mirror of
https://github.com/netbirdio/docs.git
synced 2026-05-22 17:07:57 -07:00
Jack Carter
2f46f5e4dc
* docs: add Site-to-VPN scenario guide
New dedicated guide for letting clientless devices on a local network
initiate connections to NetBird peers (the reverse of VPN-to-Site).
Covers static-route and DNAT options, DNS resolution via dnsmasq, and
explains why the target peer always observes the routing peer's NetBird
IP as the source.
- Add src/pages/manage/network-routes/use-cases/by-scenario/site-to-vpn.mdx
- Wire it into NavigationDocs.jsx
- Update the site-to-site overview table row to point at the new page
- Replace the stub Site-to-VPN subsection in site-to-site-office.mdx
with a pointer to the new guide
* docs(site-to-vpn): correct source-IP section, add firewall and interface notes
- Source IP Behavior: remove the option that suggested emptying the
destination peer's policies. That doesn't preserve source IP; it just
tears down the wireguard pairing. Replace with an honest "not possible
with legacy Network Routes."
- Step 3: call out that hosts with FORWARD-DROP firewalls (UFW, firewalld)
need an explicit ACCEPT rule between the site interface and wt0.
- Option B: prefix the DNAT step with `ip -br addr` so customers find the
right site-facing interface instead of assuming eth0.
- Step 1: use "Name" for the setup key field instead of the route-only
"Network Identifier".
* docs(site-to-vpn): tighten prereqs, firewall step, and source-IP wording
- Drop generic prereqs (account, routing peer hardware, target peer)
- Reduce Step 3 to the host-firewall FORWARD rule
- Label Networks-feature Site-to-VPN as 'not possible' rather than limited
- Rename topology arrow to 'NetBird Overlay'
- Clarify masquerade lives on the routing peer in troubleshooting
* docs(site-to-vpn): switch primary path to Networks; document outbound SNAT requirement
Verified in the lab that Networks supports Site-to-VPN with the same
shape as Network Routes (Resource + Routing Peer + peer-group policy).
The differentiating factor is not the feature but the routing peer
platform: NetBird's masquerade flag does not install a working outbound
SNAT on non-Linux peers or in userspace mode, so the user must configure
it explicitly on the routing peer or upstream firewall.
Doc changes:
- Lead with Networks; Network Routes is now framed as an equivalent
alternative rather than the only option
- New Step 3 dedicated to the outbound SNAT (Linux iptables, pfSense /
OPNsense, MikroTik examples)
- New section "Outbound SNAT requirement" explaining why the destination
peer's access control rejects unrewritten site IPs and where the
dashboard masquerade flag is and isn't sufficient
- Up-front Warning calls out the platform requirement so customers don't
silently misconfigure
- Troubleshooting entry updated to point at SNAT counters and tcpdump
- Updated Source IP Behavior section to reflect that the behavior is the
same on both Networks and Network Routes
Parent page changes:
- /use-cases/site-to-site: Scenario Support table now shows Site-to-VPN
as Yes on both Networks and Network Routes; "Which Scenario Do I Need"
row points at both implementations
* docs(site-to-vpn): make static route the only Step 6 path; move DNAT to appendix
The static-route approach is the canonical setup; the per-service DNAT
option is a fallback for sites where routing changes aren't possible.
Treat it that way in the doc to keep the main flow linear.
- Step 6 now describes only the static-route approach (former Option A)
- Add a one-line pointer at the end of Step 6 to the appendix for sites
where the route can't be set
- Move the DNAT instructions to a new appendix at the bottom of the page
- Simplify Test Connectivity to a single curl
- Trim the Option-A/Option-B framing from the Troubleshooting "Connection
times out" entry
* docs(site-to-vpn): drop Source IP Behavior section
The "Outbound SNAT requirement" section already covers why the source IP
ends up as the routing peer's NetBird IP; a separate Source IP Behavior
section was repeating the same point and adding a speculative paragraph
about future Networks support. Drop both, plus the up-front Warning that
pointed at the removed section.
* docs(site-to-vpn): drop the Networks-vs-Network-Routes note
The guide is written around Networks; the side-note suggesting Network
Routes as an alternative path adds noise without value. The Step 4 inline
note keeps the Network Routes equivalent for anyone who needs it.
* docs(site-to-vpn): drop the inline Network Routes equivalent note
The guide is Networks-only now. Pointing readers at Network Routes mid-flow
just creates two paths to maintain without serving the reader who's
following the steps in front of them.
* docs(site-to-vpn): move page under Networks → Use Cases
The page describes a Networks-based setup; living under Network Routes
mis-categorised it.
- git mv to /manage/networks/use-cases/site-to-vpn.mdx (as a direct
child of Use Cases, not under By Scenario)
- Navigation: remove entry from Network Routes → By Scenario, add under
Networks → Use Cases
- Redirect old URL (/manage/network-routes/use-cases/by-scenario/site-to-vpn)
to new URL, permanent
- Update in-tree links in use-cases/site-to-site/index.mdx and
network-routes/use-cases/by-scenario/site-to-site-office.mdx
* docs(site-to-site): drop Network Routes mentions for Site-to-VPN
The Site-to-VPN guide is Networks-only; the overview page shouldn't
still be listing Network Routes alongside it.
* docs(site-to-vpn): trust NetBird's automatic SNAT on Linux kernel mode
On Linux in kernel mode, NetBird installs the SNAT itself when masquerade
is enabled on the routing peer — the user does not need a manual iptables
rule. Reframe Step 3 around this:
- Linux: enable ip_forward only; NetBird does the SNAT
- Non-Linux (pfSense / OPNsense / MikroTik / Windows / macOS / userspace):
configure manual outbound SNAT on the routing peer or upstream firewall
- Tighten the "Outbound SNAT requirement" appendix accordingly
- Move the explicit Linux iptables MASQUERADE rule into a troubleshooting
fallback for the case where NetBird's automatic SNAT doesn't fire
* docs(site-to-vpn): drop sysctl ip_forward instruction on Linux
NetBird handles IP forwarding itself on Linux; the manual sysctl was
unnecessary noise. Keep the host-firewall FORWARD-ACCEPT note since
UFW/firewalld setups still need it.
* docs(site-to-vpn): route the account's /16, not the entire /10 CGNAT range
NetBird assigns each account one /16 block out of 100.64.0.0/10 (chosen
randomly, customisable). Routing the whole /10 sends unrelated CGNAT
addresses through the routing peer; the correct target is the account's
own /16.
Step 6 now:
- Explains the /16-per-account model with the 64-block context
- Shows how to read the account's /16 from `netbird status` on any peer
- Switches the Linux / Windows / DHCP-option-121 examples to a concrete
/16 example (100.121.0.0/16) with a note to substitute your own
* docs(site-to-vpn): clarify when the target peer uses a setup key
Setup keys are for service / appliance peers; user peers (laptops,
workstations) enroll through SSO and inherit groups from existing
assignments. Reword the target-peer instruction to reflect that
distinction.
* docs(site-to-vpn): rename target peer to overlay-peer / overlay-peers
The previous backup-collector / backup-collectors naming carried
scenario-specific framing into the step examples. Use the generic
overlay-peer / overlay-peers throughout to keep the guide universal.
* chore: add trailing commas in Kubernetes nav entries
* Revert "chore: add trailing commas in Kubernetes nav entries"
This reverts commit d11b7eb7d0.
The NetBird documentation
This repository contains assets required to build the documentation website for NetBird. It is built using Next.js with MDX support, a modern React framework for building static and dynamic websites.
We're glad that you want to contribute!
Requirements
- node 16
- npm 8+
Installation
$ npm install
Local Development
$ npm run dev
This command starts a local development server and opens up a browser window. Most changes are reflected live without having to restart the server.
Contributing to the docs
You can click the Fork button in the upper-right area of the screen to create a copy of this repository in your GitHub account. This copy is called a fork. Make any changes you want in your fork, and when you are ready to send those changes to us, go to your fork and create a new pull request to let us know about it.
Once your pull request is created, a NetBird reviewer will take responsibility for providing clear, actionable feedback. As the owner of the pull request, it is your responsibility to modify your pull request to address the feedback that has been provided to you by the NetBird reviewer.
Also, note that you may end up having more than one NetBird reviewer provide you feedback or you may end up getting feedback from a NetBird reviewer that is different than the one initially assigned to provide you feedback.
Furthermore, in some cases, one of your reviewers might ask for a technical review from a NetBird author when needed. Reviewers will do their best to provide feedback in a timely fashion but response time can vary based on circumstances.
Code of conduct
Participation in the NetBird community is governed by the NetBirds' Code of Conduct.
Components and Use
This documentation uses several custom MDX components. Here's a guide to the most commonly used components:
Alert Components
Use these components to highlight important information:
Note
Displays informational content with an orange theme:
import {Note} from "@/components/mdx"
<Note>
NetBird is an **[open-source](https://github.com/netbirdio/netbird)** project and can be self-hosted.
See a comparison between the self-hosted and cloud-hosted versions [here](/selfhosted/self-hosted-vs-cloud-netbird).
</Note>
Warning
Displays warning content with a red theme:
import {Warning} from "@/components/mdx"
<Warning>
The API is still in Beta state so some errors might not be handled properly yet.
</Warning>
Success
Displays success messages with a green theme:
import {Success} from "@/components/mdx"
<Success>
Your configuration has been successfully applied.
</Success>
Tiles Component
Displays a grid of clickable cards with hover effects. Perfect for listing related resources or guides:
import {Tiles} from "@/components/Tiles"
<Tiles
title="About NetBird"
id="about-netbird"
items={[
{
href: '/about-netbird/how-netbird-works',
name: 'How NetBird Works',
description: 'Learn about NetBird concepts, architecture, protocols, and how it creates secure networks.',
},
{
href: '/about-netbird/netbird-vs-traditional-vpn',
name: 'NetBird vs. Traditional VPN',
description: 'Discover how NetBird compares to traditional VPNs and understand the advantages of Zero Trust networking.',
},
]}
/>
Props:
title(string, required): The heading title for the tiles sectionid(string, optional): Optional id for the heading anchoritems(array, required): Array of objects withhref,name, anddescriptionbuttonText(string, optional): Button text (defaults to "Read more" - currently unused as cards are fully clickable)
YouTube Component
Embeds YouTube videos with customizable parameters:
import {YouTube} from "@/components/YouTube"
<YouTube videoId="CFa7SY4Up9k" />
// With custom parameters
<YouTube
videoId="CFa7SY4Up9k"
title="Video Title"
start={175}
color="white"
modestbranding={1}
rel={1}
/>
// Or use a URL instead of videoId
<YouTube url="https://www.youtube.com/watch?v=CFa7SY4Up9k" />
Props:
videoId(string): YouTube video IDurl(string): YouTube URL (alternative to videoId)title(string, optional): Video titlestart(number, optional): Start time in secondscolor(string, optional): Progress bar color -'white'or'red'(default:'white')modestbranding(number, optional): Reduces YouTube branding -0or1(default:1)controls(number, optional): Show/hide controls -0,1, or2(default:1)rel(number, optional): Show related videos -0or1(default:1)
Button Component
Creates styled buttons with multiple variants:
import {Button} from "@/components/Button"
// Primary button (default)
<Button href="https://app.netbird.io/install" arrow="right">
Get started
</Button>
// Secondary button
<Button href="/path" variant="secondary">
Learn more
</Button>
// Outline button
<Button href="/path" variant="outline">
Explore
</Button>
// Text button
<Button href="/path" variant="text" arrow="right">
Read more
</Button>
// With left arrow
<Button href="/path" arrow="left">
Back
</Button>
Props:
variant(string, optional): Button style -'primary','secondary','filled','outline', or'text'(default:'primary')href(string, optional): Link URL (creates a link if provided, otherwise renders as button)arrow(string, optional): Arrow icon -'left'or'right'children(required): Button text content
Other Common Components
Row and Col
Create two-column layouts:
import {Row, Col} from "@/components/mdx"
<Row>
<Col>
Left column content
</Col>
<Col sticky>
Right column content (sticky on scroll)
</Col>
</Row>
Properties and Property
Define API properties or configuration options:
import {Properties, Property} from "@/components/mdx"
<Properties>
<Property name="apiKey" type="string" required>
Your API key for authentication.
</Property>
<Property name="timeout" type="number" min={0} max={300}>
Request timeout in seconds (default: 30).
</Property>
</Properties>
Badge
Displays small status badges:
import {Badge} from "@/components/mdx"
<Badge>New</Badge>
<Badge variant="secondary">Beta</Badge>
Code Blocks
Code syntax highlighting (automatically available):
\`\`\`bash
npm install
npm run dev
\`\`\`
// Or use code groups for multiple languages
<CodeGroup>
```bash title="Installation"
npm install
yarn install
Thank you
NetBird thrives on community participation, and we appreciate your contributions to our website and our documentation!