5 Essential Steps: Your NetBird Setup Guide for 2025
Ready to build a secure, private network in minutes? Our 2025 guide walks you through 5 essential steps to set up NetBird, from installation to automation.
Alexandre Costa
A network engineer and DevOps enthusiast passionate about simplifying secure connectivity.
Tired of wrestling with complex VPN configurations, cryptic firewall rules, and the headache of managing static IPs just to connect your devices? For years, secure networking felt like a dark art, reserved for specialists. In 2025, that reality is officially a thing of the past. It’s time to build a network that just works.
Enter NetBird. It's a game-changing tool that builds a secure, private mesh network over your existing internet connection using the power and speed of WireGuard®. Forget central VPN servers that bottleneck your traffic and create a single point of failure. NetBird creates direct, peer-to-peer encrypted tunnels between your machines, whether they're cloud servers, your laptop at a coffee shop, or IoT devices in the field. It's fast, secure, and almost ridiculously easy to set up.
Step 1: Sign Up and Create Your Network
Your journey begins at the NetBird management UI. This is your command center, where you'll see all your connected devices (peers), manage access, and configure network-wide settings. The best part? The core service is free for most personal and small team use cases.
- Navigate to app.netbird.io.
- Sign up using your preferred method: Google, Microsoft, GitHub, or a simple email address. There's no complex registration form to fill out.
- Once you're in, NetBird automatically creates your first private network for you, named Default. That's it! You're now looking at your network dashboard. It's probably empty, but we're about to change that.
This management plane is what makes NetBird so powerful. It coordinates the public keys and connection details for all your peers without ever touching your private data, which flows directly between your devices.
Step 2: Install the NetBird Client on Your Devices
Next, you need to install the NetBird agent on every machine you want to add to your network. This lightweight client runs in the background, managing the WireGuard interface for you.
NetBird supports a wide range of operating systems. Here’s how to install it on the most common ones:
For Linux (Debian, Ubuntu, RHEL, CentOS, Arch)
The recommended method is using the installer script, which automatically detects your distribution and sets everything up:
curl -fsSL https://pkgs.netbird.io/install.sh | sh
For macOS
If you're a Homebrew user, it's a one-liner:
brew install netbird
Alternatively, you can download the graphical client directly from the App Store or the NetBird website.
For Windows
Simply head to the NetBird download page and grab the Windows installer (.exe file). Run it, and the client will be installed with a handy icon in your system tray.
NetBird also has clients for Android and iOS, making it easy to connect your phone or tablet to your private network to securely access services on the go.
Step 3: Connect Your First Peers (The Magic Moment)
With the client installed, it’s time to bring your device online. This is where you’ll see the simplicity of NetBird in action.
Open your terminal (on Linux/macOS) or PowerShell/CMD (on Windows as Administrator) and run:
netbird up
This command will do two things:
- It will print a verification URL to the console and automatically open it in your default browser.
- In the browser, you’ll be asked to confirm that you want to add this new device to your account. Click Approve.
Once you approve it, switch back to your terminal. You'll see the connection complete. Your device is now part of the network! Head back to the NetBird management UI. In the Peers tab, you'll see your newly added device, complete with a unique NetBird IP address (usually in the 100.64.0.0/10 range).
Repeat this process for a second device. Once both are online, try pinging the NetBird IP of the first device from the second. It just works! You've just created a secure, encrypted tunnel between two machines, regardless of where they are in the world. Simple, right?
Step 4: Configure Access Controls and DNS
By default, every peer in your network can communicate with every other peer. For a personal network, this might be fine. But for teams or more complex setups, you need granular control. This is where NetBird’s Access Control policies shine, turning your simple flat network into a secure, segmented one based on zero-trust principles.
Go to the Access Control tab in the UI. Here you can create groups of peers (e.g., `developers`, `servers`, `ci-cd`) and then define rules for how they can interact.
Let's look at a common scenario: allowing developers to access staging servers but not production.
| Rule Goal | Source Group | Destination Group | Action | Ports/Protocol |
|---|---|---|---|---|
| Allow developers SSH access to staging servers. | developers |
staging-servers |
Accept | TCP: 22 |
| Allow developers HTTP/S access to staging servers. | developers |
staging-servers |
Accept | TCP: 80, 443 |
| Block all other traffic by default. | all |
all |
Drop | All |
Don't Forget DNS!
Memorizing IP addresses is a pain. In the DNS tab, you can enable NetBird's built-in service. Once enabled, you can access your peers using a clean, predictable hostname based on the peer's name, like my-laptop.netbird.cloud or prod-server-1.netbird.cloud. This is a massive quality-of-life improvement and is essential for a professional setup.
Step 5: Automate Deployments with Setup Keys
The interactive login we did in Step 3 is great for your personal laptop, but it's a non-starter for servers, CI/CD runners, or Docker containers. For these, you need a way to enroll devices automatically. This is what Setup Keys are for.
- Go to the Setup Keys tab in the NetBird UI.
- Click Create Key.
- Give it a name (e.g., `server-enrollment-key`).
- Choose its type: Reusable (can be used many times) or One-off (expires after first use).
- You can also pre-assign it to a group, so any machine that uses this key will automatically be added to the `servers` group, for example.
- Click Create, and copy the generated key.
Now, when you're provisioning a new server or building a Docker image, you can enroll it non-interactively with a single command:
netbird up --setup-key <YOUR_SETUP_KEY>
This simple, powerful feature is what makes NetBird a true DevOps tool, enabling you to bake secure connectivity directly into your infrastructure-as-code workflows.
What's Next?
Congratulations! In just five steps, you've gone from zero to a fully functional, secure, and manageable private network. You've connected your peers, locked down access with granular rules, and automated the enrollment process for your servers. You've experienced firsthand how modern networking should feel: simple, intuitive, and powerful.
This is just the beginning. From here, you can explore more advanced features like using a peer as an access point to private VPCs or as an exit node to route all your traffic through a specific location. But the foundation you've built today is the most important part.
Your secure, simple network is just a few commands away. Stop wrestling with old-school VPNs and start building the network of the future.