sendnrw/netbird-docs
2
0
Fork 0
mirror of https://github.com/netbirdio/docs.git synced 2026-04-18 08:26:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Restructuring Phase 3 (#492)

Browse Source
This commit is contained in:
Brandon Hopkins
2025-11-24 09:25:44 -08:00
committed by GitHub
parent c40c132caa
commit 0080ae97df
477 changed files with 800 additions and 564 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/pages/about-netbird/browser-client-architecture.mdx
View File

@@ -63,7 +63,7 @@ Once the connection is closed, the temporary peer will be automatically removed
For the WebAssembly NetBird Client all peers will be named as `{browser}-browser-client` (e.g. `safari-17-browser-client`).
<p>
<img src="/docs-static/img/how-to-guides/browser-client/temporary-peers-filter.png" alt="temporary-peers-filter" className="imagewrapper-big"/>
<img src="/docs-static/img/manage/peers/browser-client/temporary-peers-filter.png" alt="temporary-peers-filter" className="imagewrapper-big"/>
</p>
#### Temporary Policy
@@ -72,7 +72,7 @@ The policy will be created P2P with no groups required. This way the client will
The policies for the WebAssembly NetBird Client will be named as `Temporary access policy for peer {browser-client-name}` (e.g. `Temporary access policy for peer safari-17-browser-client`).
<p>
<img src="/docs-static/img/how-to-guides/browser-client/temporary-policies-filter.png" alt="temporary-policies-filter" className="imagewrapper-big"/>
<img src="/docs-static/img/manage/peers/browser-client/temporary-policies-filter.png" alt="temporary-policies-filter" className="imagewrapper-big"/>
</p>
## Connection Flow

4
src/pages/about-netbird/faq.mdx
View File

@@ -12,10 +12,10 @@ all outgoing traffic, and that may affect how NetBird clients connect to the [co
and negotiate the peer-to-peer connections.
<Note>
Allowing the outbound **P2P (STUN)** service below is **recommended** in more restricted networks for reliable peer connections. This will also improve the reliability of your [High Availability Routes](https://docs.netbird.io/how-to/routing-traffic-to-private-networks#high-availability-routes).
Allowing the outbound **P2P (STUN)** service below is **recommended** in more restricted networks for reliable peer connections. This will also improve the reliability of your [High Availability Routes](https://docs.netbird.io/manage/network-routes/routing-traffic-to-private-networks#high-availability-routes).
</Note>
<Note>
Allowing the outbound **Relay (TURN)** service below is **recommended** in more restricted networks for reliable peer connections. This will also improve the reliability of your [High Availability Routes](https://docs.netbird.io/how-to/routing-traffic-to-private-networks#high-availability-routes).
Allowing the outbound **Relay (TURN)** service below is **recommended** in more restricted networks for reliable peer connections. This will also improve the reliability of your [High Availability Routes](https://docs.netbird.io/manage/network-routes/routing-traffic-to-private-networks#high-availability-routes).
</Note>
<Note>
If using `fail2ban` or similar, you should whitelist each netbird.io endpoint below.

6
src/pages/about-netbird/how-netbird-works.mdx
View File

@@ -43,7 +43,7 @@ It keeps the network state, public WireGuard keys of the peers, authenticates an
The Management Service's responsibilities include:
* **Registering and authenticating new peers.** Every new machine has to register itself in the network in order to connect to other machines.
After installation, NetBird client requires login that can be done through Identity Provider (IDP) like Okta or with a [setup key](/how-to/register-machines-using-setup-keys).
After installation, NetBird client requires login that can be done through Identity Provider (IDP) like Okta or with a [setup key](/manage/peers/register-machines-using-setup-keys).
* **Keeping the network map.** The Management service stores information about all the registered peers including WireGuard public key that was sent during the registration process.
* **Managing private IP addresses.** Each peer receives a unique private IP with which it can be identified in the network.
We use [Carrier Grade NAT](https://en.wikipedia.org/wiki/Carrier-grade_NAT) address space with an allocated address block <em>100.64.0.0/10</em>.
@@ -51,7 +51,7 @@ We use [Carrier Grade NAT](https://en.wikipedia.org/wiki/Carrier-grade_NAT) addr
Whenever a new peer joins the network, all other peers that are authorized to connect to it receive an update.
After that, they are able to establish a connection to the new peer.
* **Creating and managing access control rules.**
* **Managing private DNS.** [DNS](/how-to/manage-dns-in-your-network) allows referring to each of the peers with a fully qualified domain name (FQDN).
* **Managing private DNS.** [DNS](/manage/dns) allows referring to each of the peers with a fully qualified domain name (FQDN).
* **Logging network activity.**
* **Managing users.**
@@ -73,7 +73,7 @@ The Client's roles are the following:
To accept the incoming connections, peers have to know each other, therefore, the generated public keys have to be pre-shared on the machines.
The client application sends its public key to the Management service which then distributes it to the authorized peers.
* **Handling peer registration and authentication.** Each peer has to be authenticated and registered in the system.
The client application requests a user to log in with an Identity Provider (IDP) or a [setup key](/how-to/register-machines-using-setup-keys) so that the peer can be associated with the organization's account.
The client application requests a user to log in with an Identity Provider (IDP) or a [setup key](/manage/peers/register-machines-using-setup-keys) so that the peer can be associated with the organization's account.
* **Receiving network updates from the Management service.**
Each peer receives initial configuration and a list of peers with corresponding public keys and IP addresses so that it can establish a point-to-point connection.
* **Establishing point-to-point WireGuard connection.** To establish a connection with a remote peer, the Client first discovers the most suitable connection candidate, or simply address (IP:port) that other peers can use to connect to it.

2
src/pages/about-netbird/other.mdx
View File

@@ -21,7 +21,7 @@ The goal of the task is to get familiar with the system by setting up a self-hos
It is possible to set up multiple peers on the same machine. Find out how!
</Note>
4. Ping machines and make sure that they are reachable.
5. We might ask you to provide a generated [setup key](/how-to/setup-keys) so that we could test your setup.
5. We might ask you to provide a generated [setup key](/manage/peers/register-machines-using-setup-keys) so that we could test your setup.
Please reach out to us with any questions. We believe you will have some! :)