Open dionorgua opened 1 year ago
RouterOS supports containers now, it should be possible to run netbird in such container
Yes, I'm aware of this feature. It requires RouterOS 7.5 to create TUN device.
wireguard-go
and Wireguard over TUN device because there is no access to Wireguard kernel module from container. And all of this will run on pretty low power router. Right now the most difficult part that makes it almost impossible is 'grpc'. The only way to solve this for netbird
is to use some sort of proxy/adapter...
This feature is an excellent addition. I finally have a decent firewall with a Mikrotik Router. My board has Native Wireguard support and container support, but the container feature is a HIGH RISK feature covered in documentation with no guarantee of security I will probably never use it in a router. If we can use vanilla Wireguard as a client even with restrictions it would be nice. In the meantime, I can create a site-to-site connection with clients using the native wireguard in a static manner and use routes to expose the net bird network if necessary.
This feature is an excellent addition. I finally have a decent firewall with a Mikrotik Router. My board has Native Wireguard support and container support, but the container feature is a HIGH RISK feature covered in documentation with no guarantee of security I will probably never use it in a router. If we can use vanilla Wireguard as a client even with restrictions it would be nice. In the meantime, I can create a site-to-site connection with clients using the native wireguard in a static manner and use routes to expose the net bird network if necessary.
I seccond this need limited wiregaurd client support
+1 here
In my opinion, this would be the most important missing feature in Netbird. Having this ability would add a lot more flexibility and open Netbird for many more use cases.
It would be cool to have a way to benefit from automatic mesh on systems where it's impossible to run native client or where client is not available yet.
For example Mikrotik routers supports Wireguard. But they don't have way to run custom binaries. At the same time they have own scripting language that is able to do HTTP requests, configure network interface, add routes, etc.
Similar Wireguard-based mesh networks are solving this by using 'gateway' servers (one machine in network that has public IP is assigned a 'gateway' role and such 'static' clients have config with just one peer to that 'gateway' ). So basically 'unsupported' platforms are more like traditional VPN servers. They accessing network through fixed gateway that routes traffic to other peers without mesh.
But I think that better solution should be possible:
Generally it should looks like:
Surely such client will be unable to do NAT traverse, but it'll be able to reach others with public IP or others who runs native client
There are a few related issues, like:
115
187
213
461
PS. Feel free to rename issue to something more easy to understand.