Added Netbird - Trying to access IoT devices no Ping

So I added Netbird ( How to install NetBird package - Technical Support for Routers / VPN, DNS, Leaks - GL.iNet ( ) to the device and can’t ping the devices when adding route to the Netbird, my guess is the firewall blocking access to devices using the Netbird/Wireguard connection. Not sure what I should change in the router. Pinging (example my subnet the Wireguard connection work, but any devices behind like can be ping when on the same LAN but when using the Netbird/Wireguard connection they cannot ping?)

So looking at my iFace I have wt0 as a device that is not added to config device option name br-lan I can see list port for eth0 and eth1 should I add wt0 to the br-lan?

Make be you need to allow ingress traffic through the firewall once the connection is established. Check LuCi firewall tab.

I added wt0 to the br-lan and still no success. And allowed everything from LAN in the firewall and still no ping.

with the limited knowledge I have with Netbird (accordingly it is wireguard with some automations and scripts to make it easier to have a wireguard server).

can you please elaborate how you did the ping to where?

  • did you ping to from a ip client at ?
  • did you ping from a client to the lan segment?
  • or was your intention to ping from client to client in ? (in that case you need in allowedips or other client routes are not visible for other wireguard clients in the tunnel).

a simple case of testing if the tunnel works especially the handshaking part:

  • ping from a wireguard client to

if that works, you can try even one thing further:

  • ping from a wireguard client to lan gateway, this means your devices are also reachable on lan via the wireguard tunnel.

also it helps to have a tracert (i.e to something like to see the hop networks :wink: this kinda also shows where you connection is stopping (you can discard all non rfc1918 addresses for security reasons if you want to post this).

^ also last time I was diagnosing something in wireguard and was banging my head to the wall only to figure out that a failing preshared key still tells there is a handshake in luci-app-wireguard for example, but this still does not allow traffic :slight_smile: upon deletion of this key, then finally my configuration worked, it got me through all kinds of testing though wether it was invalid MTU, to routing even removing the firewall zone at one point :stuck_out_tongue: that one can be very tricky in diagnosing connection problems.

From local I can PING every device (from the br-lan)
From Remote I can PING only the router

My guess is I need to allow traffic from wt0 to the lan-br

I tried:
iptables -I FORWARD -o br-lan -j ACCEPT
iptables -I FORWARD -o wt0 -j ACCEPT
iptables -t nat -I POSTROUTING -o wt0 -j MASQUERADE

I tried allowing all from wan to lan

I tried adding wt0 to the br-lan (and that broke everything needed to restart from scracth)

If anyone has any idea :slight_smile:

Unless I need to add routes correctly:

Did you set your private network as such and your GL-XE300C4 as a routing peer in netbird webui?

@JSChasle that’s it, I just received a Brume 2 and followed the previously linked documentation about routing traffic to private network and it is working.

No need to mess with the bridge or anything.

In your case it means going to your netbird admin, head over ‘Network Route’ and add as a subnet and your GL-XE300 as a routing peer. Wait a little for your peers to pickup the route against netbird and enjoy :wink: