Description
Describe the problem
I have setup a netbird self-hosted network with Authentik as the IdP.
I have added two linux devices and one iphone.
I try to ping from one linux machine to the other on it's netbird ip address.
netbird status -d on each linux machine shows the other as a peer, as well as the iphone as a peer that is currently offline.
I saw some other posts about similar issues where the person found their turn server config to be incorrect.
I used the site at https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/ to test my turn configuration and get the following:
Time Type Foundation Protocol Address Port Priority URL (if present) relayProtocol (if present)
0.003 host 0 udp dfaa8882-bbcf-61a7263e2e3c.local 40208 126 | 32512 | 255
0.008 host 3 udp 2b841932-ae5b-3d03e55d8a5b.local 49310 126 | 32256 | 255
0.008 host 6 tcp dfaa8882-288f-bbcf-61a7263e2e3c.local 9 125 | 32704 | 255
0.009 host 7 tcp 2b841932-ae5b-3d03e55d8a5b.local 9 125 | 32448 | 255
0.010 host 0 udp dfaa8882-61a7263e2e3c.local 43180 126 | 32512 | 254
0.012 host 3 udp 2b841932-ae5b-3d03e55d8a5b.local 51760 126 | 32256 | 254
0.013 host 6 tcp dfaa8882-288f-61a7263e2e3c.local 9 125 | 32704 | 254
0.014 host 7 tcp 2b841932-62b0-3d03e55d8a5b.local 9 125 | 32448 | 254
0.140 srflx 4 udp xx.xxx.xx.xxx 49310 100 | 32287 | 255
0.141 relay 5 udp xxx.xxx.xxx.xxx 63425 5 | 32287 | 255
0.166 Done
I believe everything is setup correctly, but still I am unable to ping the other machine successfully.
In the management.json file I also verified that the turn server credentials match those in the turnserver.conf file.
I have setup 1 extra group called personal, and added all three machines to it. I added an ACL for that group to allow traffic between the machines in the group and made sure it's enabled. Additionally, I have not removed the 'ALL' group, just to be able to compare and contrast having ALL enabled or disabled. No difference.
To Reproduce
Steps to reproduce the behavior:
- Setup Netbird on a self hosted installation.
- Set it up to use Authentik (I don't think this is the issue)
- install netbird clients on 2 linux machines.
- Add the machines to a group.
- create an ACL to allow the machines in the group to communicate.
- enable the ACL.
- try to ping one machine from the other.
Expected behavior
I would expect communication between the machines in a group being handled by an ACL to allow communication. At the very least I would expect the machines on the ALL group to be able to communicate.
Are you using NetBird Cloud?
Self-hosted
NetBird version
Server: Docker - version set to latest
Clients: Linux Desktops - Fedora 39 - 0.25.4
Linux Dekstops - Ubuntu 23.10 - 0.25.5
NetBird status -d output:
From the Fedora desktop:
Peers detail:
brian-ub-studio-1.netbird.selfhosted:
NetBird IP: 100.85.93.103
Public key: ***************************************
Status: Connected
-- detail --
Connection type: P2P
Direct: true
ICE candidate (Local/Remote): host/prflx
Last connection update: 2024-01-29 14:14:21
iphone.netbird.selfhosted:
NetBird IP: 100.85.170.165
Public key: ***************************************
Status: Disconnected
-- detail --
Connection type:
Direct: false
ICE candidate (Local/Remote): -/-
Last connection update: 2024-01-29 14:53:52
Daemon version: 0.25.4
CLI version: 0.25.4
Management: Connected to https://my-net.netbird-server.com:33073
Signal: Connected to http://my-net.netbird-server.
com:10000
FQDN: brian-fedora-lan-1.netbird.selfhosted
NetBird IP: 100.85.242.220/16
Interface type: Kernel
Peers count: 1/2 Connected
If applicable, add the `netbird status -d' command output.
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Add any other context about the problem here.