Reuse network adapter profile on Windows instead of bloating the registry #674

Closed
opened 2025-11-20 05:15:48 -05:00 by saavagebueno · 2 comments
Owner

Originally created by @GermanCoding on GitHub (Mar 3, 2024).

Is your feature request related to a problem? Please describe.
Currently, netbird on Windows always creates a new network adapter and corresponding network profile when the application starts/restarts. This causes a new network profile to be created in the Windows registry (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles). After a few restarts, the registry is quickly bloated with leftover profiles, which is not only wasteful but also visually ugly - in the Windows Network Center, the profile shows up with duplicate names like "wt0 (8)" because Windows renames duplicate profiles automatically.

This also prevents network administrators from configuring the interface: Common issues revolve around setting the interface to private (this gets reset by the creation of a new profile) and customizing local firewalls (especially of third party vendors - those are sometimes entirely based on network profiles).

Describe the solution you'd like
Netbird should reuse an existing network profile when creating the TUN device. This appears to be (almost) trivially possible by changing:

index 900e62f..4dac66f 100644
--- a/iface/tun_windows.go
+++ b/iface/tun_windows.go
@@ -41,7 +41,7 @@ func newTunDevice(name string, address WGAddress, port int, key string, mtu int,
 }
 
 func (t *tunDevice) Create() (wgConfigurer, error) {
-	tunDevice, err := tun.CreateTUN(t.name, t.mtu)
+	tunDevice, err := tun.CreateTUNWithRequestedGUID(t.name, &myGUID, t.mtu)
 	if err != nil {
 		return nil, err
 	}

17f5abc653/iface/tun_windows.go (L44C24-L44C33)

This causes wireguard to reuse an existing profile if one with such a GUID exists. The GUID should be deterministic across restarts, possibly generated from the client's public key?

Describe alternatives you've considered
There aren't really any alternatives except accepting this problem or not using Netbird.

Additional context
I'm new to go, so I'm not entirely confident with submitting a PR myself right now. Are you interested in a PR for this?

Originally created by @GermanCoding on GitHub (Mar 3, 2024). **Is your feature request related to a problem? Please describe.** Currently, netbird on Windows always creates a new network adapter and corresponding network profile when the application starts/restarts. This causes a new network profile to be created in the Windows registry (`HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles`). After a few restarts, the registry is quickly bloated with leftover profiles, which is not only wasteful but also visually ugly - in the Windows Network Center, the profile shows up with duplicate names like "wt0 (8)" because Windows renames duplicate profiles automatically. This also prevents network administrators from configuring the interface: Common issues revolve around setting the interface to private (this gets reset by the creation of a new profile) and customizing local firewalls (especially of third party vendors - those are sometimes entirely based on network profiles). **Describe the solution you'd like** Netbird should reuse an existing network profile when creating the TUN device. This appears to be (almost) trivially possible by changing: ```diff --git a/iface/tun_windows.go b/iface/tun_windows.go index 900e62f..4dac66f 100644 --- a/iface/tun_windows.go +++ b/iface/tun_windows.go @@ -41,7 +41,7 @@ func newTunDevice(name string, address WGAddress, port int, key string, mtu int, } func (t *tunDevice) Create() (wgConfigurer, error) { - tunDevice, err := tun.CreateTUN(t.name, t.mtu) + tunDevice, err := tun.CreateTUNWithRequestedGUID(t.name, &myGUID, t.mtu) if err != nil { return nil, err } ``` https://github.com/netbirdio/netbird/blob/17f5abc6537c79fb36f4afc7c74b7670108123be/iface/tun_windows.go#L44C24-L44C33 This causes wireguard to reuse an existing profile if one with such a GUID exists. The GUID should be deterministic across restarts, possibly generated from the client's public key? **Describe alternatives you've considered** There aren't really any alternatives except accepting this problem or not using Netbird. **Additional context** I'm new to go, so I'm not entirely confident with submitting a PR myself right now. Are you interested in a PR for this?
saavagebueno added the feature-request label 2025-11-20 05:15:48 -05:00
Author
Owner

@VMax4 commented on GitHub (Apr 3, 2024):

I add that all this happen for sure on Windows 8 and Windows11 for my experience but i suppose that happen to Windows 10 and so on too, but, sure it happen on Ubuntu 22.04 LTS too, where on each reboot a new wt0 is generated and to connect you must delete all the wt0 except for one and then disconnect and then reconnect it, a big bug, hope all this will be fixed soon.
Also, if for a peer (i saw this in Widows 11) login expiration is enabled, then, when it is expired the netbird ui come uninstalled from the system too with no reason i suppose... so to relogin you have to reinstall netbird again

@VMax4 commented on GitHub (Apr 3, 2024): I add that all this happen for sure on Windows 8 and Windows11 for my experience but i suppose that happen to Windows 10 and so on too, but, sure it happen on Ubuntu 22.04 LTS too, where on each reboot a new wt0 is generated and to connect you must delete all the wt0 except for one and then disconnect and then reconnect it, a big bug, hope all this will be fixed soon. Also, if for a peer (i saw this in Widows 11) login expiration is enabled, then, when it is expired the netbird ui come uninstalled from the system too with no reason i suppose... so to relogin you have to reinstall netbird again
Author
Owner

@Svetloslav commented on GitHub (Aug 23, 2024):

This issue is wrongly filed under "feature request". It is not! It is a huge, longstanding bug. You can see it brilliantly resolved in Tailscale. Sad!

@Svetloslav commented on GitHub (Aug 23, 2024): This issue is wrongly filed under "feature request". It is not! It is a huge, longstanding bug. You can see it brilliantly resolved in Tailscale. Sad!
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: SVI/netbird#674