SVI/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-06-10 17:31:53 -04:00
Code Issues 3.0k Packages Projects Releases 10 Wiki Activity

Can't use NetBird as a network gateway #1694

New Issue
Open
opened 2025-11-20 06:04:54 -05:00 by saavagebueno · 6 comments
saavagebueno commented 2025-11-20 06:04:54 -05:00
Owner
Copy Link

Originally created by @netandreus on GitHub (Mar 11, 2025).

Describe the problem

I can't use Netbird peer as network gateway for other network device.

To Reproduce

I have three virtual machines. All are Ubuntu 24.04 Server.

  1. VM "bs0" with this network config.
yaml
andrey@bs0-trs-internal:~$ sudo cat /etc/netplan/50-cloud-init.yaml
# This file is generated from information provided by the datasource.  Changes
# to it will not persist across an instance reboot.  To disable cloud-init's
# network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
    ethernets:
        ens33:
            addresses:
            - 10.10.109.22/24
            nameservers:
                addresses:
                - 8.8.8.8
                search:
                - trs.internal
            routes:
            -   to: default
                via: 10.10.109.24
    version: 2

And here are network interfaces:

andrey@bs0-trs-internal:~$ ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.10.109.22  netmask 255.255.255.0  broadcast 10.10.109.255
        inet6 fe80::250:56ff:feb6:9fce  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:b6:9f:ce  txqueuelen 1000  (Ethernet)
        RX packets 479547  bytes 333932693 (333.9 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 321833  bytes 707927397 (707.9 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 2598  bytes 250957 (250.9 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2598  bytes 250957 (250.9 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
  1. VM "bs1r" with this network config:
andrey@bs1r-trs-internal:~$ sudo cat /etc/netplan/50-cloud-init.yaml
# This file is generated from information provided by the datasource.  Changes
# to it will not persist across an instance reboot.  To disable cloud-init's
# network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
    ethernets:
        ens33:
            addresses:
            - 10.10.109.24/24
            nameservers:
                addresses:
                - 10.10.109.1
                search:
                - trs.internal
            routes:
            -   to: default
                via: 10.10.109.1
    version: 2

At this machine there is NetBird peer installed:

andrey@bs1r-trs-internal:~$ netbird status
OS: linux/amd64
Daemon version: 0.37.1
CLI version: 0.37.1
Management: Connected
Signal: Connected
Relays: 3/3 Available
Nameservers: 1/1 Available
FQDN: bs1r-trs-internal.netbird.selfhosted
NetBird IP: 100.81.164.248/16
Interface type: Kernel
Quantum resistance: false
Networks: -
Peers count: 31/57 Connected

And there are these NetBird routes:

andrey@bs1r-trs-internal:~$ netbird routes list
Available Networks:

  - ID: ae-exit-74.243.215.202
    Network: 0.0.0.0/0
    Status: Selected

And here are network interfaces:

andrey@bs1r-trs-internal:~$ ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 9a:da:cf:ad:66:35  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.10.109.24  netmask 255.255.255.0  broadcast 10.10.109.255
        inet6 fe80::250:56ff:feb6:bb4d  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:b6:bb:4d  txqueuelen 1000  (Ethernet)
        RX packets 14904366  bytes 10666330131 (10.6 GB)
        RX errors 0  dropped 172  overruns 0  frame 0
        TX packets 11932680  bytes 6909329801 (6.9 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 7118966  bytes 5752191056 (5.7 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 7118966  bytes 5752191056 (5.7 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wt0: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 1384
        inet 100.81.164.248  netmask 255.255.0.0  destination 100.81.164.248
        inet6 fe80::ea03:5a55:79f1:bae8  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 1000  (UNSPEC)
        RX packets 3516416  bytes 2724792460 (2.7 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3440308  bytes 2817481794 (2.8 GB)
        TX errors 9  dropped 2576 overruns 0  carrier 0  collisions 0

This machine is network router for the "bs0" machine.

  1. VM "ae-vm-1" also with NetBird peer installed.
admin@ae-vm-1:~$ netbird status
OS: linux/amd64
Daemon version: 0.37.1
CLI version: 0.37.1
Management: Connected
Signal: Connected
Relays: 3/3 Available
Nameservers: 1/1 Available
FQDN: ae-treasury-outgoing-vm-1.netbird.selfhosted
NetBird IP: 100.81.53.210/16
Interface type: Kernel
Quantum resistance: false
Networks: 0.0.0.0/0
Peers count: 31/57 Connected

And here are netowrk interfaces:

admin@ae-vm-1:~$ ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        inet6 fe80::9086:f7ff:fe2d:b896  prefixlen 64  scopeid 0x20<link>
        ether 92:86:f7:2d:b8:96  txqueuelen 0  (Ethernet)
        RX packets 34772  bytes 1905193 (1.9 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 44942  bytes 395287698 (395.2 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enP12168s2: flags=6211<UP,BROADCAST,RUNNING,SLAVE,MULTICAST>  mtu 1500
        inet6 fe80::222:48ff:fecc:2036  prefixlen 64  scopeid 0x20<link>
        ether 00:22:48:cc:20:36  txqueuelen 1000  (Ethernet)
        RX packets 21294698  bytes 6504591777 (6.5 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 18794084  bytes 5287490289 (5.2 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enP14330s1: flags=6211<UP,BROADCAST,RUNNING,SLAVE,MULTICAST>  mtu 1500
        inet6 fe80::222:48ff:fecc:2623  prefixlen 64  scopeid 0x20<link>
        ether 00:22:48:cc:26:23  txqueuelen 1000  (Ethernet)
        RX packets 12986714  bytes 4396480515 (4.3 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 17876405  bytes 4436525155 (4.4 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enP19503s3: flags=6211<UP,BROADCAST,RUNNING,SLAVE,MULTICAST>  mtu 1500
        inet6 fe80::222:48ff:fecc:2c19  prefixlen 64  scopeid 0x20<link>
        ether 00:22:48:cc:2c:19  txqueuelen 1000  (Ethernet)
        RX packets 16468721  bytes 2103058928 (2.1 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 14150214  bytes 1834584933 (1.8 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.50.4  netmask 255.255.255.0  broadcast 10.0.50.255
        inet6 fe80::222:48ff:fecc:2623  prefixlen 64  scopeid 0x20<link>
        ether 00:22:48:cc:26:23  txqueuelen 1000  (Ethernet)
        RX packets 11897638  bytes 4158037151 (4.1 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 17338323  bytes 4400844535 (4.4 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.51.4  netmask 255.255.255.0  broadcast 10.0.51.255
        inet6 fe80::222:48ff:fecc:2036  prefixlen 64  scopeid 0x20<link>
        ether 00:22:48:cc:20:36  txqueuelen 1000  (Ethernet)
        RX packets 20000229  bytes 6143831007 (6.1 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 17873159  bytes 5224930016 (5.2 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.52.4  netmask 255.255.255.0  broadcast 10.0.52.255
        inet6 fe80::222:48ff:fecc:2c19  prefixlen 64  scopeid 0x20<link>
        ether 00:22:48:cc:2c:19  txqueuelen 1000  (Ethernet)
        RX packets 16414594  bytes 1869682880 (1.8 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 14149935  bytes 1834545721 (1.8 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 3833932  bytes 2082257311 (2.0 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3833932  bytes 2082257311 (2.0 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

public_2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.32.0.1  netmask 255.255.255.0  broadcast 172.32.0.255
        inet6 fe80::c0d4:c5ff:fe5f:350f  prefixlen 64  scopeid 0x20<link>
        ether c2:d4:c5:5f:35:0f  txqueuelen 0  (Ethernet)
        RX packets 18371488  bytes 5238561505 (5.2 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 20404196  bytes 6468735097 (6.4 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

public_3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.33.0.1  netmask 255.255.255.0  broadcast 172.33.0.255
        inet6 fe80::98ea:5dff:fe66:667d  prefixlen 64  scopeid 0x20<link>
        ether 9a:ea:5d:66:66:7d  txqueuelen 0  (Ethernet)
        RX packets 14522942  bytes 1677643979 (1.6 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 16751659  bytes 2140818545 (2.1 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vethb89554d: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::5cf3:66ff:fe05:de11  prefixlen 64  scopeid 0x20<link>
        ether 5e:f3:66:05:de:11  txqueuelen 0  (Ethernet)
        RX packets 1801022  bytes 235898745 (235.8 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2059453  bytes 559160045 (559.1 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vethf1a6816: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::58a0:28ff:fe42:e262  prefixlen 64  scopeid 0x20<link>
        ether 5a:a0:28:42:e2:62  txqueuelen 0  (Ethernet)
        RX packets 1669966  bytes 214558796 (214.5 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1933804  bytes 284341260 (284.3 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wt0: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 1384
        inet 100.81.53.210  netmask 255.255.0.0  destination 100.81.53.210
        inet6 fe80::382e:a357:b78:3b44  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 1000  (UNSPEC)
        RX packets 1733425  bytes 1136080958 (1.1 GB)
        RX errors 17  dropped 0  overruns 0  frame 17
        TX packets 1562510  bytes 785332432 (785.3 MB)
        TX errors 9  dropped 1046 overruns 0  carrier 0  collisions 0

This VM is exit node form the "bs1r" machine.

My problem is that there is no proper Internet connection on the "bs0" machine.

Here are some test results from the "bs0" machine:

andrey@bs0-trs-internal:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=50 time=42.3 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=50 time=43.4 ms
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 42.323/42.876/43.430/0.553 ms
andrey@bs0-trs-internal:~$ sudo speedtest-cli --secure
Retrieving speedtest.net configuration...
Testing from Microsoft Azure (74.243.215.202)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by Batelco by Beyon (Budaiya) [12170.04 km]: 47.864 ms
Testing download speed................................................................................
Download: 0.00 Mbit/s
Testing upload speed......................................................................................................
Upload: 59.89 Mbit/s
andrey@bs0-trs-internal:~$ sudo speedtest-cli
Retrieving speedtest.net configuration...
Cannot retrieve speedtest configuration
ERROR: timed out
andrey@bs0-trs-internal:~$

How can I proper organize connection from the "bs0" (10.10.109.22) to the Internet through the "bs1r" (10.10.109.24) using "ae-vm-1" as an exit node? Because now I can't use machine with NetBird "bs1r" as network Gateway, as there is no Internet there.

Expected behavior

Working Internet on the "bs0" VM, traffic goes through "bs1r" with exit node "ae-vm-1".

Are you using NetBird Cloud?

I use self-hosted version.

NetBird version

0.37.1 but I also trird 0.38

Is any other VPN software installed?

No

Screenshots

Image

Additional context

Add any other context about the problem here.

Have you tried these troubleshooting steps?

  • Checked for newer NetBird versions
  • Searched for similar issues on GitHub (including closed ones)
  • Restarted the NetBird client
  • Disabled other VPN software
  • Checked firewall settings
Originally created by @netandreus on GitHub (Mar 11, 2025). **Describe the problem** I can't use Netbird peer as network gateway for other network device. **To Reproduce** I have three virtual machines. All are Ubuntu 24.04 Server. 1. VM "bs0" with this network config. ``` yaml andrey@bs0-trs-internal:~$ sudo cat /etc/netplan/50-cloud-init.yaml # This file is generated from information provided by the datasource. Changes # to it will not persist across an instance reboot. To disable cloud-init's # network configuration capabilities, write a file # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following: # network: {config: disabled} network: ethernets: ens33: addresses: - 10.10.109.22/24 nameservers: addresses: - 8.8.8.8 search: - trs.internal routes: - to: default via: 10.10.109.24 version: 2 ``` And here are network interfaces: ```bash andrey@bs0-trs-internal:~$ ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.10.109.22 netmask 255.255.255.0 broadcast 10.10.109.255 inet6 fe80::250:56ff:feb6:9fce prefixlen 64 scopeid 0x20<link> ether 00:50:56:b6:9f:ce txqueuelen 1000 (Ethernet) RX packets 479547 bytes 333932693 (333.9 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 321833 bytes 707927397 (707.9 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 2598 bytes 250957 (250.9 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 2598 bytes 250957 (250.9 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ``` 2. VM "bs1r" with this network config: ```yaml andrey@bs1r-trs-internal:~$ sudo cat /etc/netplan/50-cloud-init.yaml # This file is generated from information provided by the datasource. Changes # to it will not persist across an instance reboot. To disable cloud-init's # network configuration capabilities, write a file # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following: # network: {config: disabled} network: ethernets: ens33: addresses: - 10.10.109.24/24 nameservers: addresses: - 10.10.109.1 search: - trs.internal routes: - to: default via: 10.10.109.1 version: 2 ``` At this machine there is NetBird peer installed: ```bash andrey@bs1r-trs-internal:~$ netbird status OS: linux/amd64 Daemon version: 0.37.1 CLI version: 0.37.1 Management: Connected Signal: Connected Relays: 3/3 Available Nameservers: 1/1 Available FQDN: bs1r-trs-internal.netbird.selfhosted NetBird IP: 100.81.164.248/16 Interface type: Kernel Quantum resistance: false Networks: - Peers count: 31/57 Connected ``` And there are these NetBird routes: ```bash andrey@bs1r-trs-internal:~$ netbird routes list Available Networks: - ID: ae-exit-74.243.215.202 Network: 0.0.0.0/0 Status: Selected ``` And here are network interfaces: ```bash andrey@bs1r-trs-internal:~$ ifconfig docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255 ether 9a:da:cf:ad:66:35 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.10.109.24 netmask 255.255.255.0 broadcast 10.10.109.255 inet6 fe80::250:56ff:feb6:bb4d prefixlen 64 scopeid 0x20<link> ether 00:50:56:b6:bb:4d txqueuelen 1000 (Ethernet) RX packets 14904366 bytes 10666330131 (10.6 GB) RX errors 0 dropped 172 overruns 0 frame 0 TX packets 11932680 bytes 6909329801 (6.9 GB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 7118966 bytes 5752191056 (5.7 GB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 7118966 bytes 5752191056 (5.7 GB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 wt0: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1384 inet 100.81.164.248 netmask 255.255.0.0 destination 100.81.164.248 inet6 fe80::ea03:5a55:79f1:bae8 prefixlen 64 scopeid 0x20<link> unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC) RX packets 3516416 bytes 2724792460 (2.7 GB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 3440308 bytes 2817481794 (2.8 GB) TX errors 9 dropped 2576 overruns 0 carrier 0 collisions 0 ``` This machine is network router for the "bs0" machine. 3. VM "ae-vm-1" also with NetBird peer installed. ```bash admin@ae-vm-1:~$ netbird status OS: linux/amd64 Daemon version: 0.37.1 CLI version: 0.37.1 Management: Connected Signal: Connected Relays: 3/3 Available Nameservers: 1/1 Available FQDN: ae-treasury-outgoing-vm-1.netbird.selfhosted NetBird IP: 100.81.53.210/16 Interface type: Kernel Quantum resistance: false Networks: 0.0.0.0/0 Peers count: 31/57 Connected ``` And here are netowrk interfaces: ```bash admin@ae-vm-1:~$ ifconfig docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255 inet6 fe80::9086:f7ff:fe2d:b896 prefixlen 64 scopeid 0x20<link> ether 92:86:f7:2d:b8:96 txqueuelen 0 (Ethernet) RX packets 34772 bytes 1905193 (1.9 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 44942 bytes 395287698 (395.2 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 enP12168s2: flags=6211<UP,BROADCAST,RUNNING,SLAVE,MULTICAST> mtu 1500 inet6 fe80::222:48ff:fecc:2036 prefixlen 64 scopeid 0x20<link> ether 00:22:48:cc:20:36 txqueuelen 1000 (Ethernet) RX packets 21294698 bytes 6504591777 (6.5 GB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 18794084 bytes 5287490289 (5.2 GB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 enP14330s1: flags=6211<UP,BROADCAST,RUNNING,SLAVE,MULTICAST> mtu 1500 inet6 fe80::222:48ff:fecc:2623 prefixlen 64 scopeid 0x20<link> ether 00:22:48:cc:26:23 txqueuelen 1000 (Ethernet) RX packets 12986714 bytes 4396480515 (4.3 GB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 17876405 bytes 4436525155 (4.4 GB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 enP19503s3: flags=6211<UP,BROADCAST,RUNNING,SLAVE,MULTICAST> mtu 1500 inet6 fe80::222:48ff:fecc:2c19 prefixlen 64 scopeid 0x20<link> ether 00:22:48:cc:2c:19 txqueuelen 1000 (Ethernet) RX packets 16468721 bytes 2103058928 (2.1 GB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 14150214 bytes 1834584933 (1.8 GB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.50.4 netmask 255.255.255.0 broadcast 10.0.50.255 inet6 fe80::222:48ff:fecc:2623 prefixlen 64 scopeid 0x20<link> ether 00:22:48:cc:26:23 txqueuelen 1000 (Ethernet) RX packets 11897638 bytes 4158037151 (4.1 GB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 17338323 bytes 4400844535 (4.4 GB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.51.4 netmask 255.255.255.0 broadcast 10.0.51.255 inet6 fe80::222:48ff:fecc:2036 prefixlen 64 scopeid 0x20<link> ether 00:22:48:cc:20:36 txqueuelen 1000 (Ethernet) RX packets 20000229 bytes 6143831007 (6.1 GB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 17873159 bytes 5224930016 (5.2 GB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.52.4 netmask 255.255.255.0 broadcast 10.0.52.255 inet6 fe80::222:48ff:fecc:2c19 prefixlen 64 scopeid 0x20<link> ether 00:22:48:cc:2c:19 txqueuelen 1000 (Ethernet) RX packets 16414594 bytes 1869682880 (1.8 GB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 14149935 bytes 1834545721 (1.8 GB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 3833932 bytes 2082257311 (2.0 GB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 3833932 bytes 2082257311 (2.0 GB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 public_2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.32.0.1 netmask 255.255.255.0 broadcast 172.32.0.255 inet6 fe80::c0d4:c5ff:fe5f:350f prefixlen 64 scopeid 0x20<link> ether c2:d4:c5:5f:35:0f txqueuelen 0 (Ethernet) RX packets 18371488 bytes 5238561505 (5.2 GB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 20404196 bytes 6468735097 (6.4 GB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 public_3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.33.0.1 netmask 255.255.255.0 broadcast 172.33.0.255 inet6 fe80::98ea:5dff:fe66:667d prefixlen 64 scopeid 0x20<link> ether 9a:ea:5d:66:66:7d txqueuelen 0 (Ethernet) RX packets 14522942 bytes 1677643979 (1.6 GB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 16751659 bytes 2140818545 (2.1 GB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 vethb89554d: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::5cf3:66ff:fe05:de11 prefixlen 64 scopeid 0x20<link> ether 5e:f3:66:05:de:11 txqueuelen 0 (Ethernet) RX packets 1801022 bytes 235898745 (235.8 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 2059453 bytes 559160045 (559.1 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 vethf1a6816: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::58a0:28ff:fe42:e262 prefixlen 64 scopeid 0x20<link> ether 5a:a0:28:42:e2:62 txqueuelen 0 (Ethernet) RX packets 1669966 bytes 214558796 (214.5 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1933804 bytes 284341260 (284.3 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 wt0: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1384 inet 100.81.53.210 netmask 255.255.0.0 destination 100.81.53.210 inet6 fe80::382e:a357:b78:3b44 prefixlen 64 scopeid 0x20<link> unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC) RX packets 1733425 bytes 1136080958 (1.1 GB) RX errors 17 dropped 0 overruns 0 frame 17 TX packets 1562510 bytes 785332432 (785.3 MB) TX errors 9 dropped 1046 overruns 0 carrier 0 collisions 0 ``` This VM is exit node form the "bs1r" machine. My problem is that there is no proper Internet connection on the "bs0" machine. Here are some test results from the "bs0" machine: ```bash andrey@bs0-trs-internal:~$ ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=50 time=42.3 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=50 time=43.4 ms ^C --- 8.8.8.8 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 42.323/42.876/43.430/0.553 ms andrey@bs0-trs-internal:~$ sudo speedtest-cli --secure Retrieving speedtest.net configuration... Testing from Microsoft Azure (74.243.215.202)... Retrieving speedtest.net server list... Selecting best server based on ping... Hosted by Batelco by Beyon (Budaiya) [12170.04 km]: 47.864 ms Testing download speed................................................................................ Download: 0.00 Mbit/s Testing upload speed...................................................................................................... Upload: 59.89 Mbit/s andrey@bs0-trs-internal:~$ sudo speedtest-cli Retrieving speedtest.net configuration... Cannot retrieve speedtest configuration ERROR: timed out andrey@bs0-trs-internal:~$ ``` How can I proper organize connection from the "bs0" (10.10.109.22) to the Internet through the "bs1r" (10.10.109.24) using "ae-vm-1" as an exit node? Because now I can't use machine with NetBird "bs1r" as network Gateway, as there is no Internet there. **Expected behavior** Working Internet on the "bs0" VM, traffic goes through "bs1r" with exit node "ae-vm-1". **Are you using NetBird Cloud?** I use self-hosted version. **NetBird version** 0.37.1 but I also trird 0.38 **Is any other VPN software installed?** No **Screenshots** <img width="866" alt="Image" src="https://github.com/user-attachments/assets/933dd34d-7fdb-43d2-98d0-aa9fdb55d945" /> **Additional context** Add any other context about the problem here. **Have you tried these troubleshooting steps?** - [x] Checked for newer NetBird versions - [x] Searched for similar issues on GitHub (including closed ones) - [x] Restarted the NetBird client - [x] Disabled other VPN software - [x] Checked firewall settings
saavagebueno added the triage-needed label 2025-11-20 06:04:54 -05:00
saavagebueno commented 2025-11-20 06:04:55 -05:00
Author
Owner
Copy Link

@Gauss23 commented on GitHub (Mar 11, 2025):

My initial comment was making wrong assumptions.

I would add SNAT on the bs1r wt0 interface for packets coming from bs0

@Gauss23 commented on GitHub (Mar 11, 2025): My initial comment was making wrong assumptions. I would add SNAT on the bs1r wt0 interface for packets coming from bs0
saavagebueno commented 2025-11-20 06:04:55 -05:00
Author
Owner
Copy Link

@netandreus commented on GitHub (Mar 11, 2025):

Possible solution

You should do this at every netbird peers in you chain.

sudo ip link set dev wt0 mtu 1380
sudo iptables -t mangle -A POSTROUTING -o wt0 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1340

But how to make it permanent?

@netandreus commented on GitHub (Mar 11, 2025): **Possible solution** You should do this at every netbird peers in you chain. ``` sudo ip link set dev wt0 mtu 1380 sudo iptables -t mangle -A POSTROUTING -o wt0 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1340 ``` But how to make it permanent?
saavagebueno commented 2025-11-20 06:04:55 -05:00
Author
Owner
Copy Link

@GandiKB commented on GitHub (Mar 11, 2025):

Possibly related.
https://github.com/netbirdio/netbird/issues/3299

@GandiKB commented on GitHub (Mar 11, 2025): Possibly related. https://github.com/netbirdio/netbird/issues/3299
saavagebueno commented 2025-11-20 06:04:55 -05:00
Author
Owner
Copy Link

@lixmal commented on GitHub (Mar 12, 2025):

@netandreus you have raised the MTU before the test manually?
We don't currently implement mss clamping because we don't support custom MTUs either.

Maybe it's worth for you investigating why path mtu discovery doesn't work.

@lixmal commented on GitHub (Mar 12, 2025): @netandreus you have raised the MTU before the test manually? We don't currently implement mss clamping because we don't support custom MTUs either. Maybe it's worth for you investigating why path mtu discovery doesn't work.
saavagebueno commented 2025-11-20 06:04:56 -05:00
Author
Owner
Copy Link

@netandreus commented on GitHub (Mar 13, 2025):

I'm just running speedtest for testing in this schema: [ client VM -> gateway (netbird) -> peer (netbird) -> public_ip ]. And all problems are that I can't pass traffic from client VM to NetBird VPN tunnel by the MTU.

Now I'm starting to use this workaround:

netbird-poststart.sh

#!/bin/bash
ip link set dev wt0 mtu 1380
iptables -t mangle -A POSTROUTING -o wt0 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1340

netbird-poststart.service

[Unit]
Description=Post Netbird Startup Configuration
After=netbird.service
Wants=netbird.service

[Service]
Type=oneshot
ExecStart=/home/admin/trmg-mpls/current/host/netbird-poststart/netbird-poststart.sh
RemainAfterExit=true
User=root

[Install]
WantedBy=multi-user.target

But I think it will be much easier if there is such feature (adjust mtu and mss) on the NetBird itself.

@netandreus commented on GitHub (Mar 13, 2025): I'm just running speedtest for testing in this schema: [ client VM -> gateway (netbird) -> peer (netbird) -> public_ip ]. And all problems are that I can't pass traffic from client VM to NetBird VPN tunnel by the MTU. Now I'm starting to use this workaround: **netbird-poststart.sh** ```bash #!/bin/bash ip link set dev wt0 mtu 1380 iptables -t mangle -A POSTROUTING -o wt0 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1340 ``` **netbird-poststart.service** ```bash [Unit] Description=Post Netbird Startup Configuration After=netbird.service Wants=netbird.service [Service] Type=oneshot ExecStart=/home/admin/trmg-mpls/current/host/netbird-poststart/netbird-poststart.sh RemainAfterExit=true User=root [Install] WantedBy=multi-user.target ``` But I think it will be much easier if there is such feature (adjust mtu and mss) on the NetBird itself.
saavagebueno commented 2025-11-20 06:04:56 -05:00
Author
Owner
Copy Link

@netandreus commented on GitHub (Apr 6, 2025):

I'm testing Windows VM as a client and NetBird peer as a default network gateway for it.

[ OK ] Windows: 1200 Ubuntu (router): 1380 (default) Speedtest: Download: 62 Upload: 71
[ OK ] Windows: 1220 Uubntu (router): 1380 (default) Speedtest: Download: 68 Upload: 62
[ OK ] Windows: 1240 Ubuntu (router): 1380 (default) Speedtest: Download: 49 Upload: 67
[ OK ] Windows: 1260 Ubuntu (router): 1380 (default) Speedtest: Download: 59 Upload: 62
[ OK ] Windows: 1280 Ubuntu (router): 1380 (default) Speedtest: Download: 39 Upload: 71
[Err]  Windows: 1300 Ubuntu (router): 1380 (default) Speedtest: Download: 57 Upload: 57
[Err]  Windows: 1320 Ubuntu (router): 1380 (default) Speedtest: Download: 33 Upload: 58
[Err]  Windows: 1340 Ubuntu (router): 1380 (default) Speedtest: Download: 42 Upload: 62
[Err]  Windows: 1360 Ubuntu (router): 1380 (default) Speedtest: Download: 70 Upload: 63
[Err]  Windows: 1380 Ubuntu (router): 1380 (default) Speedtest: Download: 26 Upload: 73

Best MTU value for Windows VM is 1220.

Check interface name on Windows:

netsh interface ipv4 show subinterfaces

Set MTU for Windows network interface:

netsh interface ipv4 set subinterface "Ethernet0" mtu=1220 store=persistent
@netandreus commented on GitHub (Apr 6, 2025): I'm testing Windows VM as a client and NetBird peer as a default network gateway for it. ``` [ OK ] Windows: 1200 Ubuntu (router): 1380 (default) Speedtest: Download: 62 Upload: 71 [ OK ] Windows: 1220 Uubntu (router): 1380 (default) Speedtest: Download: 68 Upload: 62 [ OK ] Windows: 1240 Ubuntu (router): 1380 (default) Speedtest: Download: 49 Upload: 67 [ OK ] Windows: 1260 Ubuntu (router): 1380 (default) Speedtest: Download: 59 Upload: 62 [ OK ] Windows: 1280 Ubuntu (router): 1380 (default) Speedtest: Download: 39 Upload: 71 [Err] Windows: 1300 Ubuntu (router): 1380 (default) Speedtest: Download: 57 Upload: 57 [Err] Windows: 1320 Ubuntu (router): 1380 (default) Speedtest: Download: 33 Upload: 58 [Err] Windows: 1340 Ubuntu (router): 1380 (default) Speedtest: Download: 42 Upload: 62 [Err] Windows: 1360 Ubuntu (router): 1380 (default) Speedtest: Download: 70 Upload: 63 [Err] Windows: 1380 Ubuntu (router): 1380 (default) Speedtest: Download: 26 Upload: 73 ``` Best MTU value for Windows VM is 1220. **Check interface name on Windows:** ``` netsh interface ipv4 show subinterfaces ``` **Set MTU for Windows network interface:** ``` netsh interface ipv4 set subinterface "Ethernet0" mtu=1220 store=persistent ```
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
2021 Q4
2022 Q1
2022 Q1
accessibility
acl
agent
agent
Android
Android
api
authentik
automation
azure
battery-usage
bug
cache
client
client-ui
cloud
cloud-only
cloudflare
community
compatibility
config-idp
config-issue
connection
contribution
coturn
cross-vpn
dashboard
data-usage
distribution
dns
docker
documentation
duplicate
enhancement
enhancement
event-stream
feature-request
freebsd
getting-started
go
good first issue
gui
help wanted
home-assistant
idp
inconsistency
integration
integrations
ios
ipv6
jwt
k8s
keycloak
linux
login
macos
management-service
missing-docs
mobile
moved-internal
needs-review
netbird-ui
networking
new-platform
nginx
notification
okta
openwrt
packaging
peer-management
peer-management
peer-management
performance
postgres
posture-checks
psk
pull-request
Mirrored from GitHub Pull Request
 question
refactor
relay
release
rfc
routes
security
security-related
self-hosting
server
signal
sleep-issue
ssh
ssl
status
store
synology
system-compatibility-issue
test-suite
third-party-integration
triage
triage-needed
troubleshooting
UX
waiting-feedback
windows
wontfix
zitadel
No Label triage-needed
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
saavagebueno
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: SVI/netbird#1694
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?