NetBird is an Open-Source Zero Trust Networking platform that allows you to create secure private networks for your organization or home. We designed NetBird to be simple and fast, requiring near-zero configuration effort and leaving behind the hassle of opening ports, complex firewall rules, VPN gateways, etc.
NetBird is an open-source project and can be self-hosted
There is no centralized VPN server with NetBird - your computers, devices, machines, and servers connect to each other directly over a fast encrypted tunnel. It creates a high-performance point-to-point WireGuard® overlay network that connects machines running anywhere in just a few clicks.
I wonder if the ports open can be shielded behind a cloudflare tunnel, this way it’s not open yet the “handshake” goes between the clients and managed by the server?
The self hosting part alone is a nice deal…I wonder if a package could be whipped up for an install/setup on DietPi?
Sure, there needs to be one instance with open ports, at least . Reminds me of the frp proxy, where you similarly need a single server instance only, and all other client/backend nodes connect to this server to become accessible instead of requiring open ports. And opposed to ZeroTier/Tailscale/Remote.It/Cloudflared, you can, but not necessarily need to rely on a 3rd party provider’s infrastructure.
With Cloudflared/Argo tunnel yes. You do not even need to open the port then. However, then I see no point to not use the netbird server instead, or Tailscale, as you just trade one public provider for another. Either you self-host the server component to be completely independent, or, to not have a too complex setup, you use the public providers infrastructure directly. That, unless you trust Cloudflare much more than netbird/Tailscale etc.
Indeed, did anyone find out what the Caddy server listening on ports 80, 443 and 8080 is actually used for? Just as proxy for the Zitadel and singaling components?
More ports however does not mean more need for a firewall. A firewall is for those ports not (intended to be) used, while you anyway need to allow those intended to be used. So a firewall does not make any intentionally installed application more secure, just protects against unintentionally (or by bad actors) started applications .