Is there any eta (or any plans) for the option to choose an arbitrary subnet for the networks?
Thank you so much for mentioning us!
You are building such a great product (which I use privately) that it makes us proud to be part of it.
The true power of OSS at work here.
I noticed GitHub - netbirdio/dashboard: NetBird Management Service Web UI Panel still mentions Auth0, is the Dashboard project a different consideration?
Removed the free SaaS tier with little warning.
SSO
Say I have a number of servers, providing services and permanently connected to each other in a partial mesh using tokens.
Then I have a number of users, who use devices to access the network. I might want company devices always connected to a particular cluster in the Netbird network (for management, security, and posture check reasons). Then a user logs in to the SSO from that device and then can access the list of services (a group, perhaps) they’re entitled to connect to over the Netbird network. The admin console would show a named user logged in to a device.
At the moment, as far as I can tell, you basically treat a device (Netbird client) as a user, whereas normally there would be a concept of a user with entitlements, separate from the device they are on.
Visualisation
In the example above, I might have several database servers, several middleware, several web servers. I want to microsegment. App A uses a web server, middleware, and a database, so I define that as a group but write an ACL such that the web server can only connect to the specified middleware server, and never the database server directly, and the database can only be connected to by the middleware. Then say I have 10 more applications using different combinations of web servers, databases, and middleware, all of which I define different groups and ACLs for.
At some point this web of dependencies becomes hard to visualise so it would be nice to have a diagram where you can see the estate topology and say, mouse over a given node and see which servers it is currently allowed to connect to, what groups it is a member of, etc. If you want to be fancy you could also show the current traffic volume to each connected node.
Fantastic, that sounds similar to what zerotier and tailscale does but self-hosted
Hey, just wanted to let you know we recently made PostgreSQL the default 
(cockroach is still supported though)
We even wrote a brief blog about some of our reasons
https://zitadel.com/blog/move-to-postgresql
Got it. Then you may be interested in zrok.io. It is an easy-sharing platform (files, tunnels, reverse proxy, etc) which is open source and has a completely free SaaS. It includes security features/hardening of the frontend - https://blog.openziti.io/zrok-frontdoor. It has Caddy embedded inside it, too, if you want to utilise proxy capabilities.
zrok is built on top of open source OpenZiti, which is a zero trust network overlay - OpenZiti · GitHub.
I see! Thanks for the input. I was gonna replace Taikscale for it, because it was making more direct connections on my testing, but I figured out how to make TS perform the p2p that I was needing, so I didn’t do it yet. I will probably wait a few more months before trying this out.
Some, thats the keyword 
NetBird has full-featured UI + SSO and MFA. Not sure if ZeroTier supports in in the open-source version (correct me if I’m wrong here).
And with kernel WireGuard support Cheers!
Openziti looks cool but its very overkill to setup on each of its components . Netbird although have less features it’s extremely easy to setup .
Headscale is definitely more stable at the moment, but once NetBird irons out some of these issues that are significantly annoying to me, I think they’ll be the best on the market.
Hi! I a also would like to improve the p2p performance on Tailscale. What did you do exactly? My connections are way slower then in netbird.
I would also express my gratitude to the wonderful job you are doing with netbird, especially leaving it oss . The integration with zitadel is a huge win point that let netbird wins every comparison with other oss network overlay software . I just hope you don’t decide to close or delete features from Oss version in order to enhance the enterprise version.
It could well be easier to setup Netbird vs OpenZiti, I have never tried the former. Once Ziti is setup, it’s very easy to use and manage. More important (at least in my opinion) is that Ziti does zero trust properly with a focus on connection services rather than hosts while using strong crypto rather than weak network identifiers.
For the few hours I used NetBird I definitely feel that way too!
How slow are we talking about? Compared to Tailscale and “raw”?
I tested it using iperf and when I can reach around 100Mbit on Netbird, in tailscale I reach around 15 Mbit.
With direct connections? Are you 100% they are not being relayed? Because it sounds like. Depending on the uplink on the otherside, I can easily reach 300Mbps. I tested on a VM about 100km of me, on Oracle.
$:~# iperf3 -c 100.94.239.28
Connecting to host 100.94.239.28, port 5201
[ 5] local 100.100.230.12 port 53618 connected to 100.94.239.28 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 67.8 MBytes 568 Mbits/sec 4779 168 KBytes
[ 5] 1.00-2.00 sec 32.5 MBytes 273 Mbits/sec 5 223 KBytes
[ 5] 2.00-3.00 sec 30.0 MBytes 252 Mbits/sec 54 217 KBytes
[ 5] 3.00-4.00 sec 30.0 MBytes 252 Mbits/sec 93 201 KBytes
[ 5] 4.00-5.00 sec 32.5 MBytes 273 Mbits/sec 36 179 KBytes
[ 5] 5.00-6.00 sec 33.8 MBytes 283 Mbits/sec 92 159 KBytes
[ 5] 6.00-7.00 sec 32.5 MBytes 273 Mbits/sec 14 188 KBytes
[ 5] 7.00-8.00 sec 26.2 MBytes 220 Mbits/sec 35 211 KBytes
[ 5] 8.00-9.00 sec 35.0 MBytes 294 Mbits/sec 110 181 KBytes
[ 5] 9.00-10.00 sec 32.5 MBytes 273 Mbits/sec 62 115 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 353 MBytes 296 Mbits/sec 5280 sender
[ 5] 0.00-10.04 sec 349 MBytes 292 Mbits/sec receiver
iperf Done.
$:~# iperf3 -c 100.94.239.28 -R
Connecting to host 100.94.239.28, port 5201
Reverse mode, remote host 100.94.239.28 is sending
[ 5] local 100.100.230.12 port 35872 connected to 100.94.239.28 port 5201
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 39.8 MBytes 334 Mbits/sec
[ 5] 1.00-2.00 sec 38.6 MBytes 324 Mbits/sec
[ 5] 2.00-3.00 sec 38.2 MBytes 321 Mbits/sec
[ 5] 3.00-4.00 sec 34.8 MBytes 292 Mbits/sec
[ 5] 4.00-5.00 sec 37.5 MBytes 314 Mbits/sec
[ 5] 5.00-6.00 sec 37.4 MBytes 313 Mbits/sec
[ 5] 6.00-7.00 sec 37.0 MBytes 310 Mbits/sec
[ 5] 7.00-8.00 sec 35.0 MBytes 293 Mbits/sec
[ 5] 8.00-9.00 sec 34.0 MBytes 286 Mbits/sec
[ 5] 9.00-10.00 sec 36.6 MBytes 307 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.06 sec 371 MBytes 309 Mbits/sec 590 sender
[ 5] 0.00-10.00 sec 369 MBytes 310 Mbits/sec receiver