You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
No.
Describe the solution you'd like
Being able to utilize NetBird as an Always On VPN that can be installed and ran under the MACHINE context.
This means, being able to install the netbird client as the 'SYSTEM' account under windows and have it run the service as that account.
Describe alternatives you've considered
We have tried to use Tailscale under the same context, running the VPN unattended as SYSTEM and Tailscale doesnt have this ability as it never creates the server mode key under the system context. Alot of crafty manipulation of task schedules and scripts had to be done to get it working somewhat as needed.
Itd be nice to have NetBird (a vpn solution that runs under true kernel level Wireguard) be able to run as the system account.
Additional context
This is insanely beneficial for massive scale deployments where companies want to push the vpn out to all their systems and have the ability to setup the VPN without user interaction / userprofile dependency.
Also makes it useful to be able to build custom windows images that get deployed in different states / countries and build the images to be able to connect to the VPN as the system account to join to the companies domain as well as reconnect at boot to be able to pull domain configs etc.
The text was updated successfully, but these errors were encountered:
This would be hugely beneficial to everyone who's still very on-prem heavy, but want a more modern enterprise VPN. The case for Always-On VPN is often regulated industries or government, or just enterprises with a large network-IDS infrastructure in place.
As an example, the Danish government has a compliance framework for all government institutions that, among other things, require:
VPN on all client endpoints, no matter the OS
Deployed in Always-On Mode
In a force-tunnel configuration
With all connections denied if not connected to the VPN
With a loophole that allows traffic to HTTP (tcp/80) and HTTPS (tcp/443) for a limited time at the request of the logged in user to log in to any guest wifi captive portals.
That specific requirement was written with Cisco in mind, as it's the most widely used VPN provider in the Danish government. But it would be super sweet if we could break free from Cisco, as we already have experience with plain Wireguard between servers. Running Wireguard as a service as SYSTEM is a good first step.
Is your feature request related to a problem? Please describe.
No.
Describe the solution you'd like
Being able to utilize NetBird as an Always On VPN that can be installed and ran under the MACHINE context.
This means, being able to install the netbird client as the 'SYSTEM' account under windows and have it run the service as that account.
Describe alternatives you've considered
We have tried to use Tailscale under the same context, running the VPN unattended as SYSTEM and Tailscale doesnt have this ability as it never creates the server mode key under the system context. Alot of crafty manipulation of task schedules and scripts had to be done to get it working somewhat as needed.
Itd be nice to have NetBird (a vpn solution that runs under true kernel level Wireguard) be able to run as the system account.
Additional context
This is insanely beneficial for massive scale deployments where companies want to push the vpn out to all their systems and have the ability to setup the VPN without user interaction / userprofile dependency.
Also makes it useful to be able to build custom windows images that get deployed in different states / countries and build the images to be able to connect to the VPN as the system account to join to the companies domain as well as reconnect at boot to be able to pull domain configs etc.
The text was updated successfully, but these errors were encountered: