setup netbird client

netbird | pfsync | haproxy | nginx | client

warning // lessons learned

since we were telling the bastion systems to reach netbird server through static name resolution internally

10.1.0.27 keycloak.demo.nethence.com dnc-haproxy 10.1.0.27 netbird.demo.nethence.com dnc-haproxy

we also had to tune haproxy to pass-through signal grpc, which didn’t work well – this is why we used tcp mode for that one

requirements

    ping -c3 -W1 netbird.demo.nethence.com
nmap -p 443 netbird.demo.nethence.com
nmap -p 10000 netbird.demo.nethence.com # signal

    ping -c3 -W1 keycloak.demo.nethence.com
nmap -p 443 keycloak.demo.nethence.com

install

apt install ca-certificates curl gnupg1

ls -lF /usr/share/keyrings/netbird-archive-keyring.gpg # no exist
curl -sSL https://pkgs.netbird.io/debian/public.key | \
    gpg1 --dearmor > /usr/share/keyrings/netbird-archive-keyring.gpg
ls -lF /etc/apt/sources.list.d/netbird.list # no exist
cat > /etc/apt/sources.list.d/netbird.list  <<EOF
deb [signed-by=/usr/share/keyrings/netbird-archive-keyring.gpg] https://pkgs.netbird.io/debian stable main
EOF
apt update
apt install netbird

first-shot (init)

for casual end-user peers

netbird up \
    --management-url https://netbird.demo.nethence.com:443 \
    --admin-url https://netbird.demo.nethence.com:443

# doesn't seem to work
# --config /etc/netbird/demo.json

for bastion endpoints

netbird up \
    --management-url https://netbird.demo.nethence.com:443 \
    --admin-url https://netbird.demo.nethence.com:443 \
    --setup-key SETUP-KEY-HERE

and check

netbird status --detail
ifconfig wt0
ping 100.124.69.213

usage

thereafter

netbird down
netbird up

ready to go

you are now ready to setup network routes in the UI and make the whole thing actually useful.

troubleshooting

during install.sh

Error: status failed: failed while getting Management Service public key: failed while getting Management Service public key

==> fix mgmt endpoint

during up

Unknown desc = failed while getting Management Service public key

==> idem

right after success connect

    Error: status failed: failed connecting to Signal Service : context deadline exceeded

==> …

Peers count: 0/0 Connected

==> wg port reachable or at least relay (turn) ?

resources

https://app.netbird.io/install

https://docs.netbird.io/how-to/getting-started#installation

https://docs.netbird.io/how-to/add-machines-to-your-network

https://docs.netbird.io/how-to/register-machines-using-setup-keys

https://docs.netbird.io/how-to/add-users-to-your-network

network routes

https://docs.netbird.io/how-to/routing-traffic-to-private-networks

troubles

context deadline exceeded

https://github.com/netbirdio/netbird/issues/1656


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2024 Pierre-Philipp Braun