szzylph
commented
8 months ago +1
Open hwinkel opened 9 months ago
szzylph
commented
8 months ago +1
moontide
commented
8 months ago For selfhosted installation, currently, as a workaround, you can change the network range (and even IP addresses of each peer) via editing store.json file.
/var/lib/docker/volumes/artifacts_netbird-mgmt/_data/store.json
{
"Accounts": {
"...an-account-id...": {
"Network": {
"id": "...a-network-id...",
"Net": {
"IP": "100.100.100.0",
"Mask": "////AA==" // base64 codec string for binary 255.255.255.0
},
"Dns": "",
"Serial": 1
},
"Peers": {
"...a-peer-id...": {
"ID": "...a-peer-id...",
"IP": "100.100.100.100", // easy to rememberBut I don't know how to change them when using sqlite storage engine. network range information is stored in network_net field of accounts table, peer ip information is stored in ip field of peers table, but the data types are BLOB which is not editable unless you know the data format of it.
nuterum
commented
6 months ago Since version 0.27.5 it may be possible to change that after adding peer and changing each peer IP but i have not test it and cant be sure that no problem will occur.
What i have test is to do it before adding peer and after finishing the installation process.
First you need to understand that the mask of the network is encode in base64 and is define by func IPv4Mask in go net package. The define network is done in the file below: Define network
To change the network mask you will need to calculate the new one and encode it. You can use the following link to do that or the function directly: Online IPMask Encode to base64
For example let make a /24 (255.255.255.0) and /22 (255.255.252.0): In the case of /24 IPMask give "ffffff00" then encode it and obtain "////AA==". In the case of /22 IPMask give "fffffc00" then encode it and obtain "///8AA==".
I will show it later but the default mask is "//8AAA==" and is a subnet of "100.64.0.0/10" as define in network.go. Then what mask is "//8AAA==". If we decode it then we have "ffff0000" and in IPMask this correspond to a /16 (255.255.0.0). That correspond to what we found in network.go.
Now let speak where to find this netword and how to change it. Firs you need to know where your data will be as configure in your docker-compose.yml. In the docker-compose.yml you configure "netbird-mgmt:/var/lib/netbird" in your volume. That is the place where our db file will be. (in my case /var/lib/docker/volumes/artifacts_netbird-mgmt/_data/) Then let check what inside:
ls /var/lib/docker/volumes/artifacts_netbird-mgmt/_data/ events.db GeoLite2-City.mmdb geonames.db store.db
we can see multiple sqlite db the one we need is the "store.db". You will need sqlite3 if you want to modify this file "sqlite3 /var/lib/docker/volumes/artifacts_netbird-mgmt/_data/store.db"
sqlite3 /var/lib/docker/volumes/artifacts_netbird-mgmt/_data/store.db SQLite version 3.40.1 2022-12-28 14:03:47 Enter ".help" for usage hints. sqlite> .tables accounts network_addresses posture_checks extra_settings peers routes groups personal_access_tokens setup_keys installations policies users name_server_groups policy_rules sqlite>
Here we will need the table "accounts" and more exactly the network_net inside.
sqlite> .schema accounts CREATE TABLE
accounts(idtext,created_bytext,created_atdatetime,domaintext,domain_categorytext,is_domain_primary_accountnumeric,network_identifiertext,network_nettext,network_dnstext,network_serialinteger,dns_settings_disabled_management_groupstext,settings_peer_login_expiration_enablednumeric,settings_peer_login_expirationinteger,settings_regular_users_view_blockednumeric,settings_groups_propagation_enablednumeric,settings_jwt_groups_enablednumeric,settings_jwt_groups_claim_nametext,settings_jwt_allow_groupstext,settings_extra_peer_approval_enablednumeric,settings_extra_integrated_validator_groupstext,PRIMARY KEY (id)); CREATE INDEXidx_accounts_domainONaccounts(domain);
In my case before modification i had:
sqlite> select network_net from accounts; {"IP":"100.68.0.0","Mask":"//8AAA=="}
You can find your id by "select id,network_net from accounts;".
Then you just need to update (in my case i use 10.68.68.0/24 ):
sqlite3 /var/lib/docker/volumes/artifacts_netbird-mgmt/_data/store.db SQLite version 3.40.1 2022-12-28 14:03:47 Enter ".help" for usage hints. sqlite> select network_net from accounts; {"IP":"100.68.0.0","Mask":"//8AAA=="} sqlite>UPDATE accounts SET network_net = '{"IP":"10.68.68.0","Mask":"////AA=="}' WHERE id = 'Replace by your account id'; sqlite> select network_net from accounts; {"IP":"10.68.68.0","Mask":"////AA=="} sqlite>.quit
By security i restart my docker stack of netbird "docker compose restart" to make sure the configuration is read again. After that i add my peers and confirm the usage of the new network.
With the change made in 0.27.5 (version test for this modification describe) we may be able to do it even after adding peer but will need to change each peer ip. This is possible because the ip field has been change from blob to text. you can find each peer id and ip with "select id,ip from peers;".
You will need to change each peer with unique IP in the "network_net" define in account associate with the peer. In my case i have only one account and all my peer are associate with it. It seem to be the default for every sel-hosted instance.
Example for one peer: UPDATE peers SET ip = '"10.68.68.2"' WHERE id = 'Replace by your peer id';
By security i restart my docker stack of netbird "docker compose restart" to make sure the configuration is read again. I never like the possibility to create instability by configuration or information that may be in cache.
Thank you for your time and wish you a good day.
graphixillusion
commented
6 months ago Great! But i think i'll wait for some official option in the UI
netandreus
commented
1 month ago Up! This is a really necessary feature.
Option in UI / API to configure the managed Network Range.
A selfhosted setup needs the option to define the managed network range in CIDR notation,