Slow connection on local network SMB-Share

[Nordlicht-13]

trafficstars

Describe the problem

I have a slowdown on the local network, when the netbird client is connected on my Windows PC. The Windows PCs connecting to a ubuntu server with smb-shares on it. Sometimes it takes a while (some seconds) to change between folders in a explorer. And moving E-Mails on Windows E-Mail-Client from one IMAP-folder to another on the linux server sometimes takes also a while or it's not responding any more. Tailscale has no problem like this on the same PC. On a different Windows PC that is connected to a TueNAS with SMB-Shares it's not that slow, but noteble.

To Reproduce

Steps to reproduce the behavior:

1. Start and connect Netbird-Client on a Windows PC
2. Work on that PC, change folder, open Pdf-file or large images (working feels tough)
3. Disconnect from the netbird-net (working feels fluid again)

Expected behavior

Have the same working speed on the local network like without connected to the netbird-net like under tailscale.

Are you using NetBird Cloud?

I use the NetBird Cloud.

NetBird version

netbird 0.43.2

Is any other VPN software installed?

tailscale is installed, but disconnected.

Have you tried these troubleshooting steps?

• [x] Checked for newer NetBird versions
• [x] Searched for similar issues on GitHub (including closed ones)
• [x] Restarted the NetBird client
• [x] Disabled other VPN software
• [x] Checked firewall settings

[nazarewk]

1. Is the SMB connection routed through NetBird?
2. Is the NetBird connection established as P2P or Relayed? You can check with netbird status -d on either side.

[Nordlicht-13]

1. Is the SMB connection routed through NetBird?

Not that I know, it's a normal SMB-share and the netbird-client is on the PC running. Isn't there on the local network no need to route it through NetBird?

3. Is the NetBird connection established as P2P or Relayed? You can check with netbird status -d on either side.

... Connection type: P2P ... Relay server address: rels://streamline-de-fra1-1.relay.netbird.io:443 ...

[nazarewk]

Isn't there on the local network no need to route it through NetBird?

NetBird doesn't really distinguish where the resource is located, it will route whatever you tell it to through the management (Dashboard), because this might be what some users prefer. So if you have the SMB server routed through NetBird anywhere, you might also be capturing the traffic inside the NetBird network and routing it, even if it's available directly on your LAN.

You can verify it with netbird networks ls.

[Nordlicht-13]

You can verify it with netbird networks ls.

Okay, now at home I get

Available Networks:

  - ID: office
    Network: 192.168.1.0/24
    Status: Selected

  - ID: truenas-home
    Network: 192.168.2.0/24
    Status: Selected

  - ID: UCM6302
    Network: 192.168.1.75/32
    Status: Selected

  - ID: truenas
    Network: 192.168.2.65/32
    Status: Selected

So I guess it's routed through NetBird, without the routing I probably can't conneced to the smb-share from my laptop, when I'm somewhere else, right. But then NetBird should not slow down the network that much.

[nazarewk]

It might be blackholing the LAN traffic, disrupting local communication in the process. It would probably help if you made sure the routes are not distributed to the devices on the network or worst case being deselected for initial debugging purposes.

Could you send me the keys for netbird debug bundle -S --upload-bundle from both the server and the client, indicating which is which? PS: This is a new 0.43.1+ feature for securely sending debug bundles directly to our servers. The keys are non-sensitive: pretty much filenames in our internal storage system.

[Nordlicht-13]

When think about it now... On the ubuntu server at the office is no NetBird installed, on the Office-PC is a NetBird-Client installed. On the TrueNAS at home I have NetBird running as an app (and a Icus LX-Container as a test). Office and Home are connected via wireguard in the router The question is now, is all traffic from the Office-PC to the ubuntu-server at the office runs through the wireguard connection of the routers, because the TrueNAS has the Networkroute?

2 Network Routes truenas-home - 192.168.2.0/24 TrueNAS - 9999 - Active

office - 192.168.1.0/24 TrueNAS - 9999 - Active

Guess that's the problem.

[1nerdyguy]

I had literally a similiar 'foot gun' problem on this recently.

Basically, I came to two options:

1. Don't allow connections to netbird when the originating device is on the same lan. This way, the client is forced to go through the LAN to connect to the server when on site, as you have a rule saying "do not accept connections when onsite". This only works if your Servers and clients are seperated into different IP spaces or something else you can filter off with rule.

2. Install the netbird client on everything, and don't use network routes. Then, the only path is through netbird or lan. I found when I have a network route AND the client on a machine in that same route, the negotiation would not look at the p2p and relay instead based on the fact hte route existed.

[Nordlicht-13]

Guess I have to switch back to Tailscale. When the netbird connection is switch on on the office-pc (192.168.22.0 Net) and I open an pdf-file from the server in the 192.168.22.0 net it takes a while to open. I guess the traffic goes through the internet connection 50 Mbit/s upload. Disconnecting netbird and the pdf-file opens instantly. Why is netbird reaching from 192.168.22.XXX over 192.168.11.XXX to the smb 192.168.22.1?

Now I just checked netbird status -d again and I found out that the Office-PC has the following connection type: Connection type: Relayed

How do I change this to P2P?

[1nerdyguy]

1. What have you done for troubleshooting?

You've stated you're on the 192.168.22.x network for both client and server, but it's going through Netbird as Relay. This is normal, as you're setting yourself up for failure. If you look at your routes (route print in cmd line), you'll see probably see 2 routes for 192.168.22.0. One with a metric of like 6, and one with a metric of like 271. The lower metric will win. I bet the gateway for that is your Netbird address. Due to this, all traffic for the 192.168.22.x range will go through netbird, as expected.

To get around this, you can do my earlier suggestions: Either don't allow clients on the 192.168.22.x range to connect with an ACL, or forgoe passing the network and just install netbird on everything.

This isn't so much a Netbird problem as an order of operations problem. The computer is doing exactly what it's told to.

[Nordlicht-13]

Netbird is installed on the ubuntu-server in the office, both, office-pc and server are the same net with netbird on it. I now added the office-pc to the office-lan network route (192.168.22.0/24). Now the connection type is P2P, but it's still slow. Is the transfer status showing the acual speed?

 office-pc.netbird.cloud:
  NetBird IP: 100.XXX.XXX.XXX
  Public key: XXXXXXXXXXXXXXXXXXXX
  Status: Connected
  -- detail --
  Connection type: P2P
  ICE candidate (Local/Remote): host/prflx
  ICE candidate endpoints (Local/Remote): 192.168.1.XX:51820/192.168.22.XXX:51820
  Relay server address: rels://streamline-de-fra1-0.relay.netbird.io:443
  Last connection update: 46 seconds ago
  Last WireGuard handshake: 1 minute, 33 seconds ago
  Transfer status (received/sent) 13.8 MiB/17.4 MiB
  Quantum resistance: false
  Networks: -
  Latency: 9.402827ms

ICE candidate endpoints are wrong. the 192.168.1.XX is for outgoing, 192.168.22.XXX is the local.

[1nerdyguy]

When yous ay you added the route, what do you mean?

Transfer status is literally what it says. It sent 13.8mb, recieved 17.4.

Can you do a netbird status -d on there?

Also, are you still connecting to the 192.168.22.x IP range, or are you connecting to thes servers Netbird IP?

[Nordlicht-13]

When yous ay you added the route, what do you mean?

I have 3 Network Routes office-lan - 192.168.22.0/24 office-dmz - 192.168.1.0/24 hoe-lan - 192.168.11.0/24

I added the Office-PC to the office-lan where I already had the server in.

Transfer status is literally what it says. It sent 13.8mb, recieved 17.4.

Can you do a netbird status -d on there?

OS: linux/amd64
Daemon version: 0.47.1
CLI version: 0.47.1
Management: Connected to https://api.netbird.io:443
Signal: Connected to https://signal.netbird.io:443
Relays:
  [stun:stun.netbird.io:5555] is Available
  [turns:turn.netbird.io:443?transport=tcp] is Available
  [rels://streamline-de-fra1-1.relay.netbird.io:443] is Available
Nameservers:
  [1.1.1.1:53, 1.0.0.1:53] for [.] is Available
FQDN: server.netbird.cloud
NetBird IP: 100.XXX.XXX.XXX/16
Interface type: Kernel
Quantum resistance: false
Lazy connection: false
Networks: 192.168.1.0/24, 192.168.22.0/24
Forwarding rules: 0
Peers count: 4/8 Connected

Also, are you still connecting to the 192.168.22.x IP range, or are you connecting to thes servers Netbird IP?

On the windows-client under networks I have: home-lan - 192.168.11.0/24 office-dmz - 192.168.1.0/24 UMC6302 - 192.168.1.88/32

Why is it on the 192.168.1.0/24 and not on the 192.168.22.0/24 network?

[1nerdyguy]

You didn't answer any of the questions. I have no idea what your 192.168.1. network is. Based on the naming convention, I'd say a grandstream PBX.

So, again:

If you're publishing a network through Netbird, all clients in that network will relay to each other. This is becuase the routing table will have a route for your local network with a lower metric (Higher priority) than your local LAN. So traffic from client to server would go up, out through whatever box you setup as the network, and relay that way.

Have you tried accessing the Server via the netbird IP, the 100.xx.x.xxx.xxx/16 IP listed there, or by the netbird FQDN?

[Nordlicht-13]

The 192.168.1 network is the network infront of the firewall with the router and grandstream PBX (192.168.1.88) The ubuntu-server with the netbird on it has the 192.168.22 network and a TrueNAS at home has the 192.168.11 network.

The Office-PC has a 192.168.22-IP and the server with netbird on it has also a 192.168.22-IP but the Office-PC connects locally to the 192.168.1 network.

[1nerdyguy]

Ok, you need to listen to what I'm saying.

You have clients in the 192.168.22.x range.

You are passing hte 192.168.22.x range via netbird.

AS SUCH, those clients will always use netbird to talk to the 192.168.22.x range. Becuase you have a route telling you to. if you, for example ,removed or changed ACLs so that network wasn't published to those clients via netbird, this problem goes away.

[Nordlicht-13]

Now I got a fast local connection again. But I still wondering what the difference between Resources under Networks and the Network Routes is.

[Nordlicht-13]

Still have the problem, that, when connected to NetBird, the local SMB-connection sometimes slows down. I have just 5-10 MB/sec writing and reading speed. When I disconnect from NetBird and Connect to NetBird again I get arround 115 MB/sec writing and reading speed.

[1nerdyguy]

I'd check if you're relaying during that slow down. And then determine why.

[MichaelUray]

I am having a similar issue. On my laptop is a Netbird client installed which connects to serveral subnets. The subnets (192.168.91.0/24) at home works fine via Netbird when I am outside. But when my laptop is connected to my home-network, then it should not take the way via Netbird, but via the direct LAN connection.

In my case it is worse, it establishs not a direct WG connection from my laptop to my OpenWRT router where the Netbird client for my home network runs on, but it sends the traffic via the relay to the Netbird server outside and then back into the LAN. I am actually able to establish a P2P connection from outside to the OpenWRT router, but it gets relayed inside the network for some reason.

C:\>route print -4 | findstr 192.168.91
          0.0.0.0          0.0.0.0   192.168.91.254   192.168.91.220    281
     192.168.91.0    255.255.255.0   Auf Verbindung    192.168.91.220    281
     192.168.91.0    255.255.255.0   Auf Verbindung    100.87.118.192      6
   192.168.91.220  255.255.255.255   Auf Verbindung    192.168.91.220    281
   192.168.91.255  255.255.255.255   Auf Verbindung    192.168.91.220    281
   192.168.91.255  255.255.255.255   Auf Verbindung    100.87.118.192    261
        224.0.0.0        240.0.0.0   Auf Verbindung    192.168.91.220    281
  255.255.255.255  255.255.255.255   Auf Verbindung    192.168.91.220    281

For me it helped to change the metric of the wt0 interface in Windows from automatic to 290, but after a re-connect of Netbird, the wt0 interface got deleted and re-created and that setting is gone.

C:\>route print -4 | findstr 192.168.91
          0.0.0.0          0.0.0.0   192.168.91.254   192.168.91.220    281
     192.168.91.0    255.255.255.0   Auf Verbindung    192.168.91.220    281
     192.168.91.0    255.255.255.0   Auf Verbindung    100.87.118.192    290
   192.168.91.220  255.255.255.255   Auf Verbindung    192.168.91.220    281
   192.168.91.255  255.255.255.255   Auf Verbindung    192.168.91.220    281
   192.168.91.255  255.255.255.255   Auf Verbindung    100.87.118.192    546
        224.0.0.0        240.0.0.0   Auf Verbindung    192.168.91.220    281
  255.255.255.255  255.255.255.255   Auf Verbindung    192.168.91.220    281

A LAN connection with the same subnet should have priority, or there should be at least a setting for the metric of the wt0 interface.