NetBird

NetBird is a WireGuard-based mesh VPN that connects your machines directly without requiring open firewall ports, static IPs, or gateway configuration. Install the client on each device, authenticate with your identity provider, and they join a private overlay network with encrypted peer-to-peer connections. If a direct path cannot be established, an encrypted relay handles the fallback automatically.

The core use case for self-hosters is private access to services running without a public IP. Run Vaultwarden, AdGuard Home, or Nextcloud on a home server and reach them securely from a laptop or phone anywhere, without exposing a single port to the internet.

Access control policies define which users and groups can reach which machines. SSO and MFA are enforced through existing identity providers (Okta, Microsoft, Google, and others). The activity log tracks connection events for audit purposes. An optional self-hosted management server removes any dependency on NetBird’s cloud infrastructure entirely.

The cloud free tier covers up to 5 users and 100 machines — more than enough for most personal or small team deployments. Self-hosting the management server lifts that limit. NetBird runs on Linux, macOS, Windows, Android, iOS, and a broad range of network devices including OpenWRT, Synology, TrueNAS, Proxmox, and pfSense.