Setting up a Mesh VPN Network with NetBird

Jul 18, 2024

Setting up a Mesh VPN Network with NetBird

Introduction

  • Presenter: Jim from Jim's Garage
  • Topic: Setting up a mesh VPN network using NetBird
  • Previous Topic: Using HeadScale to set up a private virtual cloud
  • Comparison: NetBird vs. HeadScale and TailScale
    • NetBird: Better UI, easier to use, more polished
    • HeadScale: Works but less polished
    • TailScale: Another alternative but not covered in depth here.

What is a Mesh VPN?

  • Note: For more theory, refer to previous videos by Jim

Configuration Overview

  • Identity Provider: Uses authentic, Zadel, or Keycloak
  • Docker Setup: Running in Docker
  • Reverse Proxy: Uses existing proxies like Trafik or Nginx
  • Self-hosted Setup: Detailed guide to self-hosting NetBird instead of using the enterprise version

Setting Up NetBird

Downloading and Installing

  • Website: Navigate to NetBird website for installation guide
  • Enterprise vs Self-hosted: Differentiates between using NetBird's hosted service and self-hosting
  • Quick Start Guide: Instructions for using the enterprise version
  • Advanced Guide: For setting up behind an existing reverse proxy

Advanced Configuration

Requirements

  • Virtual Machine: With Docker installed
  • Public IP Address & Port Forwarding: Necessary for external access

Steps for Advanced Setup

  1. Clone Repository: Copy necessary files and configurations
  2. Setup Environment File: Create an "env" file to store variables
  3. Configuration Script: Run the script to generate Docker compose file
  4. Identity Provider Setup:
  • Authentik Setup: Similar steps to previous setups for other applications
  • Creating Applications & Providers: Ensure the correct inputs and endpoints
  • Service Account Setup: For authentication and access

Docker Configuration

  • Generate Docker Compose File: Using setup environment variables
  • Adjust Labels: Amend for your unique traffic setup

Key Configuration Files

  • Setup.env: To store environment variables
  • Docker Compose File: Multi-container setup
Docker Containers
  1. Dashboard: UI, management settings for Docker
  2. Signal: For encrypted communication
  3. Management: API and Proxy configurations
  4. Curn Server: For interaction with the Docker host

Running Docker and Final Setup

  • Running Docker Compose: Start services as a background task
  • Painer Dashboard: Verify containers are running
  • Domain Configuration: Update internal domain settings like Pi-hole or AdGuard for new domains.

NetBird Management & Clients

Initial Setup

  • Authentic Authentication: Using existing credentials to login
  • Peer Setup: Add peers to your network using setup keys
  • Client Installation:
    • Linux: Follow command line instructions
    • Android & iOS: Download app, change server, authenticate with Authentic
    • Windows: Download, install, change settings, authenticate

Policies and Groups

  • Access Control: Restrict or allow access between different peers
  • User Management: Add multiple users with different roles

Advanced Features

  • Network Roots: Access different LANs and VPCs via hosted peers
  • Exit Nodes: Use peers as network exit points
  • API Setup: Enable programmatic access

Summary & Conclusion

  • Improvements: NetBird provides a UI and enhanced management features that HeadScale lacks.
  • Port Forwards: Necessary for external access.
  • Future Considerations: Will continue to explore NetBird, set up a private virtual cloud using a NAS box.

Resources

  • Documentation: Extensive documentation available on NetBird’s site
  • Next Steps: Implement NetBird for personal use, future videos on additional configurations and use-cases.

End Notes

  • Engage: Like, subscribe, and comment for more content.

Full transcript