Configuring default routes for Internet traffic

NetBird introduces a way to redirect a peer's internet traffic through what is commonly known as exit nodes. This setup allows you to direct all internet-bound traffic from your devices through a specified routing peer.

Concepts

Default Routes

A default route, specified with the network address 0.0.0.0/0 for IPv4 and ::/0 for IPv6, directs internet-bound traffic from your devices through a designated routing peer.

Routing Peer

The routing peer functions as the exit node for the Internet traffic. Once configured, it automatically handles traffic it receives from connected peers, applying masquerading to ensure traffic appears to originate from the routing peer's public IP address.

Distribution Groups

Peers within the specified distribution group are configured to send their Internet traffic to the routing peer over the VPN. This setup is activated as soon as the routing peer is connected.

Exit Node Selection and Auto Apply Behavior

Administrators configure exit nodes from the dashboard, and can optionally mark the default route (0.0.0.0/0) as selected by default. Clients will then auto-apply the selected exit node if the route is configured with Auto Apply or the user has made a local choice on the device.

  • Auto Apply: when enabled on an exit node route, clients will auto-apply that exit node. Users can still manually disable it from the client if they choose to use that exit node.
  • Client override: if a user selects or deselects an exit node on their device, that local choice takes precedence over the management server’s preference. This includes the ability to deselect a forced/selected route sent by management.

Existing exit node routes

Exit node routes that existed before the Auto Apply feature are treated as if Auto Apply is enabled by default. This preserves previous behavior where exit nodes were applied automatically when distributed.

  • Clients running v0.55.0 or later will auto-apply these existing routes unless the user has explicitly selected/deselected an exit node on the device.
  • Administrators can edit any exit node route in the dashboard to change its Auto Apply setting at any time.

Configuration Steps

Access the Dashboard peers tab

Navigate to the NetBird dashboard to begin the configuration process.

dashboard-peers-view

Select the designated routing peer

routing-peer-view

Make the peer an exit node routing peer

Hit the Add Exit Node button to configure the peer as an exit node routing peer.

In the opened window, specify which peers should use the default route by assigning one or more distribution groups. These peers will automatically route their internet traffic through the routing peer upon its connection.

add-exit-node-view

If you want exit nodes to be available without being automatically enabled on clients, enable the Auto Apply option. When Auto Apply is on, clients will auto-apply the exit node, but users can manually disable it from the client.

exit-node-auto-apply

Then hit the Add Exit Node button to complete the configuration.

The routing peer is automatically set up to handle and route traffic it receives from connected peers. Masquerading remains enabled by default to mask the original source IP addresses.

Verify the configuration

Verify the configuration in the peer view. The routing peer should now be marked as an exit node.

routing-peer-exit-node-view

DNS Configuration

Add a DNS server with the match domain set to ALL. This is important, as locally configured DNS servers might not be accessible from the routing peer. This also helps to avoid leaking the client's location.

See Manage DNS in your network.

High Availability

Like for other network routes, high availability configurations are supported for default routes. Refer to the Creating Highly Available Routes section for more information.

Get started