Added a plugin for Netbird #4531
Conversation
|
Thank you for doing this—was considering taking a hack at a netbird plugin since I also packaged/maintain it for openSUSE..but I'm very glad someone else did it. :) Really really hope it gets merged soon. |
|
@hrfried actually we're making it a requirement to have it included in FreeBSD ports first opnsense/ports#218 (comment) If you know some ins and outs for maintaining a package maybe you can help out here too :) |
|
I reached out to the Netbird team to see if they have any objections on me adding the port to FreeBSD. No answer yet. |
|
From experience, authors do not maintain ports and packages for varying reasons and there should be no harm to go ahead with it indeed as it is in the interest of the authors, too. Cheers, |
|
Just do it, I was also maintaining Cacti port for long time not beeing the main dev over there :) |
|
Ok, out of nowhere the Netbird now submitted Netbird to the FreeBSD Ports. But they have chosen security/netbird, Tailscale is also in security/. I was using net/ because I oriented on Zerotier, which is there. I think it needs to be consistent, right? Port is security/netbird, then the plugin would also be security/netbird? I would need to recreate the pull request. Did you maybe already had a chance to review the code for bigger issues? I would be happy to fix them. |
|
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284877 looks like a netbird employee, oh well :) yes, let's align with security/netbird then. it will save a lot of confusion later. |
|
Update: the port request was accepted. How can we proceed here? Do we need to change the category from network to security like in the ports tree? |
|
It's now in our tree via opnsense/ports@9521b10081 -- let me make a quick review here and then the process is to add the port to ports.conf in tools.git and get the plugin merged too |
Start with 0.1 Co-authored-by: Franco Fichtner <[email protected]>
Co-authored-by: Franco Fichtner <[email protected]>
Co-authored-by: Franco Fichtner <[email protected]>
|
@KeenanFalcon I am from NetBird's team. We are looking into OPNSense now and would like to help move this forward. We just finished the PFsense version and would like to add a few UI changes from that version into the work you are doing. Would it be ok to fork and open a PR to your fork, or would it be better to open the PR directly to the plugin's repo? |
I think to open the PR directly to the plugin's repo will be the right choice. |
I have been away some time with my son, so i haven't had much time on the computer lately. But i have looked a little bit more in to rearranging the UI. I'm not sure what approach will be best, but your are welcome to make an PR to my Repo, so the plugin maybe are more clean and closer to the finished plugin before making an PR directly to the plugin's repo. Is it only for the UI that your have some suggestions, or have you also been looking into the backend? |
We are looking at both. There might be some installation and a restart. We would also like to maintain the plugin moving forward. |
|
I would be more than happy to see Netbird picking up the development and maintenance of the plugin. 
I think the boxes for "Disable client routes" and "Disable custom routing" are really important for some people. Would your idea be to pick it up from there or to create something based on the pfSense plugin? |
net/netbird/src/opnsense/mvc/app/models/OPNsense/netbird/Initial.xml
Outdated
Show resolved
Hide resolved
|
Last round of review questions is still open. It would be good to bring this over the finish line first. Anyone can work on the next steps afterwards. |
|
@Gauss23 by following PFSense GUI, we mean more on split authentication and settings and have a more clear text status page. See some examples: 
In any case, this is a work in progress. We intend to follow @fichtner last comment and help @Gauss23 finish the PR by addressing the comments, then we can join forces with @KeenanFalcon to apply the UI changes above. Let us know if this doesn't make any sense. |
…al.xml A hint would be needed for the format of the setup-key Co-authored-by: Franco Fichtner <[email protected]>
Fixed copyright notes
|
The open points would be:
I'm currently covered in work, so I would not be sad, if someone could provide fixes, I can implement them in this PR. |
…tbird removed the osrelease helper to get the FreeBSD version. Another source needs to be found, but that's not in the scope of this plugin Co-authored-by: Franco Fichtner <[email protected]>
|
opnsense/tools@13ec1f17c9bb is done so I think w should merge this before proceeding with more changes outside this initial PR scope |
|
@Gauss23 if you say it's ready I'll merge it |
|
I would need to build the plugin again after all those changes to see if it works. Hope to find some time this evening (Berlin time). Wouldn't mind if someone else is able to build it and test it, maybe someone from the Netbird team? |
|
Everyone can test on master branch then ;) Thanks! |
|
FYI 9b67a27280e I can't test this in detail, but I'd rather want to consolidate this now than clogging up future PRs. I'll have more time to look at this after 25.7 is out next week. |
|
I just started a fresh OPNsense installation and was building the plugin. There was an error after running the initial setup with the setup-key. Apart from the message it seems to run. At least as long as you don't change the config. The path for the config file seemed to have changed. Now it's: /var/db/netbird/config.json. I think this needs some polishing. As expected, it registers as Linux in the Netbird management console. Messages during initial setup. |
|
I just tried to change the file name for the config file in /mvc/app/controllers/OPNsense/Netbird/Api/ServiceController.php to the config.json in /var/db but as expected that won't work as those files are owned by root and changing the file from the controller directly is not allowed. What would be needed to change from direct file writes to the configd approach? |
|
Leave the file where it is, it's recommended location for for FreeBSD? If they can support the rc config as tailscale does, that would be the approach. |
I ran in to the same error when i tried to install and run the plugin, and i have seen the part about the buffer size before. My template for "/etc/rc.conf.d/netbird" as looking like this. Maybe @sheridans can give an offer on whether it's safe to increase the UDP-Buffer-Size? |
|
I was testing on the newest 25.1.11. Maybe the service was not enabled yet, when running the setup. Something we should be able to check, right? I don't know who changed the config path. When I created the PR, Netbird was using the path /usr/local/etc/netbird/config.json. But for some reason the running daemon on my test-box was now using /var/db/netbird/config.json. Netbird version 0.49 from the official source. It would be great if someone else could pick up the plugin from here. Ideally someone from the Netbird team. |
|
You're right, the location was changed. During FreeBSD port submission, it was decided |
|
Yes we have talked about that they changed location before. But what are the best location seen from OPNsense's perspective, in regards to backups and when being in HA Carp mode? |
|
The HA only syncs the config.xml section, not any other files on disk. |
|
Hello everyone, Is it possible to implement a function like “Disable Routes”, similar to what’s available in the WireGuard server? I’d like to use Netbird as a VPN backend for OSPF and BGP. For that to work, all IPs need to be allowed, but Netbird should not inject any routes into the system. Additionally, I’ve noticed that if a network is not directly connected to the OPNsense, for example, if it’s behind another router and reachable via a static route configured in OPNsense, it does not get routed through the VPN. |
|
Hi, guys, how can I install the plugin in opnsense 25.7.1_1? cannot find it in plugins. What I must do? |
This is an initial version of a plugin for Netbird.
I've also created a pull request for the Netbird port, as a small patch is currently needed.
https://netbird.io/