Direct Connection should check if connection actually is there #285

New Issue

saavagebueno · 2025-11-20T05:09:06-05:00

saavagebueno commented

2025-11-20 05:09:06 -05:00

Originally created by @CommanderRedYT on GitHub (Mar 8, 2023).

Describe the problem
Client A (Laptop) wants to connect to Client B (Server). Client B has a public IP, so netbird selects Direct Connection. However, ufw blocks the port (51820 as found in /var/log/netbird/client.log), so ping, ssh,.. don't work. As soon as I type ufw allow 51820, everything works as intended.

To Reproduce
Steps to reproduce the behavior:

Connect to a Client via Direct Connection and ufw enabled
Try to ping
Allow port from client.log
Try to ping again

Expected behavior
Check if direct connection actually works or if hole-punching or something else is needed.

NetBird status -d output:

[root@CENSORED netbird]# netbird status -d
Peers detail:
 ...

 myserver.netbird.cloud:
  NetBird IP: 100.foo.bar.faz
  Public key: Y19yoxTrPamPCHeQyb6cQTWwom/Bo7+KGHH9fEcK0BI=
  Status: Connected
  -- detail --
  Connection type: P2P
  Direct: true
  ICE candidate (Local/Remote): host/host
  Last connection update: 2023-03-08 09:48:44

 ...

Daemon version: 0.14.2
CLI version: 0.14.2
Management: Connected to https://api.wiretrustee.com:443
Signal: Connected to https://signal2.wiretrustee.com:443
FQDN: myclient.netbird.cloud
NetBird IP: 100.....
Interface type: Kernel
Peers count: 8/9 Connected

Additional context
This for some reason only happens for my VPS, my homeserver, which also has a public IP, does not have this problem. Maybe this is because it is behind a router?

Laptop Netbird Version: 0.14.2
Server (VPS) Netbird Version: 0.14.2
Server (Home) Netbird Version: 0.14.2

Originally created by @CommanderRedYT on GitHub (Mar 8, 2023). **Describe the problem** Client A (Laptop) wants to connect to Client B (Server). Client B has a public IP, so netbird selects Direct Connection. However, ufw blocks the port (**51820** as found in `/var/log/netbird/client.log`), so ping, ssh,.. don't work. As soon as I type `ufw allow 51820`, everything works as intended. **To Reproduce** Steps to reproduce the behavior: 1. Connect to a Client via Direct Connection and ufw enabled 2. Try to ping 3. Allow port from client.log 4. Try to ping again **Expected behavior** Check if direct connection actually works or if hole-punching or something else is needed. **NetBird status -d output:** ```shell [root@CENSORED netbird]# netbird status -d Peers detail: ... myserver.netbird.cloud: NetBird IP: 100.foo.bar.faz Public key: Y19yoxTrPamPCHeQyb6cQTWwom/Bo7+KGHH9fEcK0BI= Status: Connected -- detail -- Connection type: P2P Direct: true ICE candidate (Local/Remote): host/host Last connection update: 2023-03-08 09:48:44 ... Daemon version: 0.14.2 CLI version: 0.14.2 Management: Connected to https://api.wiretrustee.com:443 Signal: Connected to https://signal2.wiretrustee.com:443 FQDN: myclient.netbird.cloud NetBird IP: 100..... Interface type: Kernel Peers count: 8/9 Connected ``` **Additional context** This for some reason only happens for my VPS, my homeserver, which also has a public IP, does not have this problem. Maybe this is because it is behind a router? Laptop Netbird Version: 0.14.2 Server (VPS) Netbird Version: 0.14.2 Server (Home) Netbird Version: 0.14.2

saavagebueno added the waiting-feedback label 2025-11-20 05:09:06 -05:00

saavagebueno closed this issue

2025-11-20 05:09:07 -05:00

saavagebueno commented

2025-11-20 05:09:08 -05:00

@mlsmaycon commented on GitHub (Jun 16, 2023):

Since release 0.20.0 we've updated the core connectivity layer and improved the direct connection check. Can you test the latest version and see if the issue still exists?

@mlsmaycon commented on GitHub (Jun 16, 2023): Since release 0.20.0 we've updated the core connectivity layer and improved the direct connection check. Can you test the latest version and see if the issue still exists?

saavagebueno commented

2025-11-20 05:09:08 -05:00

@galexrt commented on GitHub (Aug 8, 2023):

This still seems to happen. We have people behind DSL routers (without static IPv4 nor static IPv6 addresses) showing as direct: true and thus not being able to connect with any other peers.
Is there anyway to force direct: false? Could we get a flag to force it?

This is with Netbird server + client version 0.22.3.

Status detail output of a client that shouldn't be direct:

[...]
Status: Connected
-- detail --
  Connection type: P2P
  Direct: true
  ICE candidate (Local/Remote): host/srflx
[...]

(More info about that client: a windows PC with only private IPs)

It says connected but it isn't.., it should be using the coturn server.

@galexrt commented on GitHub (Aug 8, 2023): This still seems to happen. We have people behind DSL routers (without static IPv4 nor static IPv6 addresses) showing as `direct: true` and thus not being able to connect with any other peers. Is there anyway to force `direct: false`? Could we get a flag to force it? This is with Netbird server + client version 0.22.3. Status detail output of a client that shouldn't be direct: ``` [...] Status: Connected -- detail -- Connection type: P2P Direct: true ICE candidate (Local/Remote): host/srflx [...] ``` (More info about that client: a windows PC with only private IPs) It says connected but it isn't.., it should be using the coturn server.

saavagebueno commented

2025-11-20 05:09:08 -05:00

@galexrt commented on GitHub (Aug 15, 2023):

I'm not going to call it a definite fix (more info below), but in my case making the following code change, makes the srflx clients are not set as direct: true:

diff --git a/client/internal/peer/conn.go b/client/internal/peer/conn.go
index 9247ed3..5e69cac 100644
--- a/client/internal/peer/conn.go
+++ b/client/internal/peer/conn.go
@@ -348,7 +348,7 @@ func (conn *Conn) Open() error {
 }

 func isRelayCandidate(candidate ice.Candidate) bool {
-       return candidate.Type() == ice.CandidateTypeRelay
+       return candidate.Type() == ice.CandidateTypeRelay || candidate.Type() == ice.CandidateTypeServerReflexive
 }

 // configureConnection starts proxying traffic from/to local Wireguard and sets connection status to StatusConnected

I have tried to read up on RTC and ICE candidate states to better understand the srflx state. I don't fully understand it, but so far, with all the clients that are put into srflx state, it was seemingly always wrongly chosen for the "small set" (roughly 12-15+) of clients/nodes I use Netbird on.

Is this the "right" direction to relay for both candidate types?
What about adding a config option/flag on the client side for a client to always use the relay?

@galexrt commented on GitHub (Aug 15, 2023): I'm not going to call it a definite fix (more info below), but in my case making the following code change, makes the `srflx` clients are not set as `direct: true`: ``` diff --git a/client/internal/peer/conn.go b/client/internal/peer/conn.go index 9247ed3..5e69cac 100644 --- a/client/internal/peer/conn.go +++ b/client/internal/peer/conn.go @@ -348,7 +348,7 @@ func (conn *Conn) Open() error { } func isRelayCandidate(candidate ice.Candidate) bool { - return candidate.Type() == ice.CandidateTypeRelay + return candidate.Type() == ice.CandidateTypeRelay || candidate.Type() == ice.CandidateTypeServerReflexive } // configureConnection starts proxying traffic from/to local Wireguard and sets connection status to StatusConnected ``` I have tried to read up on RTC and ICE candidate states to better understand the `srflx` state. I don't fully understand it, but so far, with all the clients that are put into `srflx` state, it was seemingly always wrongly chosen for the "small set" (roughly 12-15+) of clients/nodes I use Netbird on. * Is this the "right" direction to relay for both candidate types? * What about adding a config option/flag on the client side for a client to always use the relay?

saavagebueno commented

2025-11-20 05:09:08 -05:00

@mlsmaycon commented on GitHub (Aug 15, 2023):

Hello @galexrt,

The term srflx refers to a public IP address and port combination (IP:PORT). This is the address obtained when a device reaches out to a STUN/TURN server to learn about its public-facing address. It's crucial for enabling direct connections between two devices over the internet, especially when they're behind certain network configurations like NAT.

To make things more efficient, starting from version 0.19, we've decided to use the same port as Wireguard (a VPN protocol) for these discovery processes. This way, we can utilize the srflx address directly, eliminating the need for any intermediary proxy.

So currently, assuming both peers are using a more recent version, the srflx would work just fine. But it depends on the firewall between peers.

That said, there is an environment variable available to force use of Relay:

NB_ICE_FORCE_RELAY_CONN=true

To configure it on Windows, unfortunately you have to use regedit and insert it as value in:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netbird\

With a multi-strings Key named Environment, see example below:

Once that is created, you can restart the NetBird service with:

netbird service stop
netbird service start

@mlsmaycon commented on GitHub (Aug 15, 2023): Hello @galexrt, The term `srflx` refers to a public IP address and port combination (IP:PORT). This is the address obtained when a device reaches out to a STUN/TURN server to learn about its public-facing address. It's crucial for enabling direct connections between two devices over the internet, especially when they're behind certain network configurations like NAT. To make things more efficient, starting from version 0.19, we've decided to use the same port as Wireguard (a VPN protocol) for these discovery processes. This way, we can utilize the `srflx` address directly, eliminating the need for any intermediary proxy. So currently, assuming both peers are using a more recent version, the srflx would work just fine. But it depends on the firewall between peers. That said, there is an environment variable available to force use of Relay: `NB_ICE_FORCE_RELAY_CONN=true` To configure it on Windows, unfortunately you have to use regedit and insert it as value in: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netbird\` With a multi-strings Key named `Environment`, see example below: <img width="515" alt="image" src="https://github.com/netbirdio/netbird/assets/7747744/54ce02eb-f8f3-49fd-b747-0311fb437e59"> Once that is created, you can restart the NetBird service with: ```shell netbird service stop netbird service start ```

saavagebueno commented

2025-11-20 05:09:08 -05:00

@galexrt commented on GitHub (Aug 19, 2023):

Thank you for the info about the env var and info for windows clients as well!

The term srflx refers to a public IP address and port combination (IP:PORT). This is the address obtained when a device reaches out to a STUN/TURN server to learn about its public-facing address. It's crucial for enabling direct connections between two devices over the internet, especially when they're behind certain network configurations like NAT.

I see, so it seems that the public IP discovered is correct, but because the clients are behind a "typical ISP IPv4 NAT" /"shared IPv4 address" where only the ISP controls the firewall the port can't work.
So why would the system assume that the port works? Maybe the ISP firewall is messing up these results?

Is there a way to actually make sure that the "public IP + port" is actually reaching the VPN client so this issue wouldn't arise?
Or am I misunderstanding what you wrote in regards to the discovery/usage of the public IP?

@galexrt commented on GitHub (Aug 19, 2023): Thank you for the info about the env var and info for windows clients as well! *** > The term srflx refers to a public IP address and port combination (IP:PORT). This is the address obtained when a device reaches out to a STUN/TURN server to learn about its public-facing address. It's crucial for enabling direct connections between two devices over the internet, especially when they're behind certain network configurations like NAT. I see, so it seems that the public IP discovered is correct, but because the clients are behind a "typical ISP IPv4 NAT" /"shared IPv4 address" where only the ISP controls the firewall the port can't work. So why would the system assume that the port works? Maybe the ISP firewall is messing up these results? Is there a way to actually make sure that the "public IP + port" is actually reaching the VPN client so this issue wouldn't arise? Or am I misunderstanding what you wrote in regards to the discovery/usage of the public IP?

saavagebueno commented

2025-11-20 05:09:08 -05:00

@CommanderRedYT commented on GitHub (Aug 19, 2023):

I guess most of the people either have CG-Nat, so ipv6 on user end and shared ipv4 on ISP end. For us in Austria, we have the option to have the ipv6 disabled but instead have a public ipv4 for the modem.

@CommanderRedYT commented on GitHub (Aug 19, 2023): I guess most of the people either have CG-Nat, so ipv6 on user end and shared ipv4 on ISP end. For us in Austria, we have the option to have the ipv6 disabled but instead have a public ipv4 for the modem.

saavagebueno commented

2025-11-20 05:09:09 -05:00

@CertainLach commented on GitHub (Apr 1, 2024):

I have a laptop (192.168.1.200) and a nas (192.168.1.100), both in the same local network, behind NAT, behind CGNAT.

Usually, this setup works perfectly, direct connection is estabilished between those two peers

Fragment of netbird status -d called from the laptop:

 nas.my.vpn:
  NetBird IP: 100.103.11.12
  Public key: vIy9n3pE7knxL9tSm11eyhbxnLe1sxAojzYPSvb/RHs=
  Status: Connected
  -- detail --
  Connection type: P2P
  Direct: true
  ICE candidate (Local/Remote): host/prflx
  ICE candidate endpoints (Local/Remote): 192.168.1.200:51820/192.168.1.100:51820
  Last connection update: 2024-03-29 19:35:04
  Last WireGuard handshake: 2024-03-29 19:37:09
  Transfer status (received/sent) 1.7 MiB/108.6 KiB
  Quantum resistance: true
  Routes: -

However, sometimes, after the laptop was asleep... Netbird decides to try another route, which doesn't work

nas.my.vpn:
 NetBird IP: 100.103.11.12
 Public key: vIy9n3pE7knxL9tSm11eyhbxnLe1sxAojzYPSvb/RHs=
 Status: Connected
 -- detail --
 Connection type: P2P
 Direct: true
 ICE candidate (Local/Remote): srflx/prflx
 ICE candidate endpoints (Local/Remote): 109.111.114.115:51820/192.168.1.100:51820
 Last connection update: 2024-03-29 22:42:38
 Last WireGuard handshake: 2024-03-29 22:44:49
 Transfer status (received/sent) 223.8 KiB/277.1 KiB
 Quantum resistance: true
 Routes: -

109.111.114.115 here is my public IP.
At first I tough it is just happens that somehow udp hole punching works here, and it is somehow port 51820 is being preserved after two layers of NAT, but I have set up tcpdump on the stun server (Which belongs to me, and lies outside of this CGNAT), and the received connection IP:PORT is never 109.111.114.115:51820, so this route is clearly wrong and will never work, yet this connection is somehow marked as connected.

(Identifiers here are anonymized, this isn't my real public IP/pubkey/netbird ips/NAT IPs)

System information:

Daemon version: 0.26.3
CLI version: 0.26.3
Management: Connected to https://my.netbird.mydomain.com:443
Signal: Connected to https://my.netbird.mydomain.com:443
Relays: 
  [stun:stun0.netbird.mydomain.com:3478] is Available
  [turn:turn0.netbird.mydomain.com?transport=udp] is Available
Nameservers: 
FQDN: laptop.my.vpn
NetBird IP: 100.103.20.30/16
Interface type: Kernel
Quantum resistance: true (permissive)
Routes: -
Peers count: 12/14 Connected

@CertainLach commented on GitHub (Apr 1, 2024): I have a laptop (192.168.1.200) and a nas (192.168.1.100), both in the same local network, behind NAT, behind CGNAT. Usually, this setup works perfectly, direct connection is estabilished between those two peers Fragment of `netbird status -d` called from the laptop: ``` nas.my.vpn: NetBird IP: 100.103.11.12 Public key: vIy9n3pE7knxL9tSm11eyhbxnLe1sxAojzYPSvb/RHs= Status: Connected -- detail -- Connection type: P2P Direct: true ICE candidate (Local/Remote): host/prflx ICE candidate endpoints (Local/Remote): 192.168.1.200:51820/192.168.1.100:51820 Last connection update: 2024-03-29 19:35:04 Last WireGuard handshake: 2024-03-29 19:37:09 Transfer status (received/sent) 1.7 MiB/108.6 KiB Quantum resistance: true Routes: - ``` However, sometimes, after the laptop was asleep... Netbird decides to try another route, which doesn't work ``` nas.my.vpn: NetBird IP: 100.103.11.12 Public key: vIy9n3pE7knxL9tSm11eyhbxnLe1sxAojzYPSvb/RHs= Status: Connected -- detail -- Connection type: P2P Direct: true ICE candidate (Local/Remote): srflx/prflx ICE candidate endpoints (Local/Remote): 109.111.114.115:51820/192.168.1.100:51820 Last connection update: 2024-03-29 22:42:38 Last WireGuard handshake: 2024-03-29 22:44:49 Transfer status (received/sent) 223.8 KiB/277.1 KiB Quantum resistance: true Routes: - ``` 109.111.114.115 here is my public IP. At first I tough it is just happens that somehow udp hole punching works here, and it is somehow port 51820 is being preserved after two layers of NAT, but I have set up tcpdump on the stun server (Which belongs to me, and lies outside of this CGNAT), and the received connection IP:PORT is never 109.111.114.115:51820, so this route is clearly wrong and will never work, yet this connection is somehow marked as connected. (Identifiers here are anonymized, this isn't my real public IP/pubkey/netbird ips/NAT IPs) System information: ``` Daemon version: 0.26.3 CLI version: 0.26.3 Management: Connected to https://my.netbird.mydomain.com:443 Signal: Connected to https://my.netbird.mydomain.com:443 Relays: [stun:stun0.netbird.mydomain.com:3478] is Available [turn:turn0.netbird.mydomain.com?transport=udp] is Available Nameservers: FQDN: laptop.my.vpn NetBird IP: 100.103.20.30/16 Interface type: Kernel Quantum resistance: true (permissive) Routes: - Peers count: 12/14 Connected ```

saavagebueno commented

2025-11-20 05:09:09 -05:00

@nazarewk commented on GitHub (Sep 4, 2024):

I think I'm observing the same issue after getting my RutOS mobile router behind CG-NAT to connect to Netbird Cloud in course of #2530 :

connectivity to Netbird Cloud is enabled with with NB_DISABLE_CUSTOM_ROUTING=true (actually NB_SKIP_SOCKET_MARK=true in patched version) )
netbird status -d doesn't show anything after Last WireGuard handshake: for non-LAN peers
adding NB_ICE_FORCE_RELAY_CONN=true helps with WAN connectivity (from my home network and cloud server) , but now LAN peers communicate over internet,

@nazarewk commented on GitHub (Sep 4, 2024): I think I'm observing the same issue after getting my RutOS mobile router behind CG-NAT to connect to Netbird Cloud in course of #2530 : 1. connectivity to Netbird Cloud is enabled with with `NB_DISABLE_CUSTOM_ROUTING=true` (actually `NB_SKIP_SOCKET_MARK=true` in [patched version)](https://github.com/netbirdio/netbird/commit/885a5744ab9fff3d542d6aaeb29f3323eadd38eb) ) 2. `netbird status -d` doesn't show anything after `Last WireGuard handshake:` for non-LAN peers 3. adding `NB_ICE_FORCE_RELAY_CONN=true` helps with WAN connectivity (from my home network and cloud server) , but now LAN peers communicate over internet,

saavagebueno commented

2025-11-20 05:09:09 -05:00

@mlsmaycon commented on GitHub (Jun 1, 2025):

closing issue due to no recent feedback. Feel free to open a new one if the issue persist or reopen if this was a feature request.

@mlsmaycon commented on GitHub (Jun 1, 2025): closing issue due to no recent feedback. Feel free to open a new one if the issue persist or reopen if this was a feature request.

saavagebueno referenced this issue

2025-11-20 07:12:18 -05:00

[PR #285] [MERGED] chore(ui): add UI binary to windows installer #2682

Sign in to join this conversation.

Branches Tags

main

feature/affected-peers

dependabot/go_modules/github.com/Azure/go-ntlmssp-0.1.1

debug-logs

ui-refactor

drop-dns-probes

improve-usp-fw

reduce-embed-wg-pool

dns-skip-failover-on-ede

feat/byod-proxy

windows-dns-firewall

fix/relay-healthcheck-non-standard-port

fix/login-persist-url-flags

ssh-config-tmp-cleanup

dependabot/go_modules/github.com/jackc/pgx/v5-5.9.2

fix/login-cmd-root-flags

feat/reseller-openapi-spec

github-issue-resolver

add-steamos-support

fix-darwin-uninstaller

flutter-test

dependabot/npm_and_yarn/proxy/web/postcss-8.5.12

ci/freebsd-pkg-bootstrap

cached-serial-check-on-sync

fix-mgmt-cache-bypass-overlay

revert-easyjson-5938

revert-ice-5820

revert-firewalld-5928

refactor/permissions-manager

wasm-js-func-release

wasm-websocket-dial

revert-dns-5935-systemd-resolved

revert-dns-5935-5945

revert-dns-5945-mgmt-cache

feature/log-most-busy-peers

prototype/ui-wails

vnc-server

coderabbitai/utg/8ae8f20

feature/use-peer-fqdn-on-https

dependabot/go_modules/golang.org/x/image-0.38.0

feature/metrics-push-management-control

release/0.68.3

dependabot/go_modules/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream-1.7.8

dependabot/go_modules/github.com/aws/aws-sdk-go-v2/service/s3-1.97.3

add-slack-channel

claude/rdp-token-passthrough-eNcqW

transparent-proxy

fix/macos-stale-route-eexist

crowdsec-selfhosted

fix/remove-otel-units

entire/checkpoints/v1

dependabot/go_modules/github.com/go-jose/go-jose/v4-4.1.4

fix/getting-started

feat/static-connectors-combined-server

feature/use-local-keys-embedded

feature/fleetdm

set-env-only-if-not-fork

feature/expose-has-channel

fix/connection-status-race

fix/filter-cgnat-cni-ice-candidates

feature/check-cert-locker-before-acme

test/proxy-fixes

test/proxy-mtu

prototype/ui-tauri

test/proxy-speed

fix-reused-ports

feat/migrate-to-embedded-idp

feature/add-serial-to-proxy-merged

deploy/proxy-serial

test/connection

feature/disable-legacy-port

feature/flag-to-disable-legacy-port

test/perftest

dependabot/go_modules/github.com/pion/dtls/v3-3.0.11

fix/http-redirect

poc-token-command

dn-reverse-proxy

prototype/reverse-proxy-rename

prototype/reverse-proxy-logs-pagination

feature/client-metrics

prototype/reverse-proxy-clusters

debug-dns-route

fix/win-dns-batch

add-extra-route-logs

job-stream-notify-disconnection-eof

deploy/secrets-manager

trigger-proxy-update

bug/update-ios-client-code-build-tags

sync-client-netmap-serial

log/conn-disconn

nmap/compaction-deploy

ci-win-test

feature/disk-encryption-check

wasm-debug

swap-dns-prio

fix/dex-config

feature/migrate-auto-groups-to-table

dependabot/go_modules/github.com/quic-go/quic-go-0.57.0

nmap/compaction

dex-nocgo-stub

feature/exclude-terraform-from-rate-limiting

test-freebsd

retries-refactor

coderabbitai/docstrings/b7e98ac

feat/integrate-zitadel

bug/ios-hanging-reconection

zitadel-idp

feat/network-map-serial

refactor/get-account-no-users

feat/auto-upgrade

feature/report-high-pat-id

feature/temporary-access-for-resource

fix/nmap-fwrules

dont-restart-dns

prototype/ui

update-gomobile

go-dns-for-ice

wasm-ldflags

test-ldflags

wasmbuild-test

feature/networks-s2s

vk/compare-nmaps

dbg/bothmaps

feature/changeset

reorder-dns-shutdown

fix/relay-reconnection-race

fix/nmap-exitnodes

vk/debug/nmap-both

move-licensed-code

feat/better-daemon-connection-lost-message

feat/auto-update-2

test/timings

refactor/getaccount-raw

tests/nmap-getaccount

refactor/nmap

refactor/nmap-limit-buffer

feature/detect-mac-wakeup

feature/extract-modules

quick-setings

feat/sync-limiter

feature/store-cache-impl

fix-install-version

feature/store-metrics

feature/metrics-on-store

feature/use-gorm-cache

loadtest-signal

unsymmetrical-squash

refactor/reducate-signaling

test/update-reduce

feature/store-cache

feature/remote-debug

cli-ws-proxy-backend-addr

feat/mgmt-map-serial

snyk-fix-d9d0081a4c7f9137bdb59d0d50a141a2

snyk-fix-7415cea5a11acd66753540ca2c598c63

job-yml-update

feature/android-allow-selecting-routes

fix/up-sequence

fix/dns-hash-update

snyk-fix-967adae9863f17f108ce8948d9117b8d

log/getaccount-by-peer

signal-suppressor

dns-exit-node

feature/auto-updates

feature/cache-srv-key

merged-fixes

fix/missed-offers-and-debug

debug-and-fixes

poc-wasm-clean-backend-s2s

test/remote-debug

debug-api

dependabot/go_modules/github.com/docker/docker-28.0.0incompatible

fix/remove-gpo-if-empty

fix/test-freebsd

fix/mysql-setup

fix/remove-logout-btn

handle-existing-domain-user

chore/unify-domain-validation

snyk-fix-c5fafc8a50ce1f29046e25a1fc346185

feat/profile-edit-btn

snyk-fix-a54966211e18d4cf67e5a2757cc006d1

log-short-id

feat/logout-ephemeral

log-checks

batch-wg-ops

nb-interface-default

feat/aws-integration

add/race-test

feature/relay-feature-versioning

fix/systemd-service-logs

poc/preprocessed-map

add-account-onboarding

bind-ipv6

fix/merge-main

logs/peerlogs-addpeer

feature/net-297-network-migration

feature/support-skip-auto-apply-exit-node-routes

set-cmd

set-command-with-cursor

feature/limit-update-channel

stop-using-locking-share

feature/poc-lazy-detection

feature/net-248-removal-of-sync-mutex-locks

test/multiple-peer-logging

preresolve

add-ns-punnycode-support

apply-routes-early

windows-search-domains

fix/connecting-route-filter

feature/management/rest-client/impersonate

debug-local-records

resource-fields-snake-case

test/grpc-rate-limit

traffic-correlation-policy

feature/rest-client-options

feat/events-metrics

feature/buf-cli

test/add-ratelimiter

test/remove-write-lock-on-add-peer

fix/add-peer-semaphore

feature/users-roles-endpoint

mlsmaycon-patch-1

debug-user-role

chore/primary-key-on-networks

feature/update-account-peers-buffer-startup

remove-ubuntu2004-runners

refactor/permissions-no-pat-allowed

ref/logrus-factory

use-conntrack-zone

deploy/permissions-account

feature/lazy-connection-idle

ref/improve-test-cov

restore-pr-3440

test/increase-grpc-timeouts

feat/buffer-account-peers-update

test/networkmapgeneration-changes

feature/base-manager

feature/flow-receiver

chore/benchmark-with-large-runner

refactor/handshake-initiator

client/ui-update-systray-icons

userspace-router

wgwatcher-test

output-if-key-already-exists

fix/relay-reconnection

feature/port-forwarding-client-codecleaning

detached2

test/callbacks-nil-iceconninfo

refactor/optimize-peer-expiration

enable-udp-port-for-docker-template

fix/relay-update

feature/apply-posture-netmap

fix/group-update-existing-resource

conntrack-stats

upgrade-okta-sdk

multi-price

test/conn-stat

set-min-parallel-tests-for-management

dns-interceptor

debug-dns

router-dns

add-static-system-info

debug-0.29.4

debug-0.33.0

account-refactoring

relay/2800_quic

route-get-account-refactoring

test/seed-random-routes

feature/get-account-refactoring

test/reconnect-race-condition

refactor/get-account-usage

feature/add-session-id-to-update-channel

improve-ipv4conn

fix/async-pion-event-handling

debug

add-offload

feature/validate-group-association-debug

fix/limit-conn-for-sqlite

test/engine-iface

test/transaction-for-jwt-sync

fix/engine-stop-in-foreground

feature/add-mysql-support

test-migration

refactor/header-size-values

relay/eliminate-gob

test/signal-dispatcher-with-relay

relay/debug

validate-icon

feature/ipv6-support

use-pre-expanded-peers-map

feature/use-signal-dispatcher

validate/peer-status

add-read-write-times

fix/sync-peer-race

feature/relay-status

netmap

evaluate/network-map-hash

fix/lower-dns-resolve-interval-on-fail

feature/relay

fix/go-mod-version

upgrade-nftables

synology-userspace-mode

fix/use-ip-for-default-routes-on-darwin

fix/proxy_close

enable-release-workflow-on-pr

deploy/peer-performance

feature/permanent-turn

feature/permanent-turn-proxy

deploy/posture-check-sqlite

feature/optimize_sqlite_save

debug-ios-behavior

fix/delete-route-only-after-adding

tshoot/windows-logger

remove-new-routing

refactor/eliminate-repo-dependency

add-arm-to-ci

refactor-demo-account-object

test/abc2

test/abc

send-ssh-rosenpass-config-meta

refactor-demo

ensure-schedule-never-runs-non-positive

feature/peer-validator-groupmgm

feature/peer-validator-fix

fix/include-active-dashboard-users

fix/handle-canceling-schedule

fix/geo-download

debug-google-workspace

yury/resolve-ip-to-location

feature/extend-sysinfo

sqlite-async-peer-status

yury/add-postgresql-store

fix/route

test-build

posture-checks-poc

debug-keycloak-idp

poc/netstack

for-pascal-tmp

peer-logout-management

manual-peer-logout

detached

chore/refactor-management

test/dns-bind

fix/enforce-acl-for-containers

yury/use-sync-map-in-updatechannel

fix/events-key-handling

filter-cache-on-load-account

fix/user-expiration

handle-user-context-cancellation

nb-client-k8s-statefulset

fake-addr

fix/iptables_in_docker

ebpf-debug

update-getting-started-flow-use-postgres

fix/peer_list_notification

feature/device-authentication-with-client-secret

feature/keep_alive

feat-groups-from-jwt

separate_proxy_from_wgconfig

fix/wg_conn

wg_conn_fix

wg_bind_parallel_processing

fix-rollback-get-acls

proxy_cfg_cleanup

performance-improvement-rego

update-lock-log-level

feat-client-side-acl

refactor/move_grpcserver_logic_to_account_manager

feature/event-storage

feature/update-idp-redeeming-invite

feature/api-peer-info

return-groupminimum-setupkey

feature/interface-bind

documentation_enhancement

fix-peer-registration

ssh

users_cache

pass-client-caller

client_caller_type

revert-283-feat-fix-windows-installer

periodic-peer-updates

ebpf

braginini/wasm

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: SVI/netbird#285