Skip to content

netbird: add option/ auth banner #5404

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sopex wants to merge 5 commits into
base: master
Choose a base branch
from
Open

netbird: add option/ auth banner #5404

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
7b55203
netbird
sopex Apr 14, 2026
880f7e8
fix advanced
sopex Apr 14, 2026
fe91f66
.
sopex Apr 14, 2026
2db2d77
Update Settings.xml
sopex Apr 14, 2026
a5ef003
test
sopex Apr 14, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion security/netbird/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
PLUGIN_NAME= netbird
PLUGIN_VERSION= 1.2
PLUGIN_VERSION= 1.3
PLUGIN_DEPENDS= netbird
PLUGIN_COMMENT= Peer-to-peer VPN that seamlessly connects your devices
PLUGIN_MAINTAINER= dev@netbird.io
Expand Down
5 changes: 1 addition & 4 deletions ...etbird/src/opnsense/mvc/app/controllers/OPNsense/Netbird/Api/AuthenticationController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,12 +51,9 @@ public function getAction(): array
$managementUrl = $mdl->managementUrl->__toString();
$setupKey = $mdl->setupKey->__toString();

$defaultKey = '00000000-0000-0000-0000-000000000000';
if (!empty($setupKey) && $setupKey !== $defaultKey) {
if (!empty($setupKey)) {
$visiblePart = substr($setupKey, 0, 4);
$maskedKey = $visiblePart . str_repeat('*', max(4, strlen($setupKey) - 4));
} else {
$maskedKey = $defaultKey;
}

return [
Expand Down
9 changes: 9 additions & 0 deletions security/netbird/src/opnsense/mvc/app/controllers/OPNsense/Netbird/forms/settings.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,15 @@
<type>text</type>
<help>Wireguard interface listening port</help>
</field>
<field>
<id>settings.general.ipmapping</id>
<label>Force IP Mapping</label>
<type>text</type>
<hint>12.34.56.78</hint>
<help>Forces external IPs maps between local addresses and interfaces. You can specify a comma-separated list with a single IP or IP/IP or IP/Interface Name.
Leave empty for automatic mapping.</help>
<advanced>true</advanced>
</field>
<field>
<type>header</type>
<label>Client Firewall</label>
Expand Down
2 changes: 1 addition & 1 deletion security/netbird/src/opnsense/mvc/app/models/OPNsense/Netbird/Authentication.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<items>
<managementUrl type="UrlField">
<Required>Y</Required>
<Default>https://api.netbird.io:443</Default>
<Default>https://api.netbird.io</Default>
</managementUrl>
<setupKey type="TextField">
<!-- XXX fails migration for obvious reasons <Required>Y</Required> -->
Expand Down
1 change: 1 addition & 0 deletions security/netbird/src/opnsense/mvc/app/models/OPNsense/Netbird/Settings.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ public function syncConfig($target = '/var/db/netbird/config.json')

$config["WgPort"] = (int)$this->general->wireguardPort->__toString();
$config["ServerSSHAllowed"] = $this->ssh->enable->__toString() == 1;
$config["IpMapping"] = $this->general->ipmapping->__toString();
$config["EnableSSHRoot"] = $this->ssh->enableRoot->__toString() == 1;
$config["EnableSSHSFTP"] = $this->ssh->enableSFTP->__toString() == 1;
$config["EnableSSHLocalPortForwarding"] = $this->ssh->enableLocalPortForwarding->__toString() == 1;
Expand Down
4 changes: 4 additions & 0 deletions security/netbird/src/opnsense/mvc/app/models/OPNsense/Netbird/Settings.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,10 @@
<maximum>65535</maximum>
<ValidationMessage>Please specify a valid port.</ValidationMessage>
</wireguardPort>
<ipmapping type="TextField">
Copy link
Copy Markdown
Member

@fichtner fichtner Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CSVListField is encouraged as it can do per-item masks. 12.34.56.80/eth1 is pretty funky syntax -- what does it do?

Copy link
Copy Markdown
Member

@fichtner fichtner Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/opnsense/core/blob/2b43ee5b87948347ac5a704c484001d169f059e4/src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml#L222-L226

Copy link
Copy Markdown
Member Author

@sopex sopex Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://docs.netbird.io/get-started/cli#flags
The whole option is written weirdly. It maps the interface to a manually-mapped IP

Copy link
Copy Markdown
Member

@fichtner fichtner Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess it's fine as long as we can make the regex per item instead of mocking a CSV regex

Copy link
Copy Markdown
Member Author

@sopex sopex Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure how to do this :(

<Mask>/^$|^(?:(?:(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})(?:\/(?:(?:(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|[a-zA-Z][a-zA-Z0-9_.-]*))?)(?:,(?:(?:(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})(?:\/(?:(?:(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|[a-zA-Z][a-zA-Z0-9_.-]*))?))*$/u</Mask>
<ValidationMessage>Invalid syntax. E.g. 12.34.56.78 or 12.34.56.78/10.0.0.1 or 12.34.56.200,12.34.56.78/10.0.0.1,12.34.56.80/eth1</ValidationMessage>
</ipmapping>
</general>
<firewall>
<allowConfig type="BooleanField">
Expand Down
40 changes: 30 additions & 10 deletions security/netbird/src/opnsense/mvc/app/views/OPNsense/Netbird/authentication.volt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
{#
# Copyright (C) 2026 Konstantinos Spartalis <cspartalis@potatonetworks.com>
# Copyright (C) 2025 Ralph Moser, PJ Monitoring GmbH
# Copyright (C) 2025 squared GmbH
# Copyright (C) 2025 Christopher Linn, BackendMedia IT-Services GmbH
Expand Down Expand Up @@ -29,20 +30,39 @@

<script>
function updateNetBirdStatusUI() {
ajaxGet('/api/netbird/status/status', {}, (data) => {
const $connectBtn = $("#connectBtn");
const $disconnectBtn = $("#disconnectBtn");
ajaxGet('/api/netbird/settings/get', {}, (settings) => {
const isEnabled = settings.settings?.general?.enable === '1';

$("#netbird-actions").removeClass("hidden");
const updateUI = (isConnected) => {
const $connectBtn = $("#connectBtn");
const $disconnectBtn = $("#disconnectBtn");

const isConnected = data.management?.connected === true;
const message = isConnected ? "NetBird is connected" : "NetBird is not connected";
const type = isConnected ? "info" : "warning";
$("#netbird-actions").removeClass("hidden");

$connectBtn.toggleClass("hidden", isConnected);
$disconnectBtn.toggleClass("hidden", !isConnected);
let message;
let type;
if (!isEnabled) {
message = "Enable NetBird first";
type = "warning";
} else {
message = isConnected ? "NetBird is connected" : "NetBird is not connected";
type = isConnected ? "info" : "warning";
}

$connectBtn.toggleClass("hidden", isConnected);
$disconnectBtn.toggleClass("hidden", !isConnected);

$("#status").removeClass().addClass("alert alert-" + type).text(message).show();
$("#status").removeClass().addClass("alert alert-" + type).text(message).show();
};

if (!isEnabled) {
updateUI(false);
} else {
ajaxGet('/api/netbird/status/status', {}, (data) => {
const isConnected = data.management?.connected === true;
updateUI(isConnected);
});
}
});
}

Expand Down