When you write about an ongoing project it’s always risky that it’ll go south afterward. My attempt to link my home and office together with Netmaker last week had such a southerly flow.
I wrote about Netmaker thinking I’d found the way to knit together my home and office computers for remote access and remote data storage. Right after publication, it came crashing down. But, that led me to another, thus far more reliable solution.
Unlike the best cloud services, I observed last week that Netmaker’s end-user interface is pretty rough. I tolerated it because Netmaker allowed me to accomplish remote access and remote storage without giving a third-party control over my data. As an open source program, I could run all the parts of Netmaker on my systems, a huge security and privacy boon.
Unfortunately, it’s only a boon if it works and it didn’t. I shared in my previous column how the Mac GUI was virtually useless and the command line machinations I needed to do simply to get it to work. Over the time since that piece went to print, first my Macs and then even my Linux “egress server” — that door, so to speak, linking the networks together — became inaccessible.
I decided it was time to quit worrying about the sunk cost of time spent learning Netmaker and start from scratch.
The whole effort started when I read about Tailscale, which like Netmaker, uses the open source Wireguard VPN system as its core. However, Tailscale is a mix of open and proprietary code that depends on Tailscale’s central coordinating service to work. My goal was to avoid putting my network partially in some provider’s control. Tailscale may be great — by all accounts it is — but I’m shooting for the security of having everything under my control.
Netmaker was the alternative I kept reading about and so that’s where I started, however, while Netmaker seems to get more chatter, the remarkably similar project Netbird kept being mentioned, too.
Netbird does not have quite as many features as Netmaker, but focus can be a feature. Like Tailscale and Netmaker, Netbird uses Wireguard to create an end-to-end encrypted tunnel between your devices. This is the main event. Your data is only viewable within your realm, not on someone else’s server.
Netbird’s open source project also has several significant backers, including the German government, that bodes well for its ability to continue development long term. It also speaks to likely why it is as polished as it is with the features it does have.
Like Netmaker, it installs the coordination server on a cloud instance of your choosing. This is the air traffic controller, so to speak. Netmaker’s initial setup was the easiest part of the process, but Netbird’s initial server installation instructions were, if anything, even easier. Netmaker offered more prompts to customize things, Netbird just made sane choices for me.
(Alternately, both Netbird and Netmaker offer to host the coordination system for you, ala Tailscale. But with dead simple setup, keeping control seems worth the minimal DIY steps.)
The standard Netbird Mac application worked without the command line tinkering Netmaker’s client ended up needing (though the command line is there if one wants it). That system gave me a long authorization code that was long enough to need to be copy-and-pasted but then had a bug in its Mac client that wouldn’t let me paste it (something I dinged it for last week).
Netbird’s Quickstart guide told me to copy and paste a couple of lines and doing so got the Netbird app linked to my self-hosted coordination server on the first try. From there, Netbird had a setup flow common to many cloud apps: clicking the option to authorize sends you to a web browser to type in your username and password to give a green light to the setup.
Typically, this client goes on each computer you want to be interlinked with the others, so simple is good.
I repeated the client setup on the computers at my office after installing it on my laptop. So far, so good. Netbird’s web interface started to populate with my list of systems.
The web administration tool is less feature-packed than Netmaker’s, but with a much cleaner layout to see which systems are logged in. It also has grouping functionality to designate lists of computers that have more or less access. For example, I want to be able to remote into my church’s computer that shows slides during the service, but since it is used publicly, I don’t want it to have full access to my home network. Groups make it easy to control that.
Like Netmaker, Netbird supports egress servers — called network routes in Netbird — that allow you to access devices that don’t have the Netbird client on them, as if you and your computer were transported to wherever the egress server is. For example, a network route at my church would allow me to print to our network printer even from home. I’m also using a network route to allow me to access my TrueNAS server where I store video footage for ministry projects, just as if I were on the same local network.
Network routes require a Linux computer running the Netbird client. A cheap mini-computer with a simple install with Ubuntu is a great way to achieve this and it can do other tasks in addition to running Netbird. Simply set it up, boot it (it doesn’t even need to be hooked up to a display after setup) and the door into the network is open to you.
(As I mentioned last week, it is important if you do this to give each network a separate IP range to avoid conflicts. Most routers allow you to change the IP range assigned. In my case, I set my home network to the 192.168.0.x range and set the network with the network route to 192.168.4.x.)
With all this in place, I can use VNC (or a VNC-compatible client like Apple’s built-in Screen Sharing tool), to control my office computer even when I’m not there. My file server with all of that video content is just as accessible wherever I am. If you’ve ever thought, “I want the pervasiveness of the cloud, but with my own systems,” you get what this does.
There are so many possibilities I’m just starting to put everything this helps with.
All of this is perfectly possible with third-party services, sure. But, each of those requires placing one’s trust in that third party with your information. Using highly secure, open source tools instead means the trust shifts to me instead. End-to-end encryption compounds that.
It also has other advantages. While I could pay for a remote control software program, that requires yet another program to run on the systems. In my setup, I’m using the computers’ native remote access tools. Likewise, I can keep buying more and more cloud storage, but the price adds up quickly. Here I’m using a cheap, old computer with several cheap, very large mechanical hard disks instead.
Right now, Netbird lacks an iOS/iPadOS client, and unlike Netmaker, does not support the generic Wireguard app. But one is in beta and its release will fill in the one big hole for me.
Last week was a false start, but I’m very happy with the overall path Netbird is taking me on (Netbird, Free; https://netbird.io).