infrastructure. By handling NAT traversal, peer discovery, and fallback relays, it eliminates the need for manual VPN gateways, port forwarding, or complex firewall rules.

Capabilities & Management

A unified admin web UI lets you define granular access policies, groups, and device posture checks, while supporting SSO, MFA, and IdP integrations. The platform includes a public API, setup keys for bulk provisioning, and a Terraform provider for automated deployments. Agents run on Linux, macOS, Windows, Android, iOS, OpenWRT, and Docker, ensuring broad compatibility.

Deployment Options

Start instantly with NetBird Cloud or self‑host using a Docker‑compose script on a Linux VM (1 CPU, 2 GB RAM) with ports 80/443 TCP and 3478, 49152‑65535 UDP open. The quick‑start script configures the management service, TURN relay, and required dependencies, enabling you to scale from a home lab to a distributed team.

Highlights

Zero‑config WireGuard overlay with automatic peer discovery
Granular access policies with SSO/MFA and group sync
Cross‑platform agents (Linux, macOS, Windows, mobile, OpenWRT)
Public API, setup keys and Terraform provider for automation

Pros

  • No manual VPN configuration required
  • Strong encryption with WireGuard and optional Rosenpass
  • Centralized UI simplifies policy management
  • Supports both cloud and self‑hosted deployments

Considerations

  • Self‑hosted setup needs a public domain and open ports
  • Relay fallback can add latency in strict NAT environments
  • Main branch may be unstable during development
  • Limited built‑in monitoring beyond activity logs

Managed products teams compare with

When teams consider NetBird, these hosted platforms usually appear on the same shortlist.

Zscaler logo

Zscaler

Cloud-based zero trust security platform providing secure access to applications without traditional VPNs

Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.

Fit guide

Great for

  • Small to medium teams needing quick secure connectivity
  • Remote workers requiring seamless VPN without firewall changes
  • Home labs and hobbyist networks
  • Organizations that want to integrate SSO and MFA

Not ideal when

  • Large enterprises needing advanced traffic shaping
  • Environments with strict compliance requiring certified VPN appliances
  • Users unable to expose required ports (80/443 TCP, 3478/49152‑65535 UDP)
  • Teams that need built‑in bandwidth analytics

How teams use it

Remote development environment

Developers connect laptops to office resources securely without VPN configuration.

IoT device mesh

Devices communicate over an encrypted peer‑to‑peer network without opening inbound ports.

Multi‑cloud connectivity

Bridge workloads across AWS, GCP, and on‑premise data centers via seamless tunnels.

Home office network

Family members access shared drives and printers as if on the same LAN.

Tech snapshot

Go98%
Shell1%
HTML1%
C1%
Dockerfile1%

Tags

netbirdzero-trust-network-accesswireguardvpnwireguard-vpnnat-traversalmeshwiretrusteegolangmesh-networks

Frequently asked questions

Do I need to open ports for a self‑hosted NetBird deployment?

Yes. The server must be reachable on TCP ports 80 and 443, and UDP ports 3478 and 49152‑65535.

Is NetBird open source?

Yes, NetBird is released under the BSD‑3‑Clause license.

Can NetBird integrate with existing identity providers?

Yes, it supports SSO integrations and JWT group synchronization with popular IdPs.

What platforms are supported?

Agents run on Linux, macOS, Windows, Android, iOS, OpenWRT, Docker, and serverless environments.

How does NAT traversal work?

NetBird uses WebRTC ICE with STUN servers to discover candidates and falls back to a TURN relay when direct peer‑to‑peer connections fail.

Project at a glance

Active
Visit siteView repo
Stars
21,184
Watchers
21,184
Forks
1,044
Repo age4 years old
Last commit20 hours ago
Primary languageGo

Last synced 12 hours ago