What's new in NetBird: new dashboard, identity-aware SSH and self-hosting
Editorial note: The information in this article was compiled to the best of our knowledge at the time of publication. Technical details, prices, versions, licensing terms, and external content may change. Please verify the information provided independently, particularly before making business-critical or security-related decisions. This article does not replace individual professional, legal, or tax advice.
Running or planning NetBird in production? We design, install and operate NetBird as a managed service - learn more at NetBird at WZ-IT and Network & Secure Access, or arrange a consultation directly.
NetBird is our preferred tool for secure, WireGuard-based network access following zero-trust principles: lean, open source and without classic VPN gateways. Recent releases brought several improvements - most visibly a much cleaner dashboard. This article summarizes the relevant changes (as of June 2026, NetBird v0.72) and what they mean for self-hosted operation.
Table of Contents
- The new NetBird dashboard
- NetBird SSH: identity-aware access
- Dual-stack IPv6 and MFA for local users
- Exposing private services over the network
- Self-hosting: updates and high availability, honestly
- Conclusion
The new NetBird dashboard
The most visible change is the redesigned web dashboard (Dashboard v2.39.0), rolled out on self-hosted v0.72 and in NetBird Cloud. The key step: the previously combined Peers list is now split into two views:
- User Devices - devices with real people behind them (laptops, phones).
- Servers - VMs, agents and other unattended machines.
That sounds small but changes a lot day to day: in networks that have grown over time, hundreds of server peers otherwise mix with employees' devices. The split makes access rules, monitoring and cleanup far clearer.
On top of that come a tidied-up sidebar, decluttered tables with better filters and a simplified layout that groups network routing more sensibly. Features that were hard to find now live where you would expect them.
Worth knowing: the dashboard is its own component with its own versioning (v2.x), while the core release (agent, management, signal, relay) follows the v0.72 line. When self-hosting, you update both.
NetBird SSH: identity-aware access
NetBird can secure SSH access directly over the mesh network - identity-aware and following zero-trust logic. Instead of distributing SSH keys across many servers, access is controlled via identity and groups; only those allowed by policy can connect.
This feature is not brand new but has matured: NetBird SSH was rebuilt from the ground up in v0.60.0 (with native OpenSSH support), and v0.61.0 added granular SSH access control plus automatic updates. The current v0.72 brings additional SSH and RDP fixes. For teams still managing SSH keys by hand, this is a strong argument: less key management, traceable access, clean offboarding.
Dual-stack IPv6 and MFA for local users
With v0.71.0 (May 2026), the overlay network became dual-stack: in addition to IPv4, accounts receive a configurable IPv6 prefix (default /64). An important step for modern, IPv6-friendly environments.
Also in v0.71.0: multi-factor authentication for local users, i.e. accounts not backed by an external identity provider. This lets you add protection even to a lean setup without a connected IdP.
Exposing private services over the network
v0.72.0 added the ability to make NetBird-internal services reachable only over the mesh - including a dashboard UI for "Bring Your Own Proxy". Internal services become reachable exclusively for authorized groups, without exposing them publicly to the internet.
We have already shown in detail how to make internal applications available cleanly behind NetBird: Expose internal services with NetBird and a reverse proxy.
Self-hosting: updates and high availability, honestly
Let's clear up a common misconception: self-hosted NetBird does not offer "active-active replication" as a free feature.
The default installation (the official getting-started script) puts all services on one server - management, signal and relay. That is simple, but it means a restart or failure of that server takes the service down. For more load, the installation can be split (e.g. signal on its own machine, the SQLite database moved to a dedicated PostgreSQL), which decouples the components. True high availability with multiple Management/Signal instances, however, is part of the commercial enterprise license, not the standard open-source variant.
For updates: the NetBird components are upgraded per the official upgrade docs (management, signal, relay, dashboard) - back up first, verify afterwards. If you run NetBird as a critical access layer, plan updates and a recovery concept from the start.
Our approach at WZ-IT
We run NetBird in production and as a managed service. In practice that means: a clean initial installation behind a reverse proxy, separated components and PostgreSQL where load requires it, hardened updates with backup and verification, and monitoring of the management, signal and relay services. This keeps access current and available without your team having to worry about upgrade paths or failure scenarios. If you want predictable costs, see our VPN flat rate model.
Further guides
- NetBird vs. Tailscale: the comparison - which zero-trust solution fits you.
- Tailscale alternative for enterprises - sovereign and self-hosted.
- Expose internal services with NetBird and a reverse proxy - a practical setup.
- Network & Secure Access at WZ-IT - our services around NetBird, WireGuard and Headscale.
Conclusion
NetBird matures with every release. The new dashboard with its split into User Devices and Servers makes day-to-day work in larger networks noticeably clearer, identity-aware SSH replaces tedious key management, and dual-stack IPv6 plus MFA for local users round out the picture.
For self-hosting, a sober look pays off: single-server is the default, true high availability is enterprise. If you use NetBird as a central access layer, plan for updates, backups and recovery from the start - or outsource operations.
Want to run, update or use NetBird as a managed service? We handle installation, operation and updates - GDPR-compliant and without vendor lock-in. Arrange a consultation now.
Sources
Frequently Asked Questions
Answers to important questions about this topic
As of June 2026, NetBird is on v0.72.x (currently v0.72.4). The web dashboard is versioned separately and is at v2.39.0, rolled out on self-hosted v0.72 and in NetBird Cloud.
The Peers view is split into two areas - User Devices (laptops, phones) and Servers (VMs, unattended machines). The sidebar and tables were decluttered, the layout simplified and network routing grouped more clearly.
NetBird SSH is identity-aware and follows zero-trust principles: access is controlled via identity and groups, not distributed SSH keys. The feature was rebuilt from the ground up in v0.60.0 (native OpenSSH support), with granular access control added in v0.61.0.
The default installation runs as a single server - if it fails, the service is offline. You can scale by splitting components and moving the database to PostgreSQL. True high availability (multiple Management/Signal instances) is part of the commercial enterprise license.
Yes. We handle installation, operation, updates, monitoring and hardening of NetBird - GDPR-compliant on your own or European infrastructure.
Written by
Timo Wevelsiep
Co-Founder & CEO
Co-Founder of WZ-IT. Specialized in cloud infrastructure, open-source platforms and managed services for SMEs and enterprise clients worldwide.
LinkedInLet's Talk About Your Idea
Whether a specific IT challenge or just an idea - we look forward to the exchange. In a brief conversation, we'll evaluate together if and how your project fits with WZ-IT.
Leading companies trust WZ-IT
Timo Wevelsiep & Robin Zins
Managing Directors of WZ-IT