search

netbirdio / netbird

Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.
https://netbird.io
BSD 3-Clause "New" or "Revised" License
10.36k stars 465 forks source link

Reuse network adapter profile on Windows instead of bloating the registry #1658

Open GermanCoding opened 5 months ago

GermanCoding commented 5 months ago

Is your feature request related to a problem? Please describe. Currently, netbird on Windows always creates a new network adapter and corresponding network profile when the application starts/restarts. This causes a new network profile to be created in the Windows registry (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles). After a few restarts, the registry is quickly bloated with leftover profiles, which is not only wasteful but also visually ugly - in the Windows Network Center, the profile shows up with duplicate names like "wt0 (8)" because Windows renames duplicate profiles automatically.

This also prevents network administrators from configuring the interface: Common issues revolve around setting the interface to private (this gets reset by the creation of a new profile) and customizing local firewalls (especially of third party vendors - those are sometimes entirely based on network profiles).

Describe the solution you'd like Netbird should reuse an existing network profile when creating the TUN device. This appears to be (almost) trivially possible by changing:

index 900e62f..4dac66f 100644
--- a/iface/tun_windows.go
+++ b/iface/tun_windows.go
@@ -41,7 +41,7 @@ func newTunDevice(name string, address WGAddress, port int, key string, mtu int,
 }

 func (t *tunDevice) Create() (wgConfigurer, error) {
-   tunDevice, err := tun.CreateTUN(t.name, t.mtu)
+   tunDevice, err := tun.CreateTUNWithRequestedGUID(t.name, &myGUID, t.mtu)
    if err != nil {
        return nil, err
    }

https://github.com/netbirdio/netbird/blob/17f5abc6537c79fb36f4afc7c74b7670108123be/iface/tun_windows.go#L44C24-L44C33

This causes wireguard to reuse an existing profile if one with such a GUID exists. The GUID should be deterministic across restarts, possibly generated from the client's public key?

Describe alternatives you've considered There aren't really any alternatives except accepting this problem or not using Netbird.

Additional context I'm new to go, so I'm not entirely confident with submitting a PR myself right now. Are you interested in a PR for this?

VMax4 commented 4 months ago

I add that all this happen for sure on Windows 8 and Windows11 for my experience but i suppose that happen to Windows 10 and so on too, but, sure it happen on Ubuntu 22.04 LTS too, where on each reboot a new wt0 is generated and to connect you must delete all the wt0 except for one and then disconnect and then reconnect it, a big bug, hope all this will be fixed soon. Also, if for a peer (i saw this in Widows 11) login expiration is enabled, then, when it is expired the netbird ui come uninstalled from the system too with no reason i suppose... so to relogin you have to reinstall netbird again