I’m experiencing very poor Netbird traffic throughput on my hardware. About 10 months ago, I had Netbird running on the same hardware and connection, but back then Netbird had a port exposed directly without using a proxy server. Now I’m using Caddy as a proxy for the entire Proxmox server.
Back then, I was easily getting ~180-200 Mbps through Netbird and the exit-node to the Internet on the same machine. Now I’m getting a maximum of 8-12 Mbps on the same hardware, and on top of that, connections always go through a relay even though I have a public IP and properly forwarded ports.
I’m testing the connection from an Android 16 phone over LTE; without using Netbird, I get 200–250 Mbps, but after enabling the tunnel and using an exit node from Debian, I always get a maximum of 12 Mbps.
Network diagram:
Router with OpenWrt and a public IP > Proxmox > Debian on VM – Docker with Caddy and a Netbird server inside. I also use Caddy as a proxy for my other self-hosted websites
Plus a Netbird “client” installed directly on Debian from the Netbird repository.
The client exposes the LAN and acts as an exit node to the Internet.
Port Forwards: 80, 443, 3478/UDP, 600/UDP → Docker VM
I’m not sure if I did the right thing, but I also opened port 600 for WireGuard and ran the “client” on Debian with the following additional option:
–wireguard-port 600
On all peers i have enabled: lazy connection, rosenpass, preshared-key (same on all peers)
Debug Bundle: 6754d3f72e446a597400b6f0d0eb3a58f8ff134b2f09c5af3dc06f0bf094e401/14904cdd-73da-46f5-ac28-46927a4b0d08
Peers detail:
linux.netbird.camis:
NetBird IP: 100.64.1.1
Public key: ********
Status: Connected
– detail –
Connection type: Relayed
ICE candidate (Local/Remote): -/-
ICE candidate endpoints (Local/Remote): -/-
Relay server address: rels://netbird.*****:443
Last connection update: 2 minutes, 49 seconds ago
Last WireGuard handshake: 44 seconds ago
Transfer status (received/sent) 5.8 KiB/5.3 KiB
Quantum resistance: true
Networks: -
Latency: 0s
android.netbird.camis:
NetBird IP: 100.64.2.1
Public key: ********
Status: Connected
– detail –
Connection type: Relayed
ICE candidate (Local/Remote): -/-
ICE candidate endpoints (Local/Remote): -/-
Relay server address: rels://netbird.******:443
Last connection update: 50 seconds ago
Last WireGuard handshake: 48 seconds ago
Transfer status (received/sent) 7.5 MiB/18.9 MiB
Quantum resistance: true
Networks: -
Latency: 0s
Events:
[INFO] SYSTEM ()
Message: Network map updated
Time: 9 minutes ago
OS: linux/amd64
Daemon version: 0.72.2
CLI version: 0.72.2
Profile: default
Management: Connected to https://netbird.*****:443
Signal: Connected to https://netbird.*****:443
Relays:
[stun:netbird.:3478] is Available
[rels://netbird.*****:443] is Available
Nameservers:
[10.0.10.1:53] for [.] is Available
FQDN: proxmox.netbird.camis
NetBird IP: 100.64.0.1/21
Interface type: Kernel
Wireguard port: 600
Quantum resistance: true (permissive)
Lazy connection: true
SSH Server: Disabled
Networks: 0.0.0.0/0
Peers count: 2/2 Connected
Caddyfile:
netbird.***** {
Native gRPC (needs HTTP/2 cleartext to backend)
@grpc header Content-Type application/grpc*
reverse_proxy @grpc h2c://netbird-server:80
# Combined server paths (relay, signal, management, OAuth2)
@backend path /relay* /ws-proxy/* /api/* /oauth2/*
reverse_proxy @backend netbird-server:80
# Dashboard (everything else)
reverse_proxy /* netbird-dashboard:80
}
- Reviewed client troubleshooting (if applicable)
- Checked for newer NetBird versions
- Searched for similar issues on GitHub (including closed ones)
- Restarted the NetBird client
- Disabled other VPN software
- Checked firewall settings