Slow connection on local network SMB-Share #1874

New Issue

Open

opened 2025-11-20 06:08:23 -05:00 by saavagebueno · 19 comments

saavagebueno commented 2025-11-20 06:08:23 -05:00

Owner

Copy Link

Originally created by @Nordlicht-13 on GitHub (May 7, 2025).

Describe the problem

I have a slowdown on the local network, when the netbird client is connected on my Windows PC.
The Windows PCs connecting to a ubuntu server with smb-shares on it.
Sometimes it takes a while (some seconds) to change between folders in a explorer.
And moving E-Mails on Windows E-Mail-Client from one IMAP-folder to another on the linux server
sometimes takes also a while or it's not responding any more.
Tailscale has no problem like this on the same PC.
On a different Windows PC that is connected to a TueNAS with SMB-Shares it's not that slow, but noteble.

To Reproduce

Steps to reproduce the behavior:

1. Start and connect Netbird-Client on a Windows PC
2. Work on that PC, change folder, open Pdf-file or large images (working feels tough)
3. Disconnect from the netbird-net (working feels fluid again)

Expected behavior

Have the same working speed on the local network like without connected to the netbird-net like under tailscale.

Are you using NetBird Cloud?

I use the NetBird Cloud.

NetBird version

netbird 0.43.2

Is any other VPN software installed?

tailscale is installed, but disconnected.

Have you tried these troubleshooting steps?

• Checked for newer NetBird versions
• Searched for similar issues on GitHub (including closed ones)
• Restarted the NetBird client
• Disabled other VPN software
• Checked firewall settings

Originally created by @Nordlicht-13 on GitHub (May 7, 2025). **Describe the problem** I have a slowdown on the local network, when the netbird client is connected on my Windows PC. The Windows PCs connecting to a ubuntu server with smb-shares on it. Sometimes it takes a while (some seconds) to change between folders in a explorer. And moving E-Mails on Windows E-Mail-Client from one IMAP-folder to another on the linux server sometimes takes also a while or it's not responding any more. Tailscale has no problem like this on the same PC. On a different Windows PC that is connected to a TueNAS with SMB-Shares it's not that slow, but noteble. **To Reproduce** Steps to reproduce the behavior: 1. Start and connect Netbird-Client on a Windows PC 2. Work on that PC, change folder, open Pdf-file or large images (working feels tough) 3. Disconnect from the netbird-net (working feels fluid again) **Expected behavior** Have the same working speed on the local network like without connected to the netbird-net like under tailscale. **Are you using NetBird Cloud?** I use the NetBird Cloud. **NetBird version** netbird 0.43.2 **Is any other VPN software installed?** tailscale is installed, but disconnected. **Have you tried these troubleshooting steps?** - [x] Checked for newer NetBird versions - [x] Searched for similar issues on GitHub (including closed ones) - [x] Restarted the NetBird client - [x] Disabled other VPN software - [x] Checked firewall settings

saavagebueno added the triage-neededconnectionperformance labels 2025-11-20 06:08:23 -05:00

saavagebueno commented 2025-11-20 06:08:23 -05:00

Author

Owner

Copy Link

@nazarewk commented on GitHub (May 7, 2025):

1. Is the SMB connection routed through NetBird?
2. Is the NetBird connection established as P2P or Relayed? You can check with netbird status -d on either side.

@nazarewk commented on GitHub (May 7, 2025): 1. Is the SMB connection routed through NetBird? 2. Is the NetBird connection established as P2P or Relayed? You can check with `netbird status -d` on either side.

saavagebueno commented 2025-11-20 06:08:24 -05:00

Author

Owner

Copy Link

@Nordlicht-13 commented on GitHub (May 7, 2025):

1. Is the SMB connection routed through NetBird?

Not that I know, it's a normal SMB-share and the netbird-client is on the PC running.
Isn't there on the local network no need to route it through NetBird?

3. Is the NetBird connection established as P2P or Relayed? You can check with netbird status -d on either side.

...
Connection type: P2P
...
Relay server address: rels://streamline-de-fra1-1.relay.netbird.io:443
...

@Nordlicht-13 commented on GitHub (May 7, 2025): > 1. Is the SMB connection routed through NetBird? Not that I know, it's a normal SMB-share and the netbird-client is on the PC running. Isn't there on the local network no need to route it through NetBird? > 3. Is the NetBird connection established as P2P or Relayed? You can check with `netbird status -d` on either side. ... Connection type: P2P ... Relay server address: rels://streamline-de-fra1-1.relay.netbird.io:443 ...

saavagebueno commented 2025-11-20 06:08:24 -05:00

Author

Owner

Copy Link

@nazarewk commented on GitHub (May 7, 2025):

Isn't there on the local network no need to route it through NetBird?

NetBird doesn't really distinguish where the resource is located, it will route whatever you tell it to through the management (Dashboard), because this might be what some users prefer. So if you have the SMB server routed through NetBird anywhere, you might also be capturing the traffic inside the NetBird network and routing it, even if it's available directly on your LAN.

You can verify it with netbird networks ls.

@nazarewk commented on GitHub (May 7, 2025): > Isn't there on the local network no need to route it through NetBird? NetBird doesn't really distinguish where the resource is located, it will route whatever you tell it to through the management (Dashboard), because this might be what some users prefer. So if you have the SMB server routed through NetBird anywhere, you might also be capturing the traffic inside the NetBird network and routing it, even if it's available directly on your LAN. You can verify it with `netbird networks ls`.

saavagebueno commented 2025-11-20 06:08:24 -05:00

Author

Owner

Copy Link

@Nordlicht-13 commented on GitHub (May 7, 2025):

You can verify it with netbird networks ls.

Okay, now at home I get

Available Networks:

  - ID: office
    Network: 192.168.1.0/24
    Status: Selected

  - ID: truenas-home
    Network: 192.168.2.0/24
    Status: Selected

  - ID: UCM6302
    Network: 192.168.1.75/32
    Status: Selected

  - ID: truenas
    Network: 192.168.2.65/32
    Status: Selected

So I guess it's routed through NetBird, without the routing I probably can't conneced to the smb-share from my laptop, when I'm somewhere else, right.
But then NetBird should not slow down the network that much.

@Nordlicht-13 commented on GitHub (May 7, 2025): > You can verify it with `netbird networks ls`. Okay, now at home I get ``` Available Networks: - ID: office Network: 192.168.1.0/24 Status: Selected - ID: truenas-home Network: 192.168.2.0/24 Status: Selected - ID: UCM6302 Network: 192.168.1.75/32 Status: Selected - ID: truenas Network: 192.168.2.65/32 Status: Selected ``` So I guess it's routed through NetBird, without the routing I probably can't conneced to the smb-share from my laptop, when I'm somewhere else, right. But then NetBird should not slow down the network that much.

saavagebueno commented 2025-11-20 06:08:24 -05:00

Author

Owner

Copy Link

@nazarewk commented on GitHub (May 7, 2025):

It might be blackholing the LAN traffic, disrupting local communication in the process. It would probably help if you made sure the routes are not distributed to the devices on the network or worst case being deselected for initial debugging purposes.

Could you send me the keys for netbird debug bundle -S --upload-bundle from both the server and the client, indicating which is which?
PS: This is a new 0.43.1+ feature for securely sending debug bundles directly to our servers. The keys are non-sensitive: pretty much filenames in our internal storage system.

@nazarewk commented on GitHub (May 7, 2025): It might be blackholing the LAN traffic, disrupting local communication in the process. It would probably help if you made sure the routes are not distributed to the devices on the network or worst case being deselected for initial debugging purposes. Could you send me the keys for `netbird debug bundle -S --upload-bundle` from both the server and the client, indicating which is which? PS: This is a new `0.43.1`+ feature for securely sending debug bundles directly to our servers. The keys are non-sensitive: pretty much filenames in our internal storage system.

saavagebueno commented 2025-11-20 06:08:24 -05:00

Author

Owner

Copy Link

@Nordlicht-13 commented on GitHub (May 7, 2025):

When think about it now...
On the ubuntu server at the office is no NetBird installed, on the Office-PC is a NetBird-Client installed.
On the TrueNAS at home I have NetBird running as an app (and a Icus LX-Container as a test).
Office and Home are connected via wireguard in the router
The question is now, is all traffic from the Office-PC to the ubuntu-server at the office runs through the wireguard connection of the routers, because the TrueNAS has the Networkroute?

2 Network Routes
truenas-home - 192.168.2.0/24
TrueNAS - 9999 - Active

office - 192.168.1.0/24
TrueNAS - 9999 - Active

Guess that's the problem.

@Nordlicht-13 commented on GitHub (May 7, 2025): When think about it now... On the ubuntu server at the office is no NetBird installed, on the Office-PC is a NetBird-Client installed. On the TrueNAS at home I have NetBird running as an app (and a Icus LX-Container as a test). Office and Home are connected via [wireguard in the router](https://en.fritz.com/service/vpn/setting-up-a-wireguard-vpn-between-two-fritzbox-networks/) The question is now, is all traffic from the Office-PC to the ubuntu-server at the office runs through the wireguard connection of the routers, because the TrueNAS has the Networkroute? 2 Network Routes truenas-home - 192.168.2.0/24 TrueNAS - 9999 - Active office - 192.168.1.0/24 TrueNAS - 9999 - Active Guess that's the problem.

saavagebueno commented 2025-11-20 06:08:24 -05:00

Author

Owner

Copy Link

@1nerdyguy commented on GitHub (May 7, 2025):

I had literally a similiar 'foot gun' problem on this recently.

Basically, I came to two options:

1. Don't allow connections to netbird when the originating device is on the same lan. This way, the client is forced to go through the LAN to connect to the server when on site, as you have a rule saying "do not accept connections when onsite". This only works if your Servers and clients are seperated into different IP spaces or something else you can filter off with rule.

2. Install the netbird client on everything, and don't use network routes. Then, the only path is through netbird or lan. I found when I have a network route AND the client on a machine in that same route, the negotiation would not look at the p2p and relay instead based on the fact hte route existed.

@1nerdyguy commented on GitHub (May 7, 2025): I had literally a similiar 'foot gun' problem on this recently. Basically, I came to two options: 1. Don't allow connections to netbird when the originating device is on the same lan. This way, the client is forced to go through the LAN to connect to the server when on site, as you have a rule saying "do not accept connections when onsite". This only works if your Servers and clients are seperated into different IP spaces or something else you can filter off with rule. 2. Install the netbird client on everything, and don't use network routes. Then, the only path is through netbird or lan. I found when I have a network route AND the client on a machine in that same route, the negotiation would not look at the p2p and relay instead based on the fact hte route existed.

saavagebueno commented 2025-11-20 06:08:25 -05:00

Author

Owner

Copy Link

@Nordlicht-13 commented on GitHub (Jun 17, 2025):

Guess I have to switch back to Tailscale.
When the netbird connection is switch on on the office-pc (192.168.22.0 Net)
and I open an pdf-file from the server in the 192.168.22.0 net it takes a while
to open. I guess the traffic goes through the internet connection 50 Mbit/s upload.
Disconnecting netbird and the pdf-file opens instantly.
Why is netbird reaching from 192.168.22.XXX over 192.168.11.XXX to the smb 192.168.22.1?

Now I just checked netbird status -d again and I found out that the Office-PC has the following connection type:
Connection type: Relayed

How do I change this to P2P?

@Nordlicht-13 commented on GitHub (Jun 17, 2025): Guess I have to switch back to Tailscale. When the netbird connection is switch on on the office-pc (192.168.22.0 Net) and I open an pdf-file from the server in the 192.168.22.0 net it takes a while to open. I guess the traffic goes through the internet connection 50 Mbit/s upload. Disconnecting netbird and the pdf-file opens instantly. Why is netbird reaching from 192.168.22.XXX over 192.168.11.XXX to the smb 192.168.22.1? Now I just checked netbird status -d again and I found out that the Office-PC has the following connection type: Connection type: Relayed How do I change this to P2P?

saavagebueno commented 2025-11-20 06:08:25 -05:00

Author

Owner

Copy Link

@1nerdyguy commented on GitHub (Jun 17, 2025):

1. What have you done for troubleshooting?

You've stated you're on the 192.168.22.x network for both client and server, but it's going through Netbird as Relay. This is normal, as you're setting yourself up for failure. If you look at your routes (route print in cmd line), you'll see probably see 2 routes for 192.168.22.0. One with a metric of like 6, and one with a metric of like 271. The lower metric will win. I bet the gateway for that is your Netbird address. Due to this, all traffic for the 192.168.22.x range will go through netbird, as expected.

To get around this, you can do my earlier suggestions: Either don't allow clients on the 192.168.22.x range to connect with an ACL, or forgoe passing the network and just install netbird on everything.

This isn't so much a Netbird problem as an order of operations problem. The computer is doing exactly what it's told to.

@1nerdyguy commented on GitHub (Jun 17, 2025): 1. What have you done for troubleshooting? You've stated you're on the 192.168.22.x network for both client and server, but it's going through Netbird as Relay. This is normal, as you're setting yourself up for failure. If you look at your routes (route print in cmd line), you'll see probably see 2 routes for 192.168.22.0. One with a metric of like 6, and one with a metric of like 271. The lower metric will win. I bet the gateway for that is your Netbird address. Due to this, all traffic for the 192.168.22.x range will go through netbird, as expected. To get around this, you can do my earlier suggestions: Either don't allow clients on the 192.168.22.x range to connect with an ACL, or forgoe passing the network and just install netbird on everything. This isn't so much a Netbird problem as an order of operations problem. The computer is doing exactly what it's told to.

saavagebueno commented 2025-11-20 06:08:25 -05:00

Author

Owner

Copy Link

@Nordlicht-13 commented on GitHub (Jun 17, 2025):

Netbird is installed on the ubuntu-server in the office, both, office-pc and server are the same net with netbird on it.
I now added the office-pc to the office-lan network route (192.168.22.0/24). Now the connection type is P2P, but
it's still slow. Is the transfer status showing the acual speed?

 office-pc.netbird.cloud:
  NetBird IP: 100.XXX.XXX.XXX
  Public key: XXXXXXXXXXXXXXXXXXXX
  Status: Connected
  -- detail --
  Connection type: P2P
  ICE candidate (Local/Remote): host/prflx
  ICE candidate endpoints (Local/Remote): 192.168.1.XX:51820/192.168.22.XXX:51820
  Relay server address: rels://streamline-de-fra1-0.relay.netbird.io:443
  Last connection update: 46 seconds ago
  Last WireGuard handshake: 1 minute, 33 seconds ago
  Transfer status (received/sent) 13.8 MiB/17.4 MiB
  Quantum resistance: false
  Networks: -
  Latency: 9.402827ms

ICE candidate endpoints are wrong. the 192.168.1.XX is for outgoing, 192.168.22.XXX is the local.

@Nordlicht-13 commented on GitHub (Jun 17, 2025): Netbird is installed on the ubuntu-server in the office, both, office-pc and server are the same net with netbird on it. I now added the office-pc to the office-lan network route (192.168.22.0/24). Now the connection type is P2P, but it's still slow. Is the transfer status showing the acual speed? ``` office-pc.netbird.cloud: NetBird IP: 100.XXX.XXX.XXX Public key: XXXXXXXXXXXXXXXXXXXX Status: Connected -- detail -- Connection type: P2P ICE candidate (Local/Remote): host/prflx ICE candidate endpoints (Local/Remote): 192.168.1.XX:51820/192.168.22.XXX:51820 Relay server address: rels://streamline-de-fra1-0.relay.netbird.io:443 Last connection update: 46 seconds ago Last WireGuard handshake: 1 minute, 33 seconds ago Transfer status (received/sent) 13.8 MiB/17.4 MiB Quantum resistance: false Networks: - Latency: 9.402827ms ``` ICE candidate endpoints are wrong. the 192.168.1.XX is for outgoing, 192.168.22.XXX is the local.

saavagebueno commented 2025-11-20 06:08:25 -05:00

Author

Owner

Copy Link

@1nerdyguy commented on GitHub (Jun 17, 2025):

When yous ay you added the route, what do you mean?

Transfer status is literally what it says. It sent 13.8mb, recieved 17.4.

Can you do a netbird status -d on there?

Also, are you still connecting to the 192.168.22.x IP range, or are you connecting to thes servers Netbird IP?

@1nerdyguy commented on GitHub (Jun 17, 2025): When yous ay you added the route, what do you mean? Transfer status is literally what it says. It sent 13.8mb, recieved 17.4. Can you do a netbird status -d on there? Also, are you still connecting to the 192.168.22.x IP range, or are you connecting to thes servers Netbird IP?

saavagebueno commented 2025-11-20 06:08:25 -05:00

Author

Owner

Copy Link

@Nordlicht-13 commented on GitHub (Jun 17, 2025):

When yous ay you added the route, what do you mean?

I have 3 Network Routes
office-lan - 192.168.22.0/24
office-dmz - 192.168.1.0/24
hoe-lan - 192.168.11.0/24

I added the Office-PC to the office-lan where I already had the server in.

Transfer status is literally what it says. It sent 13.8mb, recieved 17.4.

Can you do a netbird status -d on there?

OS: linux/amd64
Daemon version: 0.47.1
CLI version: 0.47.1
Management: Connected to https://api.netbird.io:443
Signal: Connected to https://signal.netbird.io:443
Relays:
  [stun:stun.netbird.io:5555] is Available
  [turns:turn.netbird.io:443?transport=tcp] is Available
  [rels://streamline-de-fra1-1.relay.netbird.io:443] is Available
Nameservers:
  [1.1.1.1:53, 1.0.0.1:53] for [.] is Available
FQDN: server.netbird.cloud
NetBird IP: 100.XXX.XXX.XXX/16
Interface type: Kernel
Quantum resistance: false
Lazy connection: false
Networks: 192.168.1.0/24, 192.168.22.0/24
Forwarding rules: 0
Peers count: 4/8 Connected

Also, are you still connecting to the 192.168.22.x IP range, or are you connecting to thes servers Netbird IP?

On the windows-client under networks I have:
home-lan - 192.168.11.0/24
office-dmz - 192.168.1.0/24
UMC6302 - 192.168.1.88/32

Why is it on the 192.168.1.0/24 and not on the 192.168.22.0/24 network?

@Nordlicht-13 commented on GitHub (Jun 17, 2025): > When yous ay you added the route, what do you mean? > I have 3 Network Routes office-lan - 192.168.22.0/24 office-dmz - 192.168.1.0/24 hoe-lan - 192.168.11.0/24 I added the Office-PC to the office-lan where I already had the server in. > Transfer status is literally what it says. It sent 13.8mb, recieved 17.4. > > Can you do a netbird status -d on there? ``` OS: linux/amd64 Daemon version: 0.47.1 CLI version: 0.47.1 Management: Connected to https://api.netbird.io:443 Signal: Connected to https://signal.netbird.io:443 Relays: [stun:stun.netbird.io:5555] is Available [turns:turn.netbird.io:443?transport=tcp] is Available [rels://streamline-de-fra1-1.relay.netbird.io:443] is Available Nameservers: [1.1.1.1:53, 1.0.0.1:53] for [.] is Available FQDN: server.netbird.cloud NetBird IP: 100.XXX.XXX.XXX/16 Interface type: Kernel Quantum resistance: false Lazy connection: false Networks: 192.168.1.0/24, 192.168.22.0/24 Forwarding rules: 0 Peers count: 4/8 Connected ``` > > Also, are you still connecting to the 192.168.22.x IP range, or are you connecting to thes servers Netbird IP? On the windows-client under networks I have: home-lan - 192.168.11.0/24 office-dmz - 192.168.1.0/24 UMC6302 - 192.168.1.88/32 Why is it on the 192.168.1.0/24 and not on the 192.168.22.0/24 network?

saavagebueno commented 2025-11-20 06:08:25 -05:00

Author

Owner

Copy Link

@1nerdyguy commented on GitHub (Jun 17, 2025):

You didn't answer any of the questions. I have no idea what your 192.168.1. network is. Based on the naming convention, I'd say a grandstream PBX.

So, again:

If you're publishing a network through Netbird, all clients in that network will relay to each other. This is becuase the routing table will have a route for your local network with a lower metric (Higher priority) than your local LAN. So traffic from client to server would go up, out through whatever box you setup as the network, and relay that way.

Have you tried accessing the Server via the netbird IP, the 100.xx.x.xxx.xxx/16 IP listed there, or by the netbird FQDN?

@1nerdyguy commented on GitHub (Jun 17, 2025): You didn't answer any of the questions. I have no idea what your 192.168.1. network is. Based on the naming convention, I'd say a grandstream PBX. So, again: If you're publishing a network through Netbird, all clients in that network will relay to each other. This is becuase the routing table will have a route for your local network with a lower metric (Higher priority) than your local LAN. So traffic from client to server would go up, out through whatever box you setup as the network, and relay that way. Have you tried accessing the Server via the netbird IP, the 100.xx.x.xxx.xxx/16 IP listed there, or by the netbird FQDN?

saavagebueno commented 2025-11-20 06:08:25 -05:00

Author

Owner

Copy Link

@Nordlicht-13 commented on GitHub (Jun 17, 2025):

The 192.168.1 network is the network infront of the firewall with the router and grandstream PBX (192.168.1.88)
The ubuntu-server with the netbird on it has the 192.168.22 network and
a TrueNAS at home has the 192.168.11 network.

The Office-PC has a 192.168.22-IP and the server with netbird on it has also a 192.168.22-IP
but the Office-PC connects locally to the 192.168.1 network.

@Nordlicht-13 commented on GitHub (Jun 17, 2025): The 192.168.1 network is the network infront of the firewall with the router and grandstream PBX (192.168.1.88) The ubuntu-server with the netbird on it has the 192.168.22 network and a TrueNAS at home has the 192.168.11 network. The Office-PC has a 192.168.22-IP and the server with netbird on it has also a 192.168.22-IP but the Office-PC connects locally to the 192.168.1 network.

saavagebueno commented 2025-11-20 06:08:26 -05:00

Author

Owner

Copy Link

@1nerdyguy commented on GitHub (Jun 17, 2025):

Ok, you need to listen to what I'm saying.

You have clients in the 192.168.22.x range.

You are passing hte 192.168.22.x range via netbird.

AS SUCH, those clients will always use netbird to talk to the 192.168.22.x range. Becuase you have a route telling you to. if you, for example ,removed or changed ACLs so that network wasn't published to those clients via netbird, this problem goes away.

@1nerdyguy commented on GitHub (Jun 17, 2025): Ok, you need to listen to what I'm saying. You have clients in the 192.168.22.x range. You are passing hte 192.168.22.x range via netbird. AS SUCH, those clients will *always* use netbird to talk to the 192.168.22.x range. Becuase you have a route telling you to. if you, for example ,removed or changed ACLs so that network wasn't published to those clients via netbird, this problem goes away.

saavagebueno commented 2025-11-20 06:08:26 -05:00

Author

Owner

Copy Link

@Nordlicht-13 commented on GitHub (Jun 19, 2025):

Now I got a fast local connection again.
But I still wondering what the difference between Resources under Networks and
the Network Routes is.

@Nordlicht-13 commented on GitHub (Jun 19, 2025): Now I got a fast local connection again. But I still wondering what the difference between `Resources` under `Networks` and the `Network Routes` is.

saavagebueno commented 2025-11-20 06:08:26 -05:00

Author

Owner

Copy Link

@Nordlicht-13 commented on GitHub (Jun 30, 2025):

Still have the problem, that, when connected to NetBird, the local SMB-connection sometimes slows down.
I have just 5-10 MB/sec writing and reading speed. When I disconnect from NetBird and Connect to NetBird again
I get arround 115 MB/sec writing and reading speed.

@Nordlicht-13 commented on GitHub (Jun 30, 2025): Still have the problem, that, when connected to NetBird, the local SMB-connection sometimes slows down. I have just 5-10 MB/sec writing and reading speed. When I disconnect from NetBird and Connect to NetBird again I get arround 115 MB/sec writing and reading speed.

saavagebueno commented 2025-11-20 06:08:26 -05:00

Author

Owner

Copy Link

@1nerdyguy commented on GitHub (Jun 30, 2025):

I'd check if you're relaying during that slow down. And then determine why.

@1nerdyguy commented on GitHub (Jun 30, 2025): I'd check if you're relaying during that slow down. And then determine why.

saavagebueno commented 2025-11-20 06:08:26 -05:00

Author

Owner

Copy Link

@MichaelUray commented on GitHub (Oct 4, 2025):

I am having a similar issue.
On my laptop is a Netbird client installed which connects to serveral subnets.
The subnets (192.168.91.0/24) at home works fine via Netbird when I am outside. But when my laptop is connected to my home-network, then it should not take the way via Netbird, but via the direct LAN connection.

In my case it is worse, it establishs not a direct WG connection from my laptop to my OpenWRT router where the Netbird client for my home network runs on, but it sends the traffic via the relay to the Netbird server outside and then back into the LAN.
I am actually able to establish a P2P connection from outside to the OpenWRT router, but it gets relayed inside the network for some reason.

C:\>route print -4 | findstr 192.168.91
          0.0.0.0          0.0.0.0   192.168.91.254   192.168.91.220    281
     192.168.91.0    255.255.255.0   Auf Verbindung    192.168.91.220    281
     192.168.91.0    255.255.255.0   Auf Verbindung    100.87.118.192      6
   192.168.91.220  255.255.255.255   Auf Verbindung    192.168.91.220    281
   192.168.91.255  255.255.255.255   Auf Verbindung    192.168.91.220    281
   192.168.91.255  255.255.255.255   Auf Verbindung    100.87.118.192    261
        224.0.0.0        240.0.0.0   Auf Verbindung    192.168.91.220    281
  255.255.255.255  255.255.255.255   Auf Verbindung    192.168.91.220    281

For me it helped to change the metric of the wt0 interface in Windows from automatic to 290, but after a re-connect of Netbird, the wt0 interface got deleted and re-created and that setting is gone.

C:\>route print -4 | findstr 192.168.91
          0.0.0.0          0.0.0.0   192.168.91.254   192.168.91.220    281
     192.168.91.0    255.255.255.0   Auf Verbindung    192.168.91.220    281
     192.168.91.0    255.255.255.0   Auf Verbindung    100.87.118.192    290
   192.168.91.220  255.255.255.255   Auf Verbindung    192.168.91.220    281
   192.168.91.255  255.255.255.255   Auf Verbindung    192.168.91.220    281
   192.168.91.255  255.255.255.255   Auf Verbindung    100.87.118.192    546
        224.0.0.0        240.0.0.0   Auf Verbindung    192.168.91.220    281
  255.255.255.255  255.255.255.255   Auf Verbindung    192.168.91.220    281

A LAN connection with the same subnet should have priority, or there should be at least a setting for the metric of the wt0 interface.

@MichaelUray commented on GitHub (Oct 4, 2025): I am having a similar issue. On my laptop is a Netbird client installed which connects to serveral subnets. The subnets (192.168.91.0/24) at home works fine via Netbird when I am outside. But when my laptop is connected to my home-network, then it should not take the way via Netbird, but via the direct LAN connection. In my case it is worse, it establishs not a direct WG connection from my laptop to my OpenWRT router where the Netbird client for my home network runs on, but it sends the traffic via the relay to the Netbird server outside and then back into the LAN. I am actually able to establish a P2P connection from outside to the OpenWRT router, but it gets relayed inside the network for some reason. ``` C:\>route print -4 | findstr 192.168.91 0.0.0.0 0.0.0.0 192.168.91.254 192.168.91.220 281 192.168.91.0 255.255.255.0 Auf Verbindung 192.168.91.220 281 192.168.91.0 255.255.255.0 Auf Verbindung 100.87.118.192 6 192.168.91.220 255.255.255.255 Auf Verbindung 192.168.91.220 281 192.168.91.255 255.255.255.255 Auf Verbindung 192.168.91.220 281 192.168.91.255 255.255.255.255 Auf Verbindung 100.87.118.192 261 224.0.0.0 240.0.0.0 Auf Verbindung 192.168.91.220 281 255.255.255.255 255.255.255.255 Auf Verbindung 192.168.91.220 281 ``` For me it helped to change the metric of the `wt0` interface in Windows from `automatic` to `290`, but after a re-connect of Netbird, the `wt0` interface got deleted and re-created and that setting is gone. ``` C:\>route print -4 | findstr 192.168.91 0.0.0.0 0.0.0.0 192.168.91.254 192.168.91.220 281 192.168.91.0 255.255.255.0 Auf Verbindung 192.168.91.220 281 192.168.91.0 255.255.255.0 Auf Verbindung 100.87.118.192 290 192.168.91.220 255.255.255.255 Auf Verbindung 192.168.91.220 281 192.168.91.255 255.255.255.255 Auf Verbindung 192.168.91.220 281 192.168.91.255 255.255.255.255 Auf Verbindung 100.87.118.192 546 224.0.0.0 240.0.0.0 Auf Verbindung 192.168.91.220 281 255.255.255.255 255.255.255.255 Auf Verbindung 192.168.91.220 281 ``` A LAN connection with the same subnet should have priority, or there should be at least a setting for the metric of the `wt0` interface.

saavagebueno referenced this issue 2025-11-20 08:05:23 -05:00

[PR #1874] Use a better way to insert data in batches #3233

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

fix/byop-selfhost

feat/status-short-flags

fix/rosenpass

ui-refactor-ui

ui-refactor

proxy-ipv6-bracket-and-debug-bundle

e2e-windows-dns-combined

mgmt-proxy-peer-ipv6

refactor-combined

wasm-websocket-dial

drop-dns-probes

feature/affected-peers

dependabot/go_modules/github.com/Azure/go-ntlmssp-0.1.1

debug-logs

reduce-embed-wg-pool

windows-dns-firewall

dependabot/go_modules/github.com/jackc/pgx/v5-5.9.2

fix/login-cmd-root-flags

feat/reseller-openapi-spec

github-issue-resolver

add-steamos-support

fix-darwin-uninstaller

flutter-test

dependabot/npm_and_yarn/proxy/web/postcss-8.5.12

ci/freebsd-pkg-bootstrap

cached-serial-check-on-sync

fix-mgmt-cache-bypass-overlay

revert-easyjson-5938

revert-ice-5820

revert-firewalld-5928

refactor/permissions-manager

wasm-js-func-release

revert-dns-5935-systemd-resolved

revert-dns-5935-5945

revert-dns-5945-mgmt-cache

feature/log-most-busy-peers

prototype/ui-wails

vnc-server

coderabbitai/utg/8ae8f20

feature/use-peer-fqdn-on-https

dependabot/go_modules/golang.org/x/image-0.38.0

feature/metrics-push-management-control

release/0.68.3

dependabot/go_modules/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream-1.7.8

dependabot/go_modules/github.com/aws/aws-sdk-go-v2/service/s3-1.97.3

add-slack-channel

claude/rdp-token-passthrough-eNcqW

transparent-proxy

fix/macos-stale-route-eexist

crowdsec-selfhosted

fix/remove-otel-units

entire/checkpoints/v1

dependabot/go_modules/github.com/go-jose/go-jose/v4-4.1.4

fix/getting-started

feat/static-connectors-combined-server

feature/use-local-keys-embedded

feature/fleetdm

set-env-only-if-not-fork

feature/expose-has-channel

fix/connection-status-race

fix/filter-cgnat-cni-ice-candidates

feature/check-cert-locker-before-acme

test/proxy-fixes

test/proxy-mtu

prototype/ui-tauri

test/proxy-speed

fix-reused-ports

feat/migrate-to-embedded-idp

feature/add-serial-to-proxy-merged

deploy/proxy-serial

test/connection

feature/disable-legacy-port

feature/flag-to-disable-legacy-port

test/perftest

dependabot/go_modules/github.com/pion/dtls/v3-3.0.11

fix/http-redirect

poc-token-command

dn-reverse-proxy

prototype/reverse-proxy-rename

prototype/reverse-proxy-logs-pagination

feature/client-metrics

prototype/reverse-proxy-clusters

debug-dns-route

fix/win-dns-batch

add-extra-route-logs

job-stream-notify-disconnection-eof

deploy/secrets-manager

trigger-proxy-update

bug/update-ios-client-code-build-tags

sync-client-netmap-serial

log/conn-disconn

nmap/compaction-deploy

ci-win-test

feature/disk-encryption-check

wasm-debug

swap-dns-prio

fix/dex-config

feature/migrate-auto-groups-to-table

dependabot/go_modules/github.com/quic-go/quic-go-0.57.0

nmap/compaction

dex-nocgo-stub

feature/exclude-terraform-from-rate-limiting

test-freebsd

retries-refactor

coderabbitai/docstrings/b7e98ac

feat/integrate-zitadel

bug/ios-hanging-reconection

zitadel-idp

feat/network-map-serial

refactor/get-account-no-users

feat/auto-upgrade

feature/report-high-pat-id

feature/temporary-access-for-resource

fix/nmap-fwrules

dont-restart-dns

prototype/ui

update-gomobile

go-dns-for-ice

wasm-ldflags

test-ldflags

wasmbuild-test

feature/networks-s2s

vk/compare-nmaps

dbg/bothmaps

feature/changeset

reorder-dns-shutdown

fix/relay-reconnection-race

fix/nmap-exitnodes

vk/debug/nmap-both

move-licensed-code

feat/better-daemon-connection-lost-message

feat/auto-update-2

test/timings

refactor/getaccount-raw

tests/nmap-getaccount

refactor/nmap

refactor/nmap-limit-buffer

feature/detect-mac-wakeup

feature/extract-modules

quick-setings

feat/sync-limiter

feature/store-cache-impl

fix-install-version

feature/store-metrics

feature/metrics-on-store

feature/use-gorm-cache

loadtest-signal

unsymmetrical-squash

refactor/reducate-signaling

test/update-reduce

feature/store-cache

feature/remote-debug

cli-ws-proxy-backend-addr

feat/mgmt-map-serial

snyk-fix-d9d0081a4c7f9137bdb59d0d50a141a2

snyk-fix-7415cea5a11acd66753540ca2c598c63

job-yml-update

feature/android-allow-selecting-routes

fix/up-sequence

fix/dns-hash-update

snyk-fix-967adae9863f17f108ce8948d9117b8d

log/getaccount-by-peer

signal-suppressor

dns-exit-node

feature/auto-updates

feature/cache-srv-key

merged-fixes

fix/missed-offers-and-debug

debug-and-fixes

poc-wasm-clean-backend-s2s

test/remote-debug

debug-api

dependabot/go_modules/github.com/docker/docker-28.0.0incompatible

fix/remove-gpo-if-empty

fix/test-freebsd

fix/mysql-setup

fix/remove-logout-btn

handle-existing-domain-user

chore/unify-domain-validation

snyk-fix-c5fafc8a50ce1f29046e25a1fc346185

feat/profile-edit-btn

snyk-fix-a54966211e18d4cf67e5a2757cc006d1

log-short-id

feat/logout-ephemeral

log-checks

batch-wg-ops

nb-interface-default

feat/aws-integration

add/race-test

feature/relay-feature-versioning

fix/systemd-service-logs

poc/preprocessed-map

add-account-onboarding

bind-ipv6

fix/merge-main

logs/peerlogs-addpeer

feature/net-297-network-migration

feature/support-skip-auto-apply-exit-node-routes

set-cmd

set-command-with-cursor

feature/limit-update-channel

stop-using-locking-share

feature/poc-lazy-detection

feature/net-248-removal-of-sync-mutex-locks

test/multiple-peer-logging

preresolve

add-ns-punnycode-support

apply-routes-early

windows-search-domains

fix/connecting-route-filter

feature/management/rest-client/impersonate

debug-local-records

resource-fields-snake-case

test/grpc-rate-limit

traffic-correlation-policy

feature/rest-client-options

feat/events-metrics

feature/buf-cli

test/add-ratelimiter

test/remove-write-lock-on-add-peer

fix/add-peer-semaphore

feature/users-roles-endpoint

mlsmaycon-patch-1

debug-user-role

chore/primary-key-on-networks

feature/update-account-peers-buffer-startup

remove-ubuntu2004-runners

refactor/permissions-no-pat-allowed

ref/logrus-factory

use-conntrack-zone

deploy/permissions-account

feature/lazy-connection-idle

ref/improve-test-cov

restore-pr-3440

test/increase-grpc-timeouts

feat/buffer-account-peers-update

test/networkmapgeneration-changes

feature/base-manager

feature/flow-receiver

chore/benchmark-with-large-runner

refactor/handshake-initiator

client/ui-update-systray-icons

userspace-router

wgwatcher-test

output-if-key-already-exists

fix/relay-reconnection

feature/port-forwarding-client-codecleaning

detached2

test/callbacks-nil-iceconninfo

refactor/optimize-peer-expiration

enable-udp-port-for-docker-template

fix/relay-update

feature/apply-posture-netmap

fix/group-update-existing-resource

conntrack-stats

upgrade-okta-sdk

multi-price

test/conn-stat

set-min-parallel-tests-for-management

dns-interceptor

debug-dns

router-dns

add-static-system-info

debug-0.29.4

debug-0.33.0

account-refactoring

relay/2800_quic

route-get-account-refactoring

test/seed-random-routes

feature/get-account-refactoring

test/reconnect-race-condition

refactor/get-account-usage

feature/add-session-id-to-update-channel

improve-ipv4conn

fix/async-pion-event-handling

debug

add-offload

feature/validate-group-association-debug

fix/limit-conn-for-sqlite

test/engine-iface

test/transaction-for-jwt-sync

fix/engine-stop-in-foreground

feature/add-mysql-support

test-migration

refactor/header-size-values

relay/eliminate-gob

test/signal-dispatcher-with-relay

relay/debug

validate-icon

feature/ipv6-support

use-pre-expanded-peers-map

feature/use-signal-dispatcher

validate/peer-status

add-read-write-times

fix/sync-peer-race

feature/relay-status

netmap

evaluate/network-map-hash

fix/lower-dns-resolve-interval-on-fail

feature/relay

fix/go-mod-version

upgrade-nftables

synology-userspace-mode

fix/use-ip-for-default-routes-on-darwin

fix/proxy_close

enable-release-workflow-on-pr

deploy/peer-performance

feature/permanent-turn

feature/permanent-turn-proxy

deploy/posture-check-sqlite

feature/optimize_sqlite_save

debug-ios-behavior

fix/delete-route-only-after-adding

tshoot/windows-logger

remove-new-routing

refactor/eliminate-repo-dependency

add-arm-to-ci

refactor-demo-account-object

test/abc2

test/abc

send-ssh-rosenpass-config-meta

refactor-demo

ensure-schedule-never-runs-non-positive

feature/peer-validator-groupmgm

feature/peer-validator-fix

fix/include-active-dashboard-users

fix/handle-canceling-schedule

fix/geo-download

debug-google-workspace

yury/resolve-ip-to-location

feature/extend-sysinfo

sqlite-async-peer-status

yury/add-postgresql-store

fix/route

test-build

posture-checks-poc

debug-keycloak-idp

poc/netstack

for-pascal-tmp

peer-logout-management

manual-peer-logout

detached

chore/refactor-management

test/dns-bind

fix/enforce-acl-for-containers

yury/use-sync-map-in-updatechannel

fix/events-key-handling

filter-cache-on-load-account

fix/user-expiration

handle-user-context-cancellation

nb-client-k8s-statefulset

fake-addr

fix/iptables_in_docker

ebpf-debug

update-getting-started-flow-use-postgres

fix/peer_list_notification

feature/device-authentication-with-client-secret

feature/keep_alive

feat-groups-from-jwt

separate_proxy_from_wgconfig

fix/wg_conn

wg_conn_fix

wg_bind_parallel_processing

fix-rollback-get-acls

proxy_cfg_cleanup

performance-improvement-rego

update-lock-log-level

feat-client-side-acl

refactor/move_grpcserver_logic_to_account_manager

feature/event-storage

feature/update-idp-redeeming-invite

feature/api-peer-info

return-groupminimum-setupkey

feature/interface-bind

documentation_enhancement

fix-peer-registration

ssh

users_cache

pass-client-caller

client_caller_type

revert-283-feat-fix-windows-installer

periodic-peer-updates

ebpf

braginini/wasm

v0.70.5

v0.70.4

v0.70.3

v0.70.2

v0.70.1

v0.70.0

v0.69.0

v0.68.3

v0.68.2

v0.68.1

v0.68.0

v0.67.4

v0.67.3

v0.67.2

v0.67.1

v0.67.0

v0.66.4

v0.66.3

v0.66.2

v0.66.1

v0.66.0

v0.65.3

v0.65.2

v0.65.1

v0.65.0

v0.64.6

v0.64.5

v0.64.4

v0.64.3

v0.64.2

v0.64.1

v0.64.0

v0.63.0

v0.62.3

v0.62.2

v0.62.1

v0.62.0

v0.61.2

v0.61.1

v0.61.0

v0.60.9

v0.60.8

v0.60.7

v0.60.6

v0.60.5

v0.60.4

v0.60.3

v0.60.2

v0.60.1

v0.60.0

v0.59.13

v0.59.12

v0.59.11

v0.59.10

v0.59.9

v0.59.8

v0.59.7

v0.59.6

v0.59.5

v0.59.4

v0.59.3

v0.59.2

v0.59.1

v0.59.0

v0.58.2

v0.58.1

v0.58.0

v0.57.1

v0.57.0

v0.56.1

v0.56.0

v0.55.1

v0.55.0

v0.54.2

v0.54.1

v0.54.0

v0.53.0

v0.52.2

v0.52.1

v0.52.0

v0.51.2

v0.51.1

v0.51.0

v0.50.3

v0.50.2

v0.50.1

v0.50.0

v0.49.0

v0.48.0-dev2

v0.48.0

v0.47.2

v0.47.1

v0.47.0

v0.46.0

v0.45.3

v0.45.2

v0.45.1

v0.45.0

v0.44.0

v0.43.3

v0.43.2

v0.43.1

v0.43.0

v0.42.0

v0.41.3

v0.41.2

v0.41.1

v0.41.0

v0.40.1

v0.40.0

v0.39.2

v0.39.1

v0.39.0

v0.38.2

v0.38.1

v0.38.0

v0.37.2

v0.37.1

v0.37.0

v0.36.7

v0.36.6

v0.36.5

v0.36.4

v0.36.3

v0.36.2

v0.36.1

v0.36.0

v0.35.2

v0.35.1

v0.35.0

v0.34.1

v0.34.0

v0.33.0

v0.32.0

v0.31.1

v0.31.0

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.4

v0.29.3

0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.9

v0.28.8

v0.28.7

v0.28.6

v0.28.5

v0.28.4

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.10

v0.27.9

v0.27.8

v0.27.7

v0.27.6

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27.0

v0.26.7

v0.26.6

v0.26.5

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.9

v0.25.8

v0.25.7

v0.25.6

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.4

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.9

v0.23.8

v0.23.7

v0.23.6

v0.23.5

v0.23.4

v0.23.3

v0.23.2

v0.23.1

v0.23.0

v0.22.7

v0.22.6

v0.22.5

v0.22.4

v0.22.3

v0.22.2

v0.22.1

v0.22.0

v0.21.11

v0.21.10

v0.21.9

v0.21.8

v0.21.7

v0.21.6

v0.21.5

v0.21.4

v0.21.3

v0.21.2

v0.21.1

v0.21.0

v0.20.8

v0.20.7

v0.20.6

v0.20.5

v0.20.4

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.1

v0.18.0

v0.17.0

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.6

v0.14.5

v0.14.4

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.0

v0.12.0

v0.11.6

v0.11.5

v0.11.4

v0.11.3

v0.11.2

v0.11.1

v0.11.0

v0.10.10

v0.10.9

v0.10.8

v0.10.7

v0.10.6

v0.10.5

v0.10.4

v0.10.3

v0.10.2

v0.10.1

v0.10.0

v0.9.8

v0.9.7

v0.9.6

v0.9.5

v0.9.4

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.12

v0.8.11

v0.8.10

v0.8.9

v0.8.8

v0.8.7

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.1

v0.7.0

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.11

v0.5.10

v0.5.1

v0.5.0

v0.4.0

v0.3.5

v0.3.4

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.3

v0.2.2-beta.1

v0.2.1-beta.5

v0.2.0-beta.5

v0.2.0-beta.4

v0.2.0-beta.3

v0.2.0-beta.2

v0.2.0-beta.1

v0.1.0-beta.3

v0.1.0-beta.2

v0.1.0-beta.1

v0.1.0-rc.2

v0.1.0-rc-1

v0.0.8-hotfix-1

v0.0.8

v0.0.7

v0.0.6

v0.0.5

v0.0.4

v0.0.3

v0.0.2

v0.0.1

v0.0.0

Labels

Clear labels

2021 Q4

2022 Q1

2022 Q1

accessibility

acl

agent

agent

Android

Android

api

authentik

automation

azure

battery-usage

bug

cache

client

client-ui

cloud

cloud-only

cloudflare

community

compatibility

config-idp

config-issue

connection

contribution

coturn

cross-vpn

dashboard

data-usage

distribution

dns

docker

documentation

duplicate

enhancement

enhancement

event-stream

feature-request

freebsd

getting-started

go

good first issue

gui

help wanted

home-assistant

idp

inconsistency

integration

integrations

ios

ipv6

jwt

k8s

keycloak

linux

login

macos

management-service

missing-docs

mobile

moved-internal

needs-review

netbird-ui

networking

new-platform

nginx

notification

okta

openwrt

packaging

peer-management

peer-management

peer-management

performance

postgres

posture-checks

psk

pull-request

Mirrored from GitHub Pull Request

question

refactor

relay

release

rfc

routes

security

security-related

self-hosting

server

signal

sleep-issue

ssh

ssl

status

store

synology

system-compatibility-issue

test-suite

third-party-integration

triage

triage-needed

troubleshooting

UX

waiting-feedback

windows

wontfix

zitadel

No Label connection performance triage-needed

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

saavagebueno

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: SVI/netbird#1874