netbirdio
Generic Wireguard Client Configs for Universal Wireguard support
Is your feature request related to a problem? Please describe.
I have some devices and VMs running OpenBSD that support Wireguard right out of the box, but cannot connect to Netbird because there is no Netbird client available for OpenBSD.
Describe the solution you'd like
A simple solution I can think of is to add a new "Generic Wireguard Client" option to the 'Add Peer' button. Selecting this option would need to lead to a wizard so you can define things like a Hostname, details about the region & OS, group memberships, and what existing network route rules should apply to it.
Once you have completed selecting the options you would like, Netbird could generate a wireguard config file and necessary keys. The config file would need to have the new peer's netbird IP, the netbird control/relay server address, and the Allowed IPs list for the network routes you selected. An Admin should be able to copy this info into their generic Wireguard client of choice and simply connect as a hub-spoke solution.
As well, at any point afterwards, you should be able to click on the Peer in the Peers section and edit the info you initial set (hostname, etc), but also adjust the Network Routes made available to the Generic Wireguard Client. After saving changes, a new config file should be made available for an Admin to go manually update on the endpoint. It would be ideal to have a warning pop-up when making a change to routes, warning the Admin that they need to go update things manually.
Limitations of a generic config:
- Without a Netbird Agent installed, the endpoint wouldn't be able to establish any p2p meshing, and would only be able to do a hub & spoke style connection.
- The endpoint wouldn't be doing any sort of auth, purely relying on the keys, but this is already something that Exit Nodes & Setup Keys provides. If an Admin wants to remove or revoke access, they can just delete it from the Peers section to kill the tunnel and erase the keys on Netbird's side.
- Any changes to network routes would require an Admin to manually update the config for a Generic Wireguard client accordingly.
Describe alternatives you've considered
It looks like work is going into a FreeBSD client already. While OpenBSD and FreeBSD are different, a client compiled for FreeBSD may work out of the box, or with minor changes, on an OpenBSD system.
I'd really appreciate this too. I have a router that has built in Wireguard support out of the box. There are a lot of use cases where a specialty embedded OS (or simply a slightly out of view OS like the aforementioned OpenBSD) would benefit from this.
I assume this wouldn't require a massive architectural overhaul since the similar (and also Wireguard-based) Netmaker supports such an arrangement; it might be worth checking out their implementation. I started with Netmaker and used their direct Wireguard support to good effect, but switched to Netbird because the overall platform has proven a lot more stable. I'd love to see that feature come over, however!
Just adding a wireguard client as an 'exit node' so to speak would be very nice
This is an awesome feature and one of the major pluses that almost made me go with Netmaker over Netbird. It would eliminate the need to implement Netbird client on routers, Android TVs, support super-old or super-new Android and iOS versions, etc.
Duplicate of / linked to #2504
I'd like to see this implemented as well.
So it could be used to nicely integrate Netbird connectivity into NetworkManager,
which does support WireGuard, but does not appear to support Netbird yet.
a short (possibly already outdated/incomplete by the time you are reading) list of feature requests related to implementing a raw wireguard and/or very dumbed down script-style client utilizing it:
- https://github.com/netbirdio/netbird/issues/496 - let's aggregate the discussion there
- https://github.com/netbirdio/netbird/issues/2627
- https://github.com/netbirdio/netbird/issues/1000
- https://github.com/netbirdio/netbird/issues/2504
