Configure the Netbird Network Range #660

@moontide commented on GitHub (Mar 6, 2024):

For selfhosted installation, currently, as a workaround, you can change the network range (and even IP addresses of each peer) via editing store.json file.

/var/lib/docker/volumes/artifacts_netbird-mgmt/_data/store.json

{
    "Accounts": {
        "...an-account-id...": {
            "Network": {
                "id": "...a-network-id...",
                "Net": {
                    "IP": "100.100.100.0",
                    "Mask": "////AA=="    // base64 codec string for binary 255.255.255.0
                },
                "Dns": "",
                "Serial": 1
            },

            "Peers": {
                "...a-peer-id...": {
                    "ID": "...a-peer-id...",
                    "IP": "100.100.100.100",  // easy to remember

But I don't know how to change them when using sqlite storage engine. network range information is stored in network_net field of accounts table, peer ip information is stored in ip field of peers table, but the data types are BLOB which is not editable unless you know the data format of it.

@moontide commented on GitHub (Mar 6, 2024): For selfhosted installation, currently, as a workaround, you can change the network range (and even IP addresses of each peer) via editing `store.json` file. **/var/lib/docker/volumes/artifacts_netbird-mgmt/_data/store.json** { "Accounts": { "...an-account-id...": { "Network": { "id": "...a-network-id...", "Net": { "IP": "100.100.100.0", "Mask": "////AA==" // base64 codec string for binary 255.255.255.0 }, "Dns": "", "Serial": 1 }, "Peers": { "...a-peer-id...": { "ID": "...a-peer-id...", "IP": "100.100.100.100", // easy to remember But I don't know how to change them when using `sqlite` storage engine. **network range** information is stored in `network_net` field of `accounts` table, **peer ip** information is stored in `ip` field of `peers` table, but the data types are `BLOB` which is not editable unless you know the data format of it.

saavagebueno commented

@nuterum commented on GitHub (May 12, 2024):

Since version 0.27.5 it may be possible to change that after adding peer and changing each peer IP but i have not test it and cant be sure that no problem will occur.

What i have test is to do it before adding peer and after finishing the installation process.

Explanation

First you need to understand that the mask of the network is encode in base64 and is define by func IPv4Mask in go net package.
The define network is done in the file below:
Define network

To change the network mask you will need to calculate the new one and encode it.
You can use the following link to do that or the function directly:
Online IPMask
Encode to base64

For example let make a /24 (255.255.255.0) and /22 (255.255.252.0):
In the case of /24 IPMask give "ffffff00" then encode it and obtain "////AA==".
In the case of /22 IPMask give "fffffc00" then encode it and obtain "///8AA==".

I will show it later but the default mask is "//8AAA==" and is a subnet of "100.64.0.0/10" as define in network.go.
Then what mask is "//8AAA==". If we decode it then we have "ffff0000" and in IPMask this correspond to a /16 (255.255.0.0).
That correspond to what we found in network.go.

Making change

Now let speak where to find this netword and how to change it.
Firs you need to know where your data will be as configure in your docker-compose.yml.
In the docker-compose.yml you configure "netbird-mgmt:/var/lib/netbird" in your volume.
That is the place where our db file will be. (in my case /var/lib/docker/volumes/artifacts_netbird-mgmt/_data/)
Then let check what inside:

ls /var/lib/docker/volumes/artifacts_netbird-mgmt/_data/
events.db GeoLite2-City.mmdb geonames.db store.db

we can see multiple sqlite db the one we need is the "store.db". You will need sqlite3 if you want to modify this file "sqlite3 /var/lib/docker/volumes/artifacts_netbird-mgmt/_data/store.db"

sqlite3 /var/lib/docker/volumes/artifacts_netbird-mgmt/_data/store.db
SQLite version 3.40.1 2022-12-28 14:03:47
Enter ".help" for usage hints.
sqlite> .tables
accounts network_addresses posture_checks
extra_settings peers routes
groups personal_access_tokens setup_keys
installations policies users
name_server_groups policy_rules
sqlite>

Here we will need the table "accounts" and more exactly the network_net inside.

sqlite> .schema accounts
CREATE TABLE accounts (id text,created_by text,created_at datetime,domain text,domain_category text,is_domain_primary_account numeric,network_identifier text,network_net text,network_dns text,network_serial integer,dns_settings_disabled_management_groups text,settings_peer_login_expiration_enabled numeric,settings_peer_login_expiration integer,settings_regular_users_view_blocked numeric,settings_groups_propagation_enabled numeric,settings_jwt_groups_enabled numeric,settings_jwt_groups_claim_name text,settings_jwt_allow_groups text,settings_extra_peer_approval_enabled numeric,settings_extra_integrated_validator_groups text,PRIMARY KEY (id));
CREATE INDEX idx_accounts_domain ON accounts(domain);

In my case before modification i had:

sqlite> select network_net from accounts;
{"IP":"100.68.0.0","Mask":"//8AAA=="}

You can find your id by "select id,network_net from accounts;".

Then you just need to update (in my case i use 10.68.68.0/24 ):

sqlite3 /var/lib/docker/volumes/artifacts_netbird-mgmt/_data/store.db
SQLite version 3.40.1 2022-12-28 14:03:47
Enter ".help" for usage hints.
sqlite> select network_net from accounts;
{"IP":"100.68.0.0","Mask":"//8AAA=="}
sqlite>UPDATE accounts SET network_net = '{"IP":"10.68.68.0","Mask":"////AA=="}' WHERE id = 'Replace by your account id';
sqlite> select network_net from accounts;
{"IP":"10.68.68.0","Mask":"////AA=="}
sqlite>.quit

By security i restart my docker stack of netbird "docker compose restart" to make sure the configuration is read again.
After that i add my peers and confirm the usage of the new network.

Take notice:

With the change made in 0.27.5 (version test for this modification describe) we may be able to do it even after adding peer but will need to change each peer ip. This is possible because the ip field has been change from blob to text.
you can find each peer id and ip with "select id,ip from peers;".

You will need to change each peer with unique IP in the "network_net" define in account associate with the peer.
In my case i have only one account and all my peer are associate with it.
It seem to be the default for every sel-hosted instance.

Example for one peer:
UPDATE peers SET ip = '"10.68.68.2"' WHERE id = 'Replace by your peer id';

By security i restart my docker stack of netbird "docker compose restart" to make sure the configuration is read again.
I never like the possibility to create instability by configuration or information that may be in cache.

Thank you for your time and wish you a good day.

@nuterum commented on GitHub (May 12, 2024): Since version 0.27.5 it may be possible to change that after adding peer and changing each peer IP but i have not test it and cant be sure that no problem will occur. What i have test is to do it before adding peer and after finishing the installation process. ### Explanation First you need to understand that the mask of the network is encode in base64 and is define by func IPv4Mask in go net package. The define network is done in the file below: [Define network](https://github.com/netbirdio/netbird/blob/main/management/server/network.go) To change the network mask you will need to calculate the new one and encode it. You can use the following link to do that or the function directly: [Online IPMask](https://pkg.go.dev/net#IPMask) [Encode to base64](https://cryptii.com/pipes/hex-to-base64) For example let make a /24 (255.255.255.0) and /22 (255.255.252.0): In the case of /24 IPMask give "ffffff00" then encode it and obtain "////AA==". In the case of /22 IPMask give "fffffc00" then encode it and obtain "///8AA==". I will show it later but the default mask is "//8AAA==" and is a subnet of "100.64.0.0/10" as define in network.go. Then what mask is "//8AAA==". If we decode it then we have "ffff0000" and in IPMask this correspond to a /16 (255.255.0.0). That correspond to what we found in network.go. ### Making change Now let speak where to find this netword and how to change it. Firs you need to know where your data will be as configure in your docker-compose.yml. In the docker-compose.yml you configure "netbird-mgmt:/var/lib/netbird" in your volume. That is the place where our db file will be. (in my case /var/lib/docker/volumes/artifacts_netbird-mgmt/_data/) Then let check what inside: > ls /var/lib/docker/volumes/artifacts_netbird-mgmt/_data/ > events.db GeoLite2-City.mmdb geonames.db store.db we can see multiple sqlite db the one we need is the "store.db". You will need sqlite3 if you want to modify this file "sqlite3 /var/lib/docker/volumes/artifacts_netbird-mgmt/_data/store.db" > sqlite3 /var/lib/docker/volumes/artifacts_netbird-mgmt/_data/store.db > SQLite version 3.40.1 2022-12-28 14:03:47 > Enter ".help" for usage hints. > sqlite> .tables > accounts network_addresses posture_checks > extra_settings peers routes > groups personal_access_tokens setup_keys > installations policies users > name_server_groups policy_rules > sqlite> Here we will need the table "accounts" and more exactly the network_net inside. > sqlite> .schema accounts > CREATE TABLE `accounts` (**`id` text**,`created_by` text,`created_at` datetime,`domain` text,`domain_category` text,`is_domain_primary_account` numeric,`network_identifier` text,**`network_net` text**,`network_dns` text,`network_serial` integer,`dns_settings_disabled_management_groups` text,`settings_peer_login_expiration_enabled` numeric,`settings_peer_login_expiration` integer,`settings_regular_users_view_blocked` numeric,`settings_groups_propagation_enabled` numeric,`settings_jwt_groups_enabled` numeric,`settings_jwt_groups_claim_name` text,`settings_jwt_allow_groups` text,`settings_extra_peer_approval_enabled` numeric,`settings_extra_integrated_validator_groups` text,PRIMARY KEY (`id`)); > CREATE INDEX `idx_accounts_domain` ON `accounts`(`domain`); In my case before modification i had: > sqlite> select network_net from accounts; > {"IP":"100.68.0.0","Mask":"//8AAA=="} You can find your id by "select id,network_net from accounts;". Then you just need to update (in my case i use 10.68.68.0/24 ): > sqlite3 /var/lib/docker/volumes/artifacts_netbird-mgmt/_data/store.db > SQLite version 3.40.1 2022-12-28 14:03:47 > Enter ".help" for usage hints. > sqlite> select network_net from accounts; > {"IP":"100.68.0.0","Mask":"//8AAA=="} > sqlite>UPDATE accounts SET network_net = '{"IP":"10.68.68.0","Mask":"////AA=="}' WHERE id = 'Replace by your account id'; > sqlite> select network_net from accounts; > {"IP":"10.68.68.0","Mask":"////AA=="} > sqlite>.quit By security i restart my docker stack of netbird "docker compose restart" to make sure the configuration is read again. After that i add my peers and confirm the usage of the new network. ### Take notice: With the change made in 0.27.5 (version test for this modification describe) we may be able to do it even after adding peer but will need to change each peer ip. This is possible because the ip field has been change from blob to text. you can find each peer id and ip with "select id,ip from peers;". You will need to change each peer with unique IP in the "network_net" define in account associate with the peer. In my case i have only one account and all my peer are associate with it. It seem to be the default for every sel-hosted instance. Example for one peer: UPDATE peers SET ip = '"10.68.68.2"' WHERE id = 'Replace by your peer id'; By security i restart my docker stack of netbird "docker compose restart" to make sure the configuration is read again. I never like the possibility to create instability by configuration or information that may be in cache. Thank you for your time and wish you a good day.

saavagebueno commented

@graphixillusion commented on GitHub (May 17, 2024):

Great! But i think i'll wait for some official option in the UI

@graphixillusion commented on GitHub (May 17, 2024): Great! But i think i'll wait for some official option in the UI

saavagebueno commented

@netandreus commented on GitHub (Oct 27, 2024):

Up! This is a really necessary feature.

@netandreus commented on GitHub (Oct 27, 2024): Up! This is a really necessary feature.

saavagebueno commented

@HaroldVB commented on GitHub (Dec 30, 2024):

+1, Would love this feature!

@HaroldVB commented on GitHub (Dec 30, 2024): +1, Would love this feature!

saavagebueno commented

@graphixillusion commented on GitHub (Dec 30, 2024):

actually this is already possible, we just need this option to be reflected in the GUI too

@graphixillusion commented on GitHub (Dec 30, 2024): actually this is already possible, we just need this option to be reflected in the GUI too

saavagebueno commented

@vijaygadde commented on GitHub (Jan 2, 2025):

+1

@vijaygadde commented on GitHub (Jan 2, 2025): +1

saavagebueno commented

@hjweddie commented on GitHub (Feb 4, 2025):

+1

@hjweddie commented on GitHub (Feb 4, 2025): +1

saavagebueno commented

@simpsonnth commented on GitHub (Feb 14, 2025):

+1

@simpsonnth commented on GitHub (Feb 14, 2025): +1

saavagebueno commented

@ozoromo commented on GitHub (Feb 25, 2025):

+1

@ozoromo commented on GitHub (Feb 25, 2025): +1

saavagebueno commented

@amanjuman commented on GitHub (Mar 1, 2025):

+1

@amanjuman commented on GitHub (Mar 1, 2025): +1

saavagebueno commented

@davidkobielski commented on GitHub (Mar 6, 2025):

+1

@davidkobielski commented on GitHub (Mar 6, 2025): +1

saavagebueno commented

@gslongo commented on GitHub (Mar 14, 2025):

+1

@gslongo commented on GitHub (Mar 14, 2025): +1

saavagebueno commented

@tienthanh2509 commented on GitHub (Mar 21, 2025):

+1

@tienthanh2509 commented on GitHub (Mar 21, 2025): +1

saavagebueno commented

@tatupesonen commented on GitHub (Mar 25, 2025):

+1

@tatupesonen commented on GitHub (Mar 25, 2025): +1

saavagebueno commented

@ws23xt commented on GitHub (Mar 31, 2025):

+1

@ws23xt commented on GitHub (Mar 31, 2025): +1

saavagebueno commented

@PentiumB commented on GitHub (Apr 1, 2025):

+1
This is a really vital feature. I feel sick that I can't assign a range of addresses to peers. PLEASE implement this ASAP.
for example, it would be nice to link them to groups.

@PentiumB commented on GitHub (Apr 1, 2025): +1 This is a really vital feature. I feel sick that I can't assign a range of addresses to peers. PLEASE implement this ASAP. for example, it would be nice to link them to groups.

saavagebueno commented

@rakiamaker commented on GitHub (Apr 7, 2025):

+1

@rakiamaker commented on GitHub (Apr 7, 2025): +1

saavagebueno commented

@BlueSquare23 commented on GitHub (Apr 9, 2025):

+1

@BlueSquare23 commented on GitHub (Apr 9, 2025): +1

saavagebueno commented

@groetzner-net commented on GitHub (Apr 16, 2025):

+1

@groetzner-net commented on GitHub (Apr 16, 2025): +1

saavagebueno commented

@alpex8 commented on GitHub (Apr 18, 2025):

+1

@alpex8 commented on GitHub (Apr 18, 2025): +1

saavagebueno commented

@mh166 commented on GitHub (Apr 19, 2025):

Hey everyone,
I'm no developer or contributer, but maybe I can still ask a small favor: Instead of posting "+1", use the 👍-emoji on the first post.

This has two benefits:

The developers can better gauge the interest by sorting the feature requests by reaction like so.
And everyone subscribed to this issue will be grateful because they receive notifications only when there is an actual discussion. Not everytime there's another "+1".

Thank you! 🙂

@mh166 commented on GitHub (Apr 19, 2025): Hey everyone, I'm no developer or contributer, but maybe I can still ask a small favor: Instead of posting "+1", use the 👍-emoji on the first post. This has two benefits: 1. The developers can better gauge the interest by sorting the feature requests by reaction [like so](https://github.com/netbirdio/netbird/issues?q=state%3Aopen%20label%3A%22feature-request%22%20sort%3Areactions-%2B1-desc). 2. And everyone subscribed to this issue will be grateful because they receive notifications only when there is an actual discussion. Not everytime there's another "+1". Thank you! 🙂

saavagebueno commented

@benniekiss commented on GitHub (Jun 6, 2025):

Would an environment variable or flag to the management service be a viable way to implement this?

The netmask is hardcoded here: b56f61bf1b/management/server/types/network.go (L21-L29)

And the IP is hardcoded here: b56f61bf1b/management/server/types/network.go (L121-L135)

Are there other places the network is defined?

It would be helpful to be able to change both the global IP and netmask and the per-client netmask. Currently, it looks like the client IP is selected as a /16 network from the range of 100.64.0.0/10 addresses, but it would be helpful to make it so that I could, for instance, make the client ip a /32 network from the range of 100.64.0.0/24 addresses.

two flags could be added to the management service, --client-netmask=/16and --network-ip=100.64.0.0/10, which would take args in CIDR notation.

two env-vars could be added, NB_CLIENT_NETMASK and NB_NETWORK_IP, which would also take args in CIDR notation.

@benniekiss commented on GitHub (Jun 6, 2025): Would an environment variable or flag to the management service be a viable way to implement this? The netmask is hardcoded here: https://github.com/netbirdio/netbird/blob/b56f61bf1b093afaed242a22f861475a40eafe1d/management/server/types/network.go#L21-L29 And the IP is hardcoded here: https://github.com/netbirdio/netbird/blob/b56f61bf1b093afaed242a22f861475a40eafe1d/management/server/types/network.go#L121-L135 Are there other places the network is defined? It would be helpful to be able to change both the global IP and netmask and the per-client netmask. Currently, it looks like the client IP is selected as a `/16` network from the range of `100.64.0.0/10` addresses, but it would be helpful to make it so that I could, for instance, make the client ip a `/32` network from the range of `100.64.0.0/24` addresses. two flags could be added to the management service, `--client-netmask=/16`and `--network-ip=100.64.0.0/10`, which would take args in CIDR notation. two env-vars could be added, `NB_CLIENT_NETMASK` and `NB_NETWORK_IP`, which would also take args in CIDR notation.

saavagebueno commented

@chicoIA commented on GitHub (Jun 19, 2025):

Would an environment variable or flag to the management service be a viable way to implement this?

The netmask is hardcoded here:

netbird/management/server/types/network.go

Lines 21 to 29 in b56f61b

const (
// SubnetSize is a size of the subnet of the global network, e.g. 100.77.0.0/16
SubnetSize = 16
// NetSize is a global network size 100.64.0.0/10
NetSize = 10

// AllowedIPsFormat generates Wireguard AllowedIPs format (e.g. 100.64.30.1/32)
AllowedIPsFormat = "%s/32"
)
And the IP is hardcoded here:

netbird/management/server/types/network.go

Lines 121 to 135 in b56f61b

func NewNetwork() *Network {

n := iplib.NewNet4(net.ParseIP("100.64.0.0"), NetSize)
sub, _ := n.Subnet(SubnetSize)

s := rand.NewSource(time.Now().Unix())
r := rand.New(s)
intn := r.Intn(len(sub))

return &Network{
Identifier: xid.New().String(),
Net: sub[intn].IPNet,
Dns: "",
Serial: 0}
}
Are there other places the network is defined?

It would be helpful to be able to change both the global IP and netmask and the per-client netmask. Currently, it looks like the client IP is selected as a network from the range of addresses, but it would be helpful to make it so that I could, for instance, make the client ip a network from the range of addresses./16``100.64.0.0/10``/32``100.64.0.0/24

two flags could be added to the management service, and , which would take args in CIDR notation.--client-netmask=/16``--network-ip=100.64.0.0/10

two env-vars could be added, and , which would also take args in CIDR notation.NB_CLIENT_NETMASK``NB_NETWORK_IP

The environment variable would be perfect and functional.
Would it be possible to edit it in the code directly and then run it from Docker with the values I need?
Is there a function that validates the size of the subnets? For example, 10 bits larger and divided into parts of 16 (64 networks)? Or, if possible, I would ask to edit the code and use 10.255.255.0 with /24, so that it looks like this:

SubnetSize = 24
NetSize = 24
So only the network limited to 256 hosts will be distributed to the peers?

Thanks

@chicoIA commented on GitHub (Jun 19, 2025): > Would an environment variable or flag to the management service be a viable way to implement this? > > The netmask is hardcoded here: > > [netbird/management/server/types/network.go](https://github.com/netbirdio/netbird/blob/b56f61bf1b093afaed242a22f861475a40eafe1d/management/server/types/network.go#L21-L29) > > Lines 21 to 29 in [b56f61b](/netbirdio/netbird/commit/b56f61bf1b093afaed242a22f861475a40eafe1d) > > const ( > // SubnetSize is a size of the subnet of the global network, e.g. 100.77.0.0/16 > SubnetSize = 16 > // NetSize is a global network size 100.64.0.0/10 > NetSize = 10 > > // AllowedIPsFormat generates Wireguard AllowedIPs format (e.g. 100.64.30.1/32) > AllowedIPsFormat = "%s/32" > ) > And the IP is hardcoded here: > > [netbird/management/server/types/network.go](https://github.com/netbirdio/netbird/blob/b56f61bf1b093afaed242a22f861475a40eafe1d/management/server/types/network.go#L121-L135) > > Lines 121 to 135 in [b56f61b](/netbirdio/netbird/commit/b56f61bf1b093afaed242a22f861475a40eafe1d) > > func NewNetwork() *Network { > > n := iplib.NewNet4(net.ParseIP("100.64.0.0"), NetSize) > sub, _ := n.Subnet(SubnetSize) > > s := rand.NewSource(time.Now().Unix()) > r := rand.New(s) > intn := r.Intn(len(sub)) > > return &Network{ > Identifier: xid.New().String(), > Net: sub[intn].IPNet, > Dns: "", > Serial: 0} > } > Are there other places the network is defined? > > It would be helpful to be able to change both the global IP and netmask and the per-client netmask. Currently, it looks like the client IP is selected as a network from the range of addresses, but it would be helpful to make it so that I could, for instance, make the client ip a network from the range of addresses.`/16``100.64.0.0/10``/32``100.64.0.0/24` > > two flags could be added to the management service, and , which would take args in CIDR notation.`--client-netmask=/16``--network-ip=100.64.0.0/10` > > two env-vars could be added, and , which would also take args in CIDR notation.`NB_CLIENT_NETMASK``NB_NETWORK_IP` The environment variable would be perfect and functional. Would it be possible to edit it in the code directly and then run it from Docker with the values I need? Is there a function that validates the size of the subnets? For example, 10 bits larger and divided into parts of 16 (64 networks)? Or, if possible, I would ask to edit the code and use 10.255.255.0 with /24, so that it looks like this: SubnetSize = 24 NetSize = 24 So only the network limited to 256 hosts will be distributed to the peers? Thanks

saavagebueno commented

@nazarewk commented on GitHub (Jun 20, 2025):

I start to wonder, what exactly is the use case for changing the NetBird network address ranges?
You still won't be able to use the network range for anything else outside NetBird, I seen a user who tried (and failed) to integrate the NetBird network range (like 10.12.0.0/16) into their infra being unaware of this and/or not setting it up completely enough.

We are using a well-known CGNAT range that is specifically reserved for this purpose.
The only conceivable scenario where changing this might be required is when you are trying to run NetBird directly on a device receiving a CGNAT IP address directly from ISP (or whatever upstream router) and is colliding with the NetBird network range.

To my knowledge, this only happens with mobile network providers and is still very rare.

@nazarewk commented on GitHub (Jun 20, 2025): I start to wonder, what exactly is the use case for changing the NetBird network address ranges? You still won't be able to use the network range for anything else outside NetBird, I seen a user who tried (and failed) to integrate the NetBird network range (like `10.12.0.0/16`) into their infra being unaware of this and/or not setting it up completely enough. We are using a well-known CGNAT range that is specifically reserved for this purpose. The only conceivable scenario where changing this might be required is when you are trying to run NetBird directly on a device receiving a CGNAT IP address directly from ISP (or whatever upstream router) and is colliding with the NetBird network range. To my knowledge, this only happens with mobile network providers and is still very rare.

saavagebueno commented

@chicoIA commented on GitHub (Jun 20, 2025):

Good morning!
Exactly.
What I intend to do is use Netbird as a parallel access overlay network to manage hosts of an ISP (CPEs and routers), so in this case the destination IPs (which will be routed after the peers) next-hop will be 100.64.0.0/10.

In this scenario I will not compete or depend on resources of the network as a whole, because I will use mobile networks to link the peers that will bring visibility to this network to be accessed.

@chicoIA commented on GitHub (Jun 20, 2025): Good morning! Exactly. What I intend to do is use Netbird as a parallel access overlay network to manage hosts of an ISP (CPEs and routers), so in this case the destination IPs (which will be routed after the peers) next-hop will be 100.64.0.0/10. In this scenario I will not compete or depend on resources of the network as a whole, because I will use mobile networks to link the peers that will bring visibility to this network to be accessed.

saavagebueno commented

@benniekiss commented on GitHub (Jun 20, 2025):

My use case is that I use both tailscale and netbird as subnet routers, and I would like a way to predictably prevent IP conflicts. Right now, I have a headscale server deployed thats limited to a 100.64.0.0/24 network, and I would like to be able to set netbird to provide 100.64.1.0/24, for example. The netbird range is rather large, so the chance of a collision is low, but I want my network to be controlled and predictable.

For the record, headscale allows limiting the network prefix. Technically, it can change the whole network IP, I believe, but the tailscale clients are limited to supporting addresses in the 100.64.0.0/10 range.

Netbird supporting custom network IPs and client netmasks would be helpful because it makes it the most flexible option for a self hosted deployment.

@benniekiss commented on GitHub (Jun 20, 2025): My use case is that I use both tailscale and netbird as subnet routers, and I would like a way to predictably prevent IP conflicts. Right now, I have a headscale server deployed thats limited to a `100.64.0.0/24` network, and I would like to be able to set netbird to provide `100.64.1.0/24`, for example. The netbird range is rather large, so the chance of a collision is low, but I want my network to be controlled and predictable. For the record, headscale allows limiting the network prefix. Technically, it can change the whole network IP, I believe, but the tailscale clients are limited to supporting addresses in the `100.64.0.0/10` range. Netbird supporting custom network IPs and client netmasks would be helpful because it makes it the most flexible option for a self hosted deployment.

saavagebueno commented

@Scot-Survivor commented on GitHub (Jul 20, 2025):

The 100.100 range is often used by Tailscale, and a lot of my users are having issues because of this.
So changing the range is vital to allow my users to have both VPNs active at the same time.

The joys of everyone being a developer, is that they all use tailscale a lot.

@Scot-Survivor commented on GitHub (Jul 20, 2025): The 100.100 range is often used by Tailscale, and a lot of my users are having issues because of this. So changing the range is _vital_ to allow my users to have both VPNs active at the same time. The joys of everyone being a developer, is that they all use tailscale _a lot_.

saavagebueno commented

@nazarewk commented on GitHub (Aug 6, 2025):

implemented by https://github.com/netbirdio/netbird/pull/4177
released at https://github.com/netbirdio/netbird/releases/tag/v0.53.0

@nazarewk commented on GitHub (Aug 6, 2025): implemented by https://github.com/netbirdio/netbird/pull/4177 released at https://github.com/netbirdio/netbird/releases/tag/v0.53.0

saavagebueno commented

@graphixillusion commented on GitHub (Aug 6, 2025):

Any doc for this new feature? I have update the client and the docker images but how to change the subnet/mask with this new method?

@graphixillusion commented on GitHub (Aug 6, 2025): Any doc for this new feature? I have update the client and the docker images but how to change the subnet/mask with this new method?

saavagebueno commented

@FoxxMD commented on GitHub (Aug 6, 2025):

@graphixillusion looks like its API only at this point. You'll need to create an access token and then craft an api call to the correct endpoint. The API docs are currently 404'ing... but based on the PR diff it looks like

PUT /api/accounts/{accountId}

{
  "settings": {
    "network_range": "100.64.0.0/16"
   }
}

may do the trick

@FoxxMD commented on GitHub (Aug 6, 2025): @graphixillusion looks like its API only at this point. You'll need to [create an access token](https://docs.netbird.io/api/guides/quickstart) and then craft an api call to the correct endpoint. [The API docs are currently 404'ing...](https://docs.netbird.io/api/resources/accounts) but based on the [PR diff](https://github.com/netbirdio/netbird/pull/4177/files#diff-6e863969ff5c4c461608f99640e07b6c84de87af712ca4f3bcf8e2171dbb05ee) it looks like PUT `/api/accounts/{accountId}` ```json { "settings": { "network_range": "100.64.0.0/16" } } ``` may do the trick

saavagebueno commented

@jhmc93 commented on GitHub (Aug 6, 2025):

Has this been properly implemented yet? Or is the above message the only available method?

@jhmc93 commented on GitHub (Aug 6, 2025): Has this been properly implemented yet? Or is the above message the only available method?

saavagebueno commented

@gslongo commented on GitHub (Aug 7, 2025):

Has this been properly implemented yet? Or is the above message the only available method?

@gslongo commented on GitHub (Aug 7, 2025): > Has this been properly implemented yet? Or is the above message the only available method? <img width="1249" height="607" alt="Image" src="https://github.com/user-attachments/assets/1a6ab012-4085-402a-b135-e51011872e9e" />

saavagebueno commented

@graphixillusion commented on GitHub (Aug 7, 2025):

I still don't see this option in my ui. And for now i'm up to date with the container's images

@graphixillusion commented on GitHub (Aug 7, 2025): I still don't see this option in my ui. And for now i'm up to date with the container's images

saavagebueno commented

@graphixillusion commented on GitHub (Aug 12, 2025):

I still can't see this option on my end. And i'm up to date with the container's image. Is there anything special to do?

@graphixillusion commented on GitHub (Aug 12, 2025): I still can't see this option on my end. And i'm up to date with the container's image. Is there anything special to do?

saavagebueno commented

@Marcus1Pierce commented on GitHub (Aug 18, 2025):

@graphixillusion Which version of the Netbird management service and dashboard container are you currently running? I’m using the latest version of Netbird Management (v0.54.2) and Dashboard (v2.16.0) the option is available.

@Marcus1Pierce commented on GitHub (Aug 18, 2025): @graphixillusion Which version of the Netbird management service and dashboard container are you currently running? I’m using the latest version of Netbird Management (v0.54.2) and Dashboard (v2.16.0) the option is available. <img width="901" height="449" alt="Image" src="https://github.com/user-attachments/assets/190b89b3-4a7f-468d-a3fd-7ad11d2ee52f" />

saavagebueno commented