search

netbirdio / netbird

Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.
https://netbird.io
BSD 3-Clause "New" or "Revised" License
11.19k stars 515 forks source link

Ability to add plain wireguard clients #2504

Open Silex opened 2 months ago

Silex commented 2 months ago

Is your feature request related to a problem? Please describe.

We have old routers where running netbird is problematic. But wireguard is supported.

Describe the solution you'd like

A way to add a peer using a plain wireguard config. Bonus points if there is QR Code.

Netmaker seems to support it https://www.netmaker.io/resources/wireguard#toc-generating-a-qr-code-for-mobile-client-setup

Describe alternatives you've considered

Having a machine that hosts https://github.com/wg-easy/wg-easy, have the old routers connect there, install netbird on the machine and use it as a network route to the wireguard range.

Additional context

Netbird is awesome and much more mature than Netmaker, it's the only feature missing to make it surpass Netmaker in every area.

PopcornPanda commented 2 months ago

I see only one problem with plain WireGuard configs. You lose control over actual client configs. Every client can just change their configuration and needs to manually update them with every change on routing.

nazarewk commented 2 months ago

I see only one problem with plain WireGuard configs. You lose control over actual client configs. Every client can just change their configuration and needs to manually update them with every change on routing.

I also thought about it after getting burned by netmaker months ago and decided not to even post the feature request back then. Now that I think about it it might be possible in a limited capacity through using one of Netbird clients as a controller/router for the static raw wireguard connection, but still it seems like a BIG feature to implement as Netbird itself is doing a lot more than just establishing connection.

Silex commented 2 months ago

I was thinking of a workaround like this:

One machine (let's call it config-generator) is dedicated to generating configs. It generates & connects to the netbird network, then its wireguard config is copied over to the other machine with the plain wireguard client. Then you erase the config on config-generator and start over for new machines.

Would that work?

Of course manual configuration is required, just like with netmaker if I'm not mistaken.

That said, in the meantime I managed to run netbird on the very old routers so this issue is not as critical 🥳