some file

Configuring default routes for Internet traffic

NetBird introduces a way to redirect a peer's internet traffic through what is commonly known as exit nodes. This setup allows you to direct all internet-bound traffic from your devices through a specified routing peer.

This feature is available from Netbird version v0.27.0 onwards.

Concepts

Default Routes

A default route, specified with the network address 0.0.0.0/0 for IPv4 and ::/0 for IPv6, directs internet-bound traffic from your devices through a designated routing peer.

Currently, IPv6 traffic is not supported and is blocked to prevent unintentional traffic leakage.

Routing Peer

The routing peer functions as the exit node for the Internet traffic. Once configured, it automatically handles traffic it receives from connected peers, applying masquerading to ensure traffic appears to originate from the routing peer's public IP address.

Distribution Groups

Peers within the specified distribution group are configured to send their Internet traffic to the routing peer over the VPN. This setup is activated as soon as the routing peer is connected.

Supported Clients

The feature currently supports Linux, macOS, and Windows as client operating systems.

Routing Peer Selection

Currently, this is exclusively configured through the dashboard and cannot be influenced by the client.

Configuration Steps

Access the Dashboard peers tab

Navigate to the NetBird dashboard to begin the configuration process.

dashboard-peers-view

Select the designated routing peer

routing-peer-view

Make the peer an exit node routing peer

Hit the Add Exit Node button to configure the peer as an exit node routing peer.

In the opened window, specify which peers should use the default route by assigning one or more distribution groups. These peers will automatically route their internet traffic through the routing peer upon its connection.

add-exit-node-view

Then hit the Add Exit Node button to complete the configuration.

The routing peer is automatically set up to handle and route traffic it receives from connected peers. Masquerading remains enabled by default to mask the original source IP addresses.

Verify the configuration

Verify the configuration in the peer view. The routing peer should now be marked as an exit node.

routing-peer-exit-node-view

DNS Configuration

Add a DNS server with the match domain set to ALL. This is important, as locally configured DNS servers might not be accessible from the routing peer. This also helps to avoid leaking the client's location.

See Manage DNS in your network.

High Availability

Like for other network routes, high availability configurations are supported for default routes. Refer to the Creating Highly Available Routes section for more information.

Get started