0xtb (Tyrrell)
0xtb (Tyrrell)/
C2 Whisper - Connecting To Netbird
Search
C2 Whisper - Connecting To Netbird

C2 Whisper - Connecting To Netbird

Tags
Career
Projects
Notes
Cybersecurity
Red Team
Published
September 4, 2025
Author
0xtb
author
status
date
category
type
Netbird is a powerful WireGuard-based VPN solution that creates secure peer-to-peer networks. This guide will walk you through setting up a self-hosted Netbird instance to protect your C2 infrastructure by blocking external traffic and creating secure tunnels between your systems.

Why Use Netbird for C2 Infrastructure?

The reason I'm using Netbird is to block external traffic from accessing my C2 server. I'm doing this to lower the chances that the VM hosting the C2 server is detected/compromised. I am also creating a secure tunnel that handles all the networking past the redirector. Once traffic hits the redirector it is no longer being transmitted via the internet which is nice.
Another reason is unlike Tailscale, Netbird provides a proper GUI for managing ACLs (access control lists) and offers official company support for self-hosted deployments. While Tailscale's self-hosted option relies on HeadScale, which is a third-party alternative without β€œofficial” company backing.
Netbird provides several key operational security benefits for C2 deployments:
  • C2 server protection: Block external traffic from accessing your C2 server directly
  • Reduced detection risk: Lower the chances that the VM hosting the C2 server is detected or compromised
  • Secure tunneling: Create encrypted tunnels that handle all networking past the redirector - once traffic hits the redirector, it's no longer transmitted via the open internet
  • Operational security: Only authorized operator devices can access your C2 infrastructure
  • Network isolation: Separate C2 traffic from regular internet traffic

Prerequisites

Before starting, ensure you have:
  • A VPS or server with root access
  • A domain name with DNS control (we'll use Cloudflare in this example)
  • Basic familiarity with command line operations

Step 1: Install Dependencies

First, install Docker and other required dependencies on your server:
# Quick Docker installation (alternatively, use the official Docker install script)
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh

# Install UFW firewall
sudo apt update
sudo apt install ufw

Step 2: Configure DNS

Set up a subdomain for your Netbird instance:
  1. Log into your DNS provider (Cloudflare, etc.)
  1. Create an A record: netbird.yourdomain.com β†’ [Your VPS IP]
  1. Wait for DNS propagation (usually 1-5 minutes)

Step 3: Configure Firewall

Open the necessary ports for Netbird operation:
# HTTP/HTTPS for web interface
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

# Netbird specific ports
sudo ufw allow 33073/tcp  # Management API
sudo ufw allow 10000/tcp  # Signal server
sudo ufw allow 33080/tcp  # Management HTTP

# STUN/TURN server ports
sudo ufw allow 3478/udp
sudo ufw allow 49152:65535/udp

# Enable firewall
sudo ufw enable
sudo ufw status

Step 4: Install Netbird

Run the automated installation script:
export NETBIRD_DOMAIN=netbird.yourdomain.com
curl -fsSL https://github.com/netbirdio/netbird/releases/latest/download/getting-started-with-zitadel.sh | bash
The installation process will:
  • Download and configure Docker containers
  • Set up Zitadel for identity management
  • Generate SSL certificates via Let's Encrypt
  • Start all required services

Step 5: Initial Setup

After installation completes:
  1. Access the web interface: Navigate to https://netbird.yourdomain.com
  1. Note the credentials: The installer will display admin credentials - save these securely
  1. Complete setup wizard: Follow the on-screen prompts to finish configuration

Step 6: Add Devices to Your Network

Adding Your First Peer

  1. Log into the web interface using your admin credentials
  1. Navigate to "Peers" in the sidebar
  1. Click "Add Peer" to generate a setup key
  1. On the device you want to connect, install the Netbird client:
# On Ubuntu/Debian
curl -fsSL https://pkgs.netbird.io/debian/public.key | sudo gpg --dearmor --output /usr/share/keyrings/netbird-archive-keyring.gpg
echo 'deb [signed-by=/usr/share/keyrings/netbird-archive-keyring.gpg] https://pkgs.netbird.io/debian stable main' | sudo tee /etc/apt/sources.list.d/netbird.list
sudo apt update
sudo apt install netbird

# Connect using your setup key
sudo netbird up --setup-key [YOUR_SETUP_KEY]

Allow Netbird Traffic Through Firewall

Configure UFW to allow traffic on the Netbird interface:
sudo ufw allow in on wt0
sudo ufw allow out on wt0

Step 7: Network Configuration

Creating Access Groups for C2 Operations

  1. Navigate to "Groups" in the web interface
  1. Create operational groups for different roles:
      • operators - Team members who need C2 access
      • c2-servers - Backend C2 infrastructure
      • redirectors - Front-facing redirector systems
      • tools - Support systems and tooling
  1. Assign peers to appropriate operational groups

Setting Up Access Rules for C2 Security

  1. Go to "Access Control"
  1. Create rules defining C2 access patterns:
      • Operators can access C2 servers and redirectors
      • C2 servers can communicate with redirectors
      • Block all external access to C2 infrastructure
  1. Apply operational security principles - only allow necessary C2 communications

Troubleshooting

Common Issues

Docker connection problems: Ensure Docker service is running and your user has proper permissions:
sudo systemctl status docker
sudo usermod -aG docker $USER
Firewall blocking connections: Verify all required ports are open:
sudo ufw status numbered
DNS resolution issues: Check that your subdomain correctly points to your VPS:
nslookup netbird.yourdomain.com
Peer connection failures: Check the Signal server logs:
docker logs netbird-signal

Operational Security Best Practices

  • Regular updates: Keep Netbird and underlying systems updated to avoid detection signatures
  • Strong authentication: Enable 2FA in Zitadel when possible for operator access
  • Network segmentation: Use groups and access rules to isolate C2 infrastructure from other systems
  • Monitor connections: Regularly review connected peers and remove compromised or unused operator devices
  • Backup configuration: Export and securely store your Netbird configuration for operational continuity
  • Rotate infrastructure: Periodically refresh C2 servers and redirectors to maintain operational security

Next Steps for C2 Operations

With Netbird configured, you can:
  • Connect operator workstations and C2 servers to your secure network
  • Implement secure access to C2 infrastructure without exposing it to the internet
  • Route C2 traffic through your VPS as a secure gateway
  • Set up secure communications between multiple C2 deployment locations
  • Protect your C2 infrastructure from detection and external compromise
Your C2 infrastructure is now protected behind a secure, encrypted network accessible only to authorized operators and systems.
Copyright 2025 Tyrrell