Apologies in advance, this might be known issue. I tried to read Netbird Support/Discussion Thread - #40 by egc and applied some of recommended methods, but didn't work for me. Hence, I add complete work I did so far.
Deployment of NetBird on OpenWrt 23.05
Original router is EDUP RT2983 AX1800
Version
OpenWrt 23.05-SNAPSHOT, r24217-e7ea5024e0
The initial change is that default network has changed from 192.168.1.1 to 192.168.3.1 to avoid conflict
with the main router.
The main router has connection with the internet (FttH, 1Gpbs). The LAN port of main router is connected to
OpenWrt router as WAN port.
Netbird setup
I have followed https://raw.githubusercontent.com/egc112/OpenWRT-egc-add-on/main/notes/OpenWRT%20Netbird.pdf instructions from egc (thanks!)
It is netbird-0.24.3-1 package being installed.
You can see the configuraiton updates below.
Separatelly to OpenWrt, I have installed NetBird app on my iPhone. Both OpenWrt and iPhone are registered ok, see
Netbird configuration on OpenWrt
root@OpenWrt:~# netbird status -d
Peers detail:
iphone-aleksandar.netbird.cloud:
NetBird IP: 100.107.120.242/32
Public key: vkZveWS6OLdmR/Zu4fCa5AT3yiOWZHMp5HOiebo+q3s=
Status: Disconnected
-- detail --
Connection type:
Direct: false
ICE candidate (Local/Remote): -/-
Last connection update: 2025-12-31 10:43:41
Daemon version: 0.24.3
CLI version: 0.24.3
Management: Connected to https://api.wiretrustee.com:443
Signal: Connected to https://signal.netbird.io:443
FQDN: openwrt.netbird.cloud
NetBird IP: 100.107.92.184/16
Interface type: Kernel
Peers count: 0/1 Connected
root@OpenWrt:~# ip addr show wt0
15: wt0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1280 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 100.107.92.184/16 brd 100.107.255.255 scope global wt0
valid_lft forever preferred_lft forever
root@OpenWrt:~# ip route
default via 192.168.1.1 dev wan proto static src 192.168.1.55 metric 40
100.107.0.0/16 dev wt0 proto kernel scope link src 100.107.92.184
192.168.1.0/24 dev wan proto static scope link metric 40
192.168.3.0/24 dev br-lan proto kernel scope link src 192.168.3.1
2025-12-31T10:43:37Z INFO client/cmd/service_controller.go:79: stopped Netbird service
2025-12-31T10:43:38Z INFO client/cmd/service_controller.go:23: starting Netbird service
2025-12-31T10:43:38Z INFO client/cmd/service_controller.go:63: started daemon server: /var/run/netbird.sock
2025-12-31T10:43:38Z INFO client/internal/connect.go:47: starting NetBird client version 0.24.3
2025-12-31T10:43:40Z WARN client/internal/wgproxy/factory_linux.go:15: failed to initialize ebpf proxy, fallback to user space proxy: field NbXdpProg: program nb_xdp_prog: load program: invalid argument: unknown func bpf_trace_printk#6 (101 line(s) omitted)
2025-12-31T10:43:41Z INFO client/internal/routemanager/firewall_linux.go:40: creating an nftables firewall manager for route rules
2025-12-31T10:43:41Z INFO iface/tun_linux.go:15: create tun interface with kernel WireGuard support: wt0
2025-12-31T10:43:41Z INFO client/internal/connect.go:182: Netbird engine started, my IP is: 100.107.92.184/16
2025-12-31T10:43:41Z INFO signal/client/grpc.go:157: connected to the Signal Service stream
2025-12-31T10:43:41Z INFO management/client/grpc.go:143: connected to the Management Service stream
2025-12-31T10:43:41Z WARN client/internal/dns/server.go:263: the DNS manager of this peer doesn't support custom port. Disabling primary DNS setup. Learn more at: https://docs.netbird.io/how-to/manage-dns-in-your-network#local-resolver
2025-12-31T10:43:41Z ERRO client/internal/dns/server.go:269: unable to configure DNS for this peer using file manager without a nameserver group with all domains configured
2025-12-31T10:43:42Z INFO client/internal/acl/manager.go:67: ACL rules processed in: 127.235757ms, total rules count: 2
Based on above log, I searched and followed instructions in Using netbird with dnsmasq - #3 by wehagy
My configuration is now as follows:
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fddb:0f0f:7c50::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
option macaddr 'cc:d8:1f:47:b6:98'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
config device
option name 'lan1'
option macaddr 'cc:d8:1f:47:b6:98'
config device
option name 'lan2'
option macaddr 'cc:d8:1f:47:b6:98'
config device
option name 'lan3'
option macaddr 'cc:d8:1f:47:b6:98'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.3.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'wan'
option macaddr 'cc:d8:1f:47:b6:99'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
option metric '40'
config interface 'netbird'
option proto 'none'
option device 'wt0'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option fullcone '1'
option brcmfullcone '0'
option flow_offloading '1'
option flow_offloading_hw '1'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option fullcone4 '1'
option fullcone6 '1'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option name 'netbird'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'netbird'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'netbird'
option dest 'wan'
config forwarding
option src 'netbird'
option dest 'lan'
config forwarding
option src 'lan'
option dest 'netbird'
Problem
I have still the DNS issue with Netbird on my OpenWrt. Probably that's the main reason of not able to establishing a P2P connection with my iPhone client.
Any idea on what to do?