Allow Route to FreeBSD client about netbird HOT 13 OPEN

I've forked the repos on GH and added my changes.
Build works for me on the newest OPNSense version.
Netbird has to be configured manually via the CLI. In case the CARP feature should be used auto connect must be disabled. Without CARP it has to be enabled.

Netbird port
https://github.com/moserpjm/freebsd-ports

Build instruction:
cd net/netbird
make makesum
make package

OPNSense plugin
https://github.com/moserpjm/opnsense-plugins

Build instruction:
cd net/netbird
make package

from netbird.

Great to see the community getting involved and being able to contribute towards this!
Well done @moserpjm :)
This is a feature that a lot of us are waiting for (reduces infrastructure requirements for self-hosting netbird and lets us re-use existing equipment)

from netbird.

@robdeweese great to hear.
I'm currently reworking the CARP support. The current implementation regenerates the hook script every time the settings are saved. Unfortunately the execute flag of the script gets lost in this process. After digging through other plugins I'm now reimplementing it as a PHP script which dynamically fetches the settings. Looks like that's the preferred way.

from netbird.

Is there an OPNSense repo I can use to install these? I'd love to test them out.

If you're brave enough you can try the build in my RC repo.

• fetch -o /usr/local/etc/pkg/repos/netbird-rc-241.conf https://os-pkg.pjm.co.at/netbird-rc-241.conf
• pkg update
• Install os-netbird (It should show up under VPN)
• Add a firewall rule to open the desired WG port
• Change the settings to your liking and enable it.
• Use the setup function on the settings page or do manual netbird up with the desired options.
• Assign the wt0 interface
• Enable the interface (Don't forget to check "Prevent interface removal")
• If you enable the CARP functionality you have to press the "Set UP" button on the connection status page of the MASTER otherwise both nodes are down until a CARP event happens.

from netbird.

Really Cool, @moserpjm. Would you share the port and the code changes you've done? We plan to add support to PFsense and OPNSense soon, but we are a bit short on capacity and any community help is welcome.

from netbird.

Due to the fact that we're a JVM shop I'm not an expert on BSD ports. :D
I have two repos on our Bitbucket server. One with a clone of the FreeBSD ports tree plus the folder security/netbird and a second with a clone of the OPNSense plugins GH repo plus the folder net/netbird.
The feature set of the plugin is service control and creation of a CARP hook script to execute netbird up/down on change of the master node.
What would be the best way to make this source accessible for you? Unfortuately I don't have the time to try to get it into the official ports / plugin trees.

from netbird.

@moserpjm you can give access to [email protected] and from there I can fork it.

from netbird.

I'll cleanup the code a little bit, push it to GitHub and then invite you.

from netbird.

@moserpjm thanks for this, built and tested on pfsense arm and opnsense x86-64, works on both, including egress.

from netbird.

Is there an OPNSense repo I can use to install these? I'd love to test them out.

from netbird.

Is there an OPNSense repo I can use to install these? I'd love to test them out.

I've put the packages ive built here https://nhd.cx/w6we3 but I only build the client, not the web interface. They will run on pfsense and opnsense

but they are very easy to build yourself as well, @moserpjm provided instructions above

from netbird.

Just some quick updates:

I found out hat OPNSense is maintaining a fork of the freebsd-ports repo with tags of all releases in it. So I've rebased on that.
https://github.com/moserpjm/opnsense-ports -> Current branch is 24.1.10-netbird-develop.

There are new patches included:

• sets the host manager to noop. This prevents netbird from even trying to update the resolv.conf file.
• stets the reveived routes proto to nil to avoid the warning that it received a route but shouldnt as it's FreeBSD. This should alsow avoid any routing table incidents when nebird starts supporting FreeBSD routes in the future.

It would be really nice to have environment variables for those settings in netbird to get rid of the patches.

The plugin now has some new features:

• New status page with filter/sortable host table
• Manual netbird up/down control on the status page.
• Form to do the initial netbird up -k .... (only -k -m and -n available via GUI atm)
• New php based CARP syshook
• Checkboxes to enable rosenpass / rosenpass permissive
• Ability to set the wireguard port.

My current working branch is "new-status".

We're currently testing it with our firewalls at the office. A repo for internal use is already in place. I'll try to get a cheap VPS to let you try my builds.

from netbird.

I've uploaded 0.28.5 builds to the PR repo.
Please stop the service before installing the update.
This update fixes problem of netbird not stating if it crashed before and didn't delete it's wt0 tun device.
Also syslog output is now enabled.
The OS plugin now contains the appropriate syslog filter and a link to the log viewer.

I've also restructured the repos. There are now development branches for OS 24.1 and 24.7 in both repos. For future builds I'll tag them in GIT with the port/plugin version.

24.7 versions work fine on the latest R2.
My only problem is the maintainance nightmare of two versions. :D

from netbird.