BETA SOFTWARE
This software is provided "as is" without warranty of any kind, express or implied. This is beta software and may contain bugs, errors, or security vulnerabilities. Use at your own risk.
A self-service web application for managing NetBird VPN network resources. Allows employees to request IP addresses, subnets, or domains to be added to the VPN network for accessing customer resources.
- Resource Management: Add, edit, and delete VPN network resources (IPs, CIDRs, domains)
- Approval Workflow: Non-admin users submit requests that require admin approval
- Google OAuth: Secure authentication via Google Workspace
- Domain Restriction: Limit access to specific email domains
- Activity Logging: Track all resource changes
- Ownership Controls: Users can only modify their own resources
- PHP 8.3+
- Composer
- Node.js & npm
- MySQL/MariaDB or SQLite
- NetBird account with API access
- Google Cloud Console project for OAuth // Or any other Laravel Socialite Supported OAuth Provider
# Clone the repository
git clone <repository-url>
cd netbird-ip
# Install dependencies
composer install
npm install
# Copy environment file
cp .env.example .env
# Generate application key
php artisan key:generate
# Run migrations
php artisan migrate
# Build assets
npm run buildAPP_NAME="VPN Selfservice"
APP_URL=https://your-domain.test
# Database
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=netbird_ip
DB_USERNAME=root
DB_PASSWORD=
# Google OAuth (Required)
GOOGLE_CLIENT_ID=your-client-id
GOOGLE_CLIENT_SECRET=your-client-secret
GOOGLE_REDIRECT_URI=https://your-domain.test/auth/google/callback
# NetBird API (Required)
NETBIRD_API_URL=https://api.netbird.io
NETBIRD_API_TOKEN=your-api-token
NETBIRD_NETWORK_ID=your-network-id
NETBIRD_NETWORK_NAME="Your Network Name"
# NetBird Settings
NETBIRD_ADMIN_EMAIL=admin@example.com
NETBIRD_EGRESS_IP=99.99.99.99
NETBIRD_RESOURCE_GROUP_NAME="Resources for Employees"
NETBIRD_USER_GROUP_NAME="Employees"
# Security (Recommended)
NETBIRD_ALLOWED_DOMAIN=example.com- Go to Google Cloud Console
- Create a new project or select an existing one
- Navigate to APIs & Services > Credentials
- Click Create Credentials > OAuth client ID
- Select Web application
- Add authorized redirect URI:
https://your-domain.test/auth/google/callback - Copy the Client ID and Client Secret to your
.envfile
- Log in to your NetBird dashboard
- Go to Settings > Access Tokens
- Create a new API token with appropriate permissions
- Copy the token to
NETBIRD_API_TOKEN - Find your Network ID in the URL or network settings
- Create the required groups in NetBird:
- A user group (e.g., "Employees") - users who can access resources
- A resource group (e.g., "Resources for Employees") - where resources are assigned
- Sign in with your Google account
- Click "New Resource" to request a new resource
- Enter the resource details (name, IP/domain, description)
- Wait for admin approval
- Once approved, the resource is accessible via VPN
Admins (configured via NETBIRD_ADMIN_EMAIL) can:
- Create resources directly without approval
- Approve or deny pending requests
- Edit or delete any resource
- View the activity log
- Domain Restriction: Only users with emails from
NETBIRD_ALLOWED_DOMAINcan sign in - Ownership Checks: Users can only modify their own resources
- Address Validation: Validates IPs, CIDRs, and domain names
- Blocked Addresses: Dangerous ranges like
0.0.0.0/0, private networks, and loopback are blocked - Generic Error Messages: Internal errors are logged but not exposed to users
- Always set
NETBIRD_ALLOWED_DOMAINto restrict access - Keep
NETBIRD_API_TOKENsecure - it has full network access - Ensure only trusted users have the admin email
- Regularly review the activity log
- Run security audits periodically
# Start development server
composer run dev
# Run tests
php artisan test
# Format code
vendor/bin/pintMIT