Netbird (and maybe other vpns / overlays)

I’ve never used any type of vpn outside of a “privacy vpn” (e.g. protonvpn, nordvpn, etc.)
I have a home network w/ several vlans (private, iot, servers, guests, etc), running pfsense, ubiquiti, proxmox, and truenas. windows on desktops. I also have a few VPS’s in the cloud.

My question is regarding netbird (and possibly other networks… was looking at zerotier… but they seem to have lessened their free offering… other friends are using it though.).

I’d like to use an overlay network like netbird to connect to my VPSs, connect back to home from outside (which would be rare), and maybe connect to friend’s networks to share files or serve as each other’s off-site backup.


  1. Can I use this/these to connect to my VPS’s outbound without letting the VPS’s connect inbound to my home network? Asking b/c I’d likely be running a client from my private VLAN and, should a VPS get pwned, I don’t want free access back into my home network… at all.
  2. In the case of friends, where I do want to allow SOME access to CERTAIN resources, can I limit what they can access via netbird/other overlays at the overlay level?
  3. In the case of friends, if they too are running netbird/ whatever same overlay I end up chosing (let’s say they are using the same brand overlay network to connect to their other friends / vps’s / whatever), how does that affect me? and them? do they then run 2 instances of the client? do their vps’s get connected to me and my vps’s to them?

Just trying to work out the security implications in my head. Thank you.

  1. Yes, absolutely. Most of the overlay providers will make outbound connections so no firewall rules are necessary and they’ll work great with CGNAT.
  2. Also yes. The various overlay networks all offer ACLs to control who can access which resources. I’ve used NetBird, Netmaker, ZeroTier, and Tailscale/Headscale. They all have controls for this.
  3. This differs from product to product. I know Netmaker lets you run multiple instances and Tailscale has an interface for switching profiles in the client UI.

I have a video comparing overlay networks.

Thank you so much for clearing that up! That’s a big relief for me.

Yep, I’ve watched it a few times. I feel it’s a great video, but didn’t really address these topics for a vpn newbie like me, though it did inform me enough to “get the gears turning” in my head enough to ask these questions. Because of this video and the answers from @tvcvt Tim above, I’m trying netbird for the first time.

BTW did you notice that dark mode UI is officially out now? I know you mentioned you’d do a review when the new UI came out for netbird, so I assume it’s on your roadmap. Not that you have any other work to do. :wink: lol


one more little thing I’m sure won’t interest you :wink: lol

Pretty cool, huh? They are listening to the community!

Keep up the great work Tom!

ETA: also note (I didn’t highlight it) but exit nodes is on the map too. It says March, but it’s not crossed out, so I assume there are some delays, but at least it’s being worked on.