Netbird Self-Hosted: No P2P Connections Cross-Site + Severe Throughput Asymmetry

Community Support Self-Hosted
1

Hi all, I’m a homelab enthusiast who’s become the de facto IT person at my small company. We’re currently paying ~$250/month for Unifi’s UID Enterprise one-click VPN, and after great personal experience with Netbird at home, I started testing it as an always-on VPN solution for our traveling sales team. I’ve hit two issues I can’t get past and would really appreciate some help.

Setup Overview

Both my home and work environments are nearly identical:

Home Work
Router Unifi UDM Pro Unifi UDM Pro
Hypervisor Proxmox Proxmox
VPN Host Debian VM (DMZ) Fedora VM (DMZ)
Stack Docker + Traefik + Netbird self-hosted Docker + Traefik + Netbird self-hosted
Routing Peer Proxmox LXC running Netbird client Proxmox LXC running Netbird client
Management URL https://netbird.home.io https://netbird.company.work
Port Forwards 80, 443, 3478 → Docker host 80, 443, 3478 → Docker host

Both sites have a main LAN (internal zone) and a DMZ LAN. On my laptop I run two Netbird profiles — Home and Work — and can switch between them.

Problem 1 — No P2P When Connecting Cross-Site (Both Directions)

Location Profile Active Result
At home Home profile :white_check_mark: P2P connection
At work Work profile :white_check_mark: P2P connection
At work Home profile :cross_mark: Relayed only
At home Work profile :cross_mark: Relayed only

P2P works fine when I’m local to the network the profile belongs to, but always falls back to relay when connecting cross-site — in both directions. This makes me think something on the UDM Pros is blocking UDP hole punching. I do have IDS/IPS enabled at both sites, and I’ve already unchecked P2P under Active Detection, but the problem persists. Has anyone identified the specific UDM setting responsible for this?

Problem 2 — Severe Throughput Asymmetry Over Relay

Since both connections are relayed, I ran iperf3 to check throughput:

  • At work → Home profile (relay): ~150–170 Mbps :white_check_mark: Acceptable

  • At home → Work profile (relay): ~1–2 Mbps :cross_mark: Not acceptable

The setups are nearly identical, so I’m not sure what’s causing such a dramatic difference. The only variables I can identify on the work side are: it’s still running UID Enterprise alongside Netbird, and the Docker host is Fedora instead of Debian. Could either of those be the culprit, or is there something else I should be looking at?

Any guidance on either issue would be greatly appreciated!

*******************************************************
Yes I did you AI to clean up and organize my thoughts

2

Hmm, that’s a good one. It could be blocking it. Have you checked for UPNP or settings regarding dynamic NAT assignment? I know some routers still jank around with this.