# NetBird NetBird is an open-source platform that combines [[WireGuard]]-based overlay networking with Zero Trust Network Access (ZTNA). It replaces legacy VPNs with peer-to-peer encrypted connections, granular access policies, and identity-based authentication — without requiring firewall configuration or port forwarding. Licensed under BSD-3. Can be self-hosted or used as a managed cloud service. ## Key Features - **WireGuard-based**: Peer-to-peer encrypted tunnels using the WireGuard protocol - **Zero Trust access control**: Granular policies based on user identity, device posture, geolocation, and network context - **SSO integration**: Works with Okta, Microsoft, Google, and other identity providers with session-based re-authentication - **Cross-platform**: Linux, Windows, macOS, mobile, Docker, and routers - **Zero-config deployment**: Minutes to set up, no firewall rules needed - **Network segmentation**: Provision users and groups from identity providers, segment by teams and infrastructure - **DNS management**: Private nameservers and custom DNS configuration - **API-driven**: Full automation support for network management - **Activity logging**: Detailed event streaming to SIEM platforms - **Device posture checks**: MFA enforcement, MDM and EDR integration ## NetBird vs Tailscale Both are [[WireGuard]]-based overlay networks, but NetBird is fully open source (BSD-3) and can be completely self-hosted. [[Tailscale]] has an open-source client but a proprietary coordination server (though Headscale exists as an alternative). NetBird puts more emphasis on Zero Trust access policies and device posture checks out of the box, while Tailscale focuses on simplicity and tight integration with existing identity providers. ## Pricing - Free tier available - Enterprise and MSP tiers for larger deployments ## References - Website: https://netbird.io/ - GitHub: https://github.com/netbirdio/netbird ## Related - [[WireGuard]] - [[Tailscale]] - [[ZeroTier]] - [[Virtual Private Network (VPN)]]