Exit node

[FarisZR]

Tailscale/headscale supports using exit nodes for using the network as a full mesh VPN.

This feature is very important for me, as I want to have a single IP, which gives me full speed while I'm in LAN, while being accessible from outside the network.

i would be using it mostly from mobile, related #213

[mrbluecoat]

I agree. A mobile client that supports always-on VPN and starts on boot linked to a centralized exit node would be heaven 😇

[mrbluecoat]

Dropping by a year later -- Android client and cloud control panel look nice! Still no 0.0.0.0/0 route option though...

[himekifee]

+1 for the feature.

[codyro]

+1

[jonathanspw]

+1

[the-infrequency]

+1

[lorenzo95]

+1

[morki83]

+1. The only thing missing before switching completely to netbird

[tiagogbarbosa]

Any progress?

[houpi]

+1

[victor-rsibillon]

+1

[alexunderboots]

+1

[tribor]

exit nodes has been sheduled for Q3 in 2023 https://github.com/netbirdio/netbird/projects/2#card-85699571

still unsure if it is currently worked on. @braginini it would be nice to get some feedback on the progress. thanks

[SamB-GB]

+1 for this

[j007bond007]

+1 For this as well... it's really needed for mobile devices on untrusted networks, right now I need to run wireguard separately for the full tunnel and NetBird for when I just need overlay mode. It should be selectable on the clients as well (e.g. "Full Tunnel Mode" vs "Overlay Mode").

[purple-emily]

I would really like this feature.

[europacafe]

+1

[PavelNiedoba]

+2

[PatrickHuetter]

+1

[PavelNiedoba]

Actually netbird is using COTURN tunneling, which does something very similar like exit nodes. You can access networks behind NAT, but this is very poorly documented.

[PatrickHuetter]

Actually netbird is using COTURN tunneling, which does something very similar like exit nodes. You can access networks behind NAT, but this is very poorly documented.

How does this work? How did you get this working? I want to have my private nodes connected via ipv6 and have access to ipv4 public internet via one exit node (that has both, ipv4 and ipv6 to public internet).

[tribor]

this feature will be available next month (March 2024) according to the public roadmap 🥳 https://github.com/netbirdio/netbird/projects/2#card-91718215

[braginini]

Actually netbird is using COTURN tunneling, which does something very similar like exit nodes. You can access networks behind NAT, but this is very poorly documented.

COTURN is used as a relay server and can’t be used as an exit node. It is just a “dummy proxy” that forwards peer-to-peer encrypted traffic between machines when no p2p connection is possible.

https://docs.netbird.io/about-netbird/how-netbird-works#relay-service

[mrbluecoat]

Whoa! NetBird CEO and Co-founder @braginini personally replying to a GitHub issue?! That just made my day. 🌟

P.S. Your article https://netbird.io/knowledge-hub/using-xdp-ebpf-to-share-default-dns-port-between-resolvers was fascinating -- really helps unmask the technically challenging "magic" that goes on behind the scenes. Keep up the great work - we're all fans here

[braginini]

Whoa! NetBird CEO and Co-founder @braginini personally replying to a GitHub issue?! That just made my day. 🌟

Thank you, @mrbluecoat, for the kind words. Everyone on our team gets hands dirty :)

P.S. Your article https://netbird.io/knowledge-hub/using-xdp-ebpf-to-share-default-dns-port-between-resolvers was fascinating -- really helps unmask the technically challenging "magic" that goes on behind the scenes. Keep up the great work - we're all fans here

Thanks! The team has put a lot of effort into making it work. We will publish more. Stay tuned ;)

[TheLinuxGuy]

Glad to see this exit nodes (route 0.0.0.0) to be coming soon.... its really the only missing feature stopping me from coming over from tailscale.

[vysecurity]

Is there any update on this? Netbird's speed currently outperforms some of its competition.

[realsteel85]

+1 we really need this

[TheRedScreen64]

Apparently it has been added for linux clients in #1667. But what about the other clients? Is it also planned for them this or next month?

[braginini]

Apparently it has been added for linux clients in #1667. But what about the other clients? Is it also planned for them this or next month?

A new version v0.26.4 was released that supports Linux. Update the client, and the 0.0.0.0/0 routes should work already. Windows is in the review, and we should finish it by the end of the week. Mac is next. The release should be there next week. Mobile clients are a little tricky, but we are at full power!

[Zaunei]

It is planned to have a selection in the client whether you can accept the default route or not?

[vysecurity]

Could we select exit nodes via the app? We don't really want to go into the panel to switch exit nodes all the time.

[mrbluecoat]

Could we select exit nodes via the app? We don't really want to go into the panel to switch exit nodes all the time.

To offer another perspective, my use case needs a device zero-touch approach controlled by the panel, preferably without the ability for an end-user to turn off the exit node. Hard to please everyone, I guess :)

[PatrickHuetter]

Could we select exit nodes via the app? We don't really want to go into the panel to switch exit nodes all the time.

To offer another perspective, my use case needs a device zero-touch approach controlled by the panel, preferably without the ability for an end-user to turn off the exit node. Hard to please everyone, I guess :)

My use case needs both scenarios 😄

[vysecurity]

How about a setting. If user is in group modify-exit-node then they can select from a list specified in that group. Else they cannot modify.

The panel can always override the exit.

[aki263]

I have set a route of 0.0.0.0/0 so all the traffic in from a clients goes throug a exit node but I want to exclude local client range like 192.168.0.0/16. How can I have sort of split tunnel where local ips are not covered by netbird?

For now I am using https://www.procustodibus.com/blog/2021/03/wireguard-allowedips-calculator/ to add like 10 routes but looking something simpler as every client will have different ipranges that they use locally.

[mlsmaycon]

Hello @aki263 are the private routes locally or in an internal gateway?

Can you confirm with traceroute or tracert that the routes are going via the exit node?

[mrbluecoat]

For those in a mixed-vendor environment running both Tailscale and NetBird: https://mrkaran.dev/posts/travel-tailscale/

[svardie]

When mobile clients will support exit nodes?

[mlsmaycon]

Hello folks,

We've just released a new android version with exit node support.

Please check it out https://play.google.com/store/apps/details?id=io.netbird.client

The iOS version is under Apple's review and should be available over the next days.

[greatbody]

Hello folks,

We've just released a new android version with exit node support.

Please check it out https://play.google.com/store/apps/details?id=io.netbird.client

The iOS version is under Apple's review and should be available over the next days.

Just upgrade through Google play, looks like we have bug here. v0.0.20 works fine, but v0.0.21 shows 0 connected peer VS 6 peers.

It was 4 of 6 peers connected, but now its 0 of 6 peers connected.

No other change except upgrading of netbird app.

[mlsmaycon]

The iOS app is live, you can download it here: https://apps.apple.com/us/app/netbird-p2p-vpn/id6469329339

[mlsmaycon]

Hello folks, We've just released a new android version with exit node support. Please check it out https://play.google.com/store/apps/details?id=io.netbird.client The iOS version is under Apple's review and should be available over the next days.

Just upgrade through Google play, looks like we have bug here. v0.0.20 works fine, but v0.0.21 shows 0 connected peer VS 6 peers.

It was 4 of 6 peers connected, but now its 0 of 6 peers connected.

No other change except upgrading of netbird app.

Can you access the advanced menu, enable trace logs. Disconnected and connected again, then after 1 minute share the logs with us?

[greatbody]

Hello folks, We've just released a new android version with exit node support. Please check it out https://play.google.com/store/apps/details?id=io.netbird.client The iOS version is under Apple's review and should be available over the next days.

Just upgrade through Google play, looks like we have bug here. v0.0.20 works fine, but v0.0.21 shows 0 connected peer VS 6 peers. It was 4 of 6 peers connected, but now its 0 of 6 peers connected. No other change except upgrading of netbird app.

Can you access the advanced menu, enable trace logs. Disconnected and connected again, then after 1 minute share the logs with us?

Share more findings:

1. Clear Android App storage
2. Phone connected to WiFi network only
3. Login Again
4. Only "2 of 6 Peers connected"
5. Now switch to "5G" network
6. We get "4 of 6 Peers connected"
7. There are 4 peers except this Phone connected all the time

[svardie]

Looks like network routes doesn't work on new client for me.

[mlsmaycon]

@svardie can you open a new github issue for your case? There is a share logs option in the Advanced menu that would help us troubleshoot the problem.

[mlsmaycon]

Hello folks, We've just released a new android version with exit node support. Please check it out https://play.google.com/store/apps/details?id=io.netbird.client The iOS version is under Apple's review and should be available over the next days.

Just upgrade through Google play, looks like we have bug here. v0.0.20 works fine, but v0.0.21 shows 0 connected peer VS 6 peers. It was 4 of 6 peers connected, but now its 0 of 6 peers connected. No other change except upgrading of netbird app.

Can you access the advanced menu, enable trace logs. Disconnected and connected again, then after 1 minute share the logs with us?

Share more findings:

1. Clear Android App storage
2. Phone connected to WiFi network only
3. Login Again
4. Only "2 of 6 Peers connected"
5. Now switch to "5G" network
6. We get "4 of 6 Peers connected"
7. There are 4 peers except this Phone connected all the time

From the logs you've shared we found an issue with DNS and the fix will be in the next release.

[mlsmaycon]

Guys I will be closing this one. Please open new issues with your findings.

Thanks for the patience, and we hope you enjoy the feature!!