search

netbirdio / netbird

Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.
https://netbird.io
BSD 3-Clause "New" or "Revised" License
10.73k stars 483 forks source link

Mobile Apps: Connect/Disconnect when connected to target wireless network #929

Open e-renna opened 1 year ago

e-renna commented 1 year ago

Is your feature request related to a problem? Please describe. The VPN might not have to be always on. Mobile device might require to be connected to the VPN only when not in the office or when not at home.

Describe the solution you'd like The idea is to have a feature that allows users to select a named network. When the device is connected to that network the VPN can be configured to automatically connect or disconnect.

Scenario:

A device is currently connected to the access point xyz, on which a VPN is not required to access corporate (or homelab) resources. Netbird is configured to say disconnected when the device is connected to the access point xyz. However, when the mobile device is disconnected from said access point, Netbird should automatically connect.

mlsmaycon commented 1 year ago

@e-renna, so that we can understand the request better, can you share your concerns on having the client always connected as well? What usually happens is that as the network changes, the peers will eventually renegotiate their connections and use the best path, so in cases you arrive home or to an office network, you should have a similar performance as a local connection, plus all the ALC and DNS features that comes with NetBird.

mikesellt commented 7 months ago

Perhaps I can add a possible justification for this feature. Full disclosure, I'm currently using Tailscale and investigating a switch to Netbird as it uses hardware Wireguard and is self-hostable, among other reasons. Anyway, my use case is such that I currently use Tailscale (and in the future Netbird) to connect to my workplace (for working remotely/RDP) when I'm at home, connecting to my homelab while I'm at work, and for all my family's mobile clients to connect back to the homelab when away from home for DNS for content filtering, adblocking, etc... via Adguard Home. The Issue I face is that all of the machines on my home network don't connect to Tailscale. Just one of them, and then that client is the nexthop for all the subnets on the home lab that get to the other services. Hopefully I've worded that properly. So when I'm connected to both the home wifi network and Tailscale, the Android clients prefer the VPN connection, and all of the traffic that would be local over just the wifi still has to traverse the one client connected to Tailscale. If the VPN were disconnected, the traffic would be much more direct, having only to route via the router and not the Tailscale client node as well. At the moment, I've kindof gotten around this by using Home Assistant and Android intents to try and disconnect Tailscale when the client's IP over the wifi is pingable. The only reason I mention Tailscale so much (besides that it is what I'm currently using) is that Tailscale doesn't have this auto-on/off based on wifi SSID either. If netbird were to have this feature built-in, it would be awesome.