some file

Networks Use Cases

These guides show how to use the Networks feature for VPN-to-Site access—where NetBird peers access devices on remote networks that don't have NetBird installed.

What is VPN-to-Site?

VPN-to-Site allows a device running NetBird (like your laptop) to access devices on a remote network (like your home or office) without installing NetBird on every device.

Your Laptop ──────► NetBird Tunnel ──────► Routing Peer ──────► Target Device
  (peer)                                    (peer)              (no NetBird)

Example scenarios:

  • Access your home NAS from a coffee shop
  • Reach office servers while traveling
  • Connect to IoT devices on a remote network

Networks supports VPN-to-Site only. For Site-to-VPN (clientless devices initiating connections) or Site-to-Site (connecting two networks), use Network Routes.

By Scenario

Access Home Devices

Access your NAS, home automation, and media servers from anywhere

Remote Worker Access

Enable employees to access office resources while working remotely

Cloud to On-Premise

Connect cloud workloads to on-premise databases and services

Understanding Resource Types

In Networks, a resource represents something you want to make accessible through the VPN tunnel—whether that's a single server, an entire subnet, or a domain-based service. Resources are what your routing peers make reachable to authorized NetBird clients.

NetBird supports three types of resources:

  • IP resources — Single IP addresses (192.168.1.10) or CIDR ranges (172.16.0.0/16). Use these when you know the exact IP addresses of your target devices or want to grant access to an entire subnet.

  • Domain resources — Specific fully-qualified domain names like app.example.com. Use these when the target service has a stable hostname but its IP address may change (common with cloud load balancers or dynamic DNS).

  • Wildcard domain resources — Domain patterns like *.internal.company.com that match all subdomains. Use these when you have many services under a shared domain and want to avoid creating individual resources for each one.

Each resource can have its own access policy, allowing you to grant different levels of access to different teams—for example, giving developers full access to a development subnet while restricting everyone else to specific services.

By Resource Type

Multiple IP Resources

Route traffic to multiple IP resources with different access policies

Domain Resources

Access restricted websites and domain-based resources

Wildcard Domains

Access entire domains using wildcard DNS routing

Need More Than VPN-to-Site?

If your scenario requires:

  • Clientless devices initiating connections (Site-to-VPN)
  • Two networks communicating with each other (Site-to-Site)
  • Disabling masquerade for source IP preservation

See Network Routes Use Cases instead.