netbird/client/ui-wails/frontend/settings.md

Settings — Tabs & Controls

Each row has a title and short description. Booleans default to toggle switch; pick another control only when noted.

Tab order: General · Network · Security · SSH · Advanced · Troubleshooting · About.

---

1. General

App behavior + how the client connects.

General

• Connect on startup — disableAutoConnect (inverted) · toggle switch
  • Automatically connect to NetBird when the app launches.
• Show notifications — disableNotifications (inverted) · toggle switch
  • Show desktop notifications for connection events and updates.

Connection

• Management Server — managementUrl · label + help text + (text input next to inline Save button)
  • Help text sits between the label and the input. The NetBird management server this client connects to; saving reconnects to apply the new server. Save button persists explicitly (in addition to the global debounced auto-save) since changing the server triggers a reconnect.

---

2. Network

Routing and DNS — how the daemon reaches peers and resolves names.

Connectivity

• Lazy connections — lazyConnectionEnabled · toggle switch
  • Only establish peer tunnels on first traffic instead of eagerly at startup.
• Network monitor — networkMonitor · toggle switch
  • Reconnect automatically when the host network changes (Wi-Fi switch, VPN, sleep/wake).

Routing & DNS

• Enable DNS — disableDns (inverted) · toggle switch
  • Apply NetBird-managed DNS settings to the host resolver.
• Enable client routes — disableClientRoutes (inverted) · toggle switch
  • Accept routes advertised by other peers so this client can reach their networks.
• Enable server routes — disableServerRoutes (inverted) · toggle switch
  • Advertise this host's local routes to other peers.

---

3. Security

Firewall and on-the-wire encryption — what's blocked and how the tunnel is protected.

Firewall

• Block inbound traffic — blockInbound · toggle switch
  • Drop all unsolicited inbound traffic on the NetBird interface.
• Block LAN access — blockLanAccess · toggle switch
  • Prevent peers from reaching this host's local network.

Encryption

• Quantum-resistant encryption — rosenpassEnabled · toggle switch
  • Add a post-quantum key exchange (Rosenpass) on top of WireGuard.
  • Permissive mode — rosenpassPermissive · toggle switch (nested, only when above is on)
    • Allow connections to peers without quantum-resistance support.

---

4. SSH

NetBird SSH server config. Master switch at the top; sub-toggles greyed out when the master is off.

Server

• Allow SSH — serverSshAllowed · toggle switch (master)
  • Run the NetBird SSH server on this host so other peers can connect to it.

Capabilities

• Allow root login — enableSshRoot · toggle switch
  • Permit incoming SSH sessions to authenticate as root.
• Enable SFTP — enableSshSftp · toggle switch
  • Allow file transfers over the NetBird SSH server.
• Local port forwarding — enableSshLocalPortForwarding · toggle switch
  • Allow clients to forward local ports through this host.
• Remote port forwarding — enableSshRemotePortForwarding · toggle switch
  • Allow clients to expose remote ports back through this host.

Authentication

• Disable SSH auth — disableSshAuth · toggle switch
  • Skip JWT authentication for incoming SSH sessions. Insecure — diagnostics only.
• JWT cache TTL — sshJwtCacheTtl · number input (seconds)
  • How long verified JWTs are cached before re-validation.

---

5. Advanced

Power-user knobs: tunnel security, interface tuning, and log verbosity.

Security

• Pre-shared key — preSharedKey · label + help text + password input with reveal toggle
  • Help text sits between the label and the input. Optional WireGuard pre-shared key for an extra layer of symmetric encryption; must match the value on every peer.

Interface

• Name — interfaceName · text input
  • Name of the WireGuard network interface created on this host.
• WireGuard Port — wireguardPort · number input
  • Local UDP port the WireGuard interface listens on.
• MTU — mtu · number input
  • Maximum transmission unit for the WireGuard interface.

---

6. Troubleshooting

Everything you reach for when something is wrong.

Debug bundle

• Anonymize — toggle switch
  • Strip IPs, hostnames, and peer names from the bundle before saving.
• Include system info — toggle switch
  • Add OS, kernel, and network interface details to the bundle.
• Upload on create — toggle switch
  • When on, reveals an upload URL field and uploads the bundle after creation.
• Create Bundle — button → progress indicator → resulting path or upload URL.

---

7. About

Two-row layout. Top row pairs the app icon with the product name + versions; everything else stacks below full-width.

Top row (icon left, info right):

1. App icon — netbird-app-icon.svg, w-24 h-24, rounded corners, subtle border (border-nb-gray-800).
2. NetBird heading + version lines:
   • GUI v{x.y.z} — from frontend/package.json at build time
   • Client v{x.y.z} — from Status.daemonVersion

Below the top row, in order:

3. Update banner (visible only when an event in Status.events carries metadata["new_version_available"]) — "Version X.Y.Z is available." + a What's new? link → GitHub release page for that version, plus a Restart now primary button → Update.Trigger().
4. Copyright — "© {current year} NetBird. All Rights Reserved." (year from new Date().getFullYear()).
5. Legal links — Imprint · Privacy · CLA · Terms of Service. Each opens via Wails Browser.OpenURL with window.open fallback.