netbird icon indicating copy to clipboard operation
netbird copied to clipboard
Published 3 months ago verified publisher icon netbirdio

Add option to force P2P connection via WebRTC

Open thinadusk opened this issue 1 year ago • 1 comments

In https://docs.netbird.io/about-netbird/how-netbird-works, it shows P2P traffic tunneling directly through WireGuard. If I understand correctly, this is raw, unencapsulated WireGuard traffic.

In some networks, WireGuard traffic may be restricted, and since Netbird already supports WebRTC for relaying, it would be helpful to add an option to use it for P2P connections.

This can be accomplished in a number of ways:

  • Client-side environment variables
  • Setting server-side ACL for some peers
  • Global settings on the server

Related: #1096

thinadusk avatar Jun 15 '24 09:06 thinadusk

hey @thinadusk Your understanding is correct - the traffic is raw WireGuard traffic. The change that you are proposing is not as easy as it sounds and requires the whole transport logic refactor. NetBird uses ICE from WebRTC to negotiate direct connections. However, it doesn't use data channels of WebRTC. We had some thoughts around it but we lack a real strong use case that would benefit most of the users.

Bottom line, I don't think that we will persue this in the near future. However, we are working on relay improvements that might help with these issues.

What is your environment that blocks WireGuard?

braginini avatar Jun 19 '24 07:06 braginini

If the wireguard packet can be transferred over webrtc data channel. When using the browser client, we can connect to the destination without websocket relay. This saves server bandwidth. On the other hand it also unifies the solution for both browser and none browser client.

CrazyPandar avatar Nov 27 '25 16:11 CrazyPandar