Open pax0707 opened 3 months ago
Hi @pax0707 What kind of network overhead are you experiencing? Do you use network routes feature?
Hi, if I may add a comment here: In our corporate network we have a ton of subnets that is routed quite efficiently via the local "default gateway". If we deploy routes via the "network routes" feature, they will always be prefered, so all the traffic is running via that routing peer, instead of the (more efficent) direct way. So it would be nice if those network routes are only active if they cannot be reached directly.
Hi, if I may add a comment here: In our corporate network we have a ton of subnets that is routed quite efficiently via the local "default gateway". If we deploy routes via the "network routes" feature, they will always be prefered, so all the traffic is running via that routing peer, instead of the (more efficent) direct way. So it would be nice if those network routes are only active if they cannot be reached directly.
Thank you for sharing your case @aho-amiblu. You might be able to achieve the suggested behaviour by using posture checks. You can create one that is blocking access when peer is connected to a specific network (peer network range check) and add it to a policy that allows access to your routing peers. Once the client is in the network with more efficient routes, the posture check will remove access to that routing peer and therefore the NetBird route.
Is your feature request related to a problem? Please describe. Prevent activation of VPN while connected to the local environment.
Describe the solution you'd like Implement on-demand VPN activation with the option to exclude WiFi networks at locations that Netbird clients already cover to prevent unnecessary network overhead.
Describe alternatives you've considered Manually enabling/disabling the VPN is tiresome, especially for other, less technically inclined users.
Additional context Wireguard client (and some other wireguard-based solutions) already support this option.