NetBird is a modern, open-source VPN solution that provides secure, peer-to-peer connectivity without the complexity of traditional VPN setups. As a 100% self-hostable alternative to Tailscale, NetBird offers complete control over your network infrastructure.
Leading companies worldwide trust WZ-IT
The following are trademarks of their respective owners: NetBird (NetBird GmbH). WZ-IT is an independent service provider and has no business, partnership, or contractual relationship with these companies. We offer independent migration, installation, hosting, and operations services.
Fully Managed NetBird (WireGuard) – SSO, 24/7 monitoring, dedicated instance included
NetBird is a modern, open-source VPN solution that provides secure, peer-to-peer connectivity without the complexity of traditional VPN setups. As a 100% self-hostable alternative to Tailscale, NetBird offers complete control over your network infrastructure.
With 16.8k+ GitHub stars and fully open-source architecture, NetBird enables zero-trust networking using WireGuard protocol. Unlike proprietary solutions, both the client and coordination server are completely open source.
We install, host and operate NetBird for your company - either on our secure, GDPR-compliant infrastructure in Germany or other locations, as well as on-premise in your own environment.
With 24/7 monitoring, enterprise support, backups and professional maintenance, we ensure maximum availability and reliable operation of your NetBird instance.
Full ownership of all components including management server, relay servers, and client agents. No vendor lock-in or external dependencies.
Both client and coordination server are fully open source, allowing complete customization, security audits, and community contributions.
Connect entire LANs, VPCs, and office networks without installing agents on every device. Support for high availability routing and traffic masquerading.
Define precise access control rules between peer groups, networks, and resources with support for protocol-specific restrictions (TCP/UDP/ICMP).
Route traffic based on domain names with support for wildcard domains (*.company.internal) and dynamic DNS resolution every 60 seconds.
Create non-interactive service accounts with API tokens for automation, infrastructure-as-code tools like Terraform, and third-party integrations.
Choose between SQLite for simple deployments or PostgreSQL for enterprise-scale installations with activity events logging support.
Five user roles (Owner, Admin, Network Admin, Auditor, User) with granular permissions for team management and security compliance.
Multiple routing peers for the same network with automatic failover, load balancing, and metric-based priority selection for critical infrastructure.
Connect AWS Lambda, Azure Functions, and other serverless environments to your private infrastructure without exposing services to the internet. Access databases, APIs, and internal resources securely.
The perfect solution for your individual requirements
See how simple and efficient NetBird works in practice. From installation to productive use.
Professional installation on your infrastructure – on-premise, cloud or hybrid
In your data center
AWS, Azure, Hetzner & more
High-availability setup with comprehensive security and compliance features
Secure access and access control for your installation
WireGuard, NetBird or Tailscale
Keycloak, Authentik, Azure AD
TOTP, WebAuthn, YubiKey
Fail2Ban, Rate Limiting, IP Whitelisting
We set up secure VPN access to your installation – ideal for remote work and external employees.
Full-service installation with no hidden costs
Want to self-host NetBird and keep full control over your VPN infrastructure? We help you with installation and configuration – on your servers.
We install and configure NetBird on your existing infrastructure – Hetzner, AWS, Azure, or on-premise.
To Our Installation ServiceDon't want to self-host? Our VPN Flatrate: Fully Managed NetBird at a fixed price – unlimited users, hosted in Germany.
View VPN FlatrateWe help with installation, configuration, and operations.
As a Managed Service customer at WZ-IT, you have access to our exclusive portal: Monitor your infrastructure in real-time, schedule maintenance, request quotes, and get direct support - all in one central location.
Topics
NetBird is an open-source platform for zero-trust networks. It enables secure connections between devices, servers, and cloud resources – without a classic VPN gateway. Connections run peer-to-peer and are established automatically when devices come online.
NetBird uses a modern zero-trust model: Each connection is individually authenticated, access is only granted when needed, and there is no central gateway infrastructure that becomes a bottleneck. The result is faster, more secure, and easier-to-scale networks.
Yes, NetBird uses WireGuard as the protocol for encryption. WireGuard is fast, modern, and is considered the most secure VPN protocol currently available. NetBird builds on it and adds management, authentication, and zero-trust features.
Yes, NetBird is fully open source and can be completely self-hosted. This includes the management server, relay servers, and authentication. This way you maintain full control over your network infrastructure.
Initial setup is possible in just a few minutes: create an account, install the client, done. Self-hosting requires a bit more effort, but WZ-IT offers pre-configured installations and a VPN Flatrate based on NetBird.
Yes, NetBird provides a web dashboard for management. Here you can view and control peers, access policies, and network configurations. The interface is intuitive and does not require deep networking knowledge.
Both are based on WireGuard and enable peer-to-peer connections. The main difference: NetBird is fully open source and can be completely self-hosted. Tailscale offers a cloud variant, but the control plane is proprietary. If you want full control, NetBird is the better choice.
Headscale is an open-source implementation of the Tailscale control server. It enables self-hosting of Tailscale clients. NetBird, on the other hand, is an independent project with its own architecture, its own client, and a more comprehensive feature set for zero-trust networks.
NetBird is ideal when you need complete control over your infrastructure, want to implement advanced access policies, or value an independent open-source project. Tailscale is better suited for quick cloud setups, while Headscale bridges the gap for Tailscale users with self-hosting requirements.
Absolutely. NetBird supports SSO, role-based access control, audit logs, and can be integrated into existing IT security concepts. For companies with high compliance requirements, the self-hosting option is particularly attractive.
Yes, NetBird supports Single Sign-On (SSO) via common identity providers like Okta, Azure AD, Google Workspace, or Keycloak. This also enables multi-factor authentication (MFA) if the IdP supports it.
Since NetBird is open source, the entire code can be viewed and audited. This is particularly important for companies seeking security certifications or needing to meet compliance requirements. Additionally, activities are logged in the dashboard.
NetBird uses modern techniques like STUN, TURN, and ICE for NAT traversal. This means: Even devices behind firewalls or NAT routers can establish direct peer-to-peer connections – without port forwarding or complicated firewall rules.
Yes, NetBird supports site-to-site connections. You can connect entire networks with each other – ideal for location networking, connecting cloud resources, or hybrid infrastructures.
NetBird is still a relatively young project – this means not all features are as mature as with established enterprise VPNs. The community is also smaller than Tailscale. If you need production-ready stability, you should rely on an experienced partner like WZ-IT.
13.05.2026
On 12 May 2026 the OPNsense team shipped version 26.1.8 with patches for two critical remote code execution flaws. CVE-2026-44194 (CVSS 9.1, GitHub advisory GHSA-f59w-m967-9rf6)...
11.05.2026
A Cisco ASA vulnerability from September 2025 is still being actively exploited in May 2026. Seven months after the patch, CrowdSec counts 292 source IPs...
17.02.2026
NetBird has released the Reverse Proxy – a feature that fundamentally changes self-hosted setups: Internal services can now be exposed directly to the internet through...
30.11.2025
Traditional VPNs with central gateways are reaching their limits in modern IT environments. Mesh VPNs like NetBird and ZeroTier offer a contemporary approach: direct peer-to-peer...
These solutions are often used together with NetBird
These solutions offer similar functionalities and can be evaluated together
These solutions are direct alternatives with similar use cases
Whether a specific IT challenge or just an idea - we look forward to the exchange. In a brief conversation, we'll evaluate together if and how your project fits with WZ-IT.
Leading companies trust WZ-IT
Timo Wevelsiep & Robin Zins
Managing Directors of WZ-IT
