diff --git a/security/netbird/Makefile b/security/netbird/Makefile
index f7c2e956f..5d9e3ccd0 100644
--- a/security/netbird/Makefile
+++ b/security/netbird/Makefile
@@ -1,5 +1,5 @@
PLUGIN_NAME= netbird
-PLUGIN_VERSION= 1.2
+PLUGIN_VERSION= 1.3
PLUGIN_DEPENDS= netbird
PLUGIN_COMMENT= Peer-to-peer VPN that seamlessly connects your devices
PLUGIN_MAINTAINER= dev@netbird.io
diff --git a/security/netbird/src/opnsense/mvc/app/controllers/OPNsense/Netbird/Api/AuthenticationController.php b/security/netbird/src/opnsense/mvc/app/controllers/OPNsense/Netbird/Api/AuthenticationController.php
index 4691c3668..1e75efa08 100644
--- a/security/netbird/src/opnsense/mvc/app/controllers/OPNsense/Netbird/Api/AuthenticationController.php
+++ b/security/netbird/src/opnsense/mvc/app/controllers/OPNsense/Netbird/Api/AuthenticationController.php
@@ -48,23 +48,21 @@ class AuthenticationController extends ApiMutableModelControllerBase
{
$mdl = new Authentication();
- $managementUrl = $mdl->managementUrl->__toString();
- $setupKey = $mdl->setupKey->__toString();
+ $managementUrl = $mdl->managementUrl->getValue();
+ $setupKey = $mdl->setupKey->getValue();
- $defaultKey = '00000000-0000-0000-0000-000000000000';
- if (!empty($setupKey) && $setupKey !== $defaultKey) {
- $visiblePart = substr($setupKey, 0, 4);
- $maskedKey = $visiblePart . str_repeat('*', max(4, strlen($setupKey) - 4));
- } else {
- $maskedKey = $defaultKey;
- }
-
- return [
+ $result = [
'authentication' => [
'managementUrl' => $managementUrl,
- 'setupKey' => $maskedKey
+ 'setupKey' => '',
]
];
+
+ if (!empty($setupKey)) {
+ $result['authentication']['%setupKey'] = substr($setupKey, 0, 5) . str_repeat('*', max(0, strlen($setupKey) - 7));
+ }
+
+ return $result;
}
public function upAction()
diff --git a/security/netbird/src/opnsense/mvc/app/controllers/OPNsense/Netbird/forms/authentication.xml b/security/netbird/src/opnsense/mvc/app/controllers/OPNsense/Netbird/forms/authentication.xml
index 75111fdaf..ad5139f22 100644
--- a/security/netbird/src/opnsense/mvc/app/controllers/OPNsense/Netbird/forms/authentication.xml
+++ b/security/netbird/src/opnsense/mvc/app/controllers/OPNsense/Netbird/forms/authentication.xml
@@ -9,6 +9,7 @@
authentication.setupKey
text
+ XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
Set the authentication setup key
diff --git a/security/netbird/src/opnsense/mvc/app/controllers/OPNsense/Netbird/forms/settings.xml b/security/netbird/src/opnsense/mvc/app/controllers/OPNsense/Netbird/forms/settings.xml
index 7a2cb69c7..0094cffdb 100644
--- a/security/netbird/src/opnsense/mvc/app/controllers/OPNsense/Netbird/forms/settings.xml
+++ b/security/netbird/src/opnsense/mvc/app/controllers/OPNsense/Netbird/forms/settings.xml
@@ -15,6 +15,14 @@
text
Wireguard interface listening port
+
+ settings.general.ipmapping
+
+ text
+ 12.34.56.78
+ Forces external IPs maps between local addresses and interfaces. You can specify a comma-separated list with a single IP or IP/IP or IP/Interface Name. Leave empty for automatic mapping.
+ true
+
header
diff --git a/security/netbird/src/opnsense/mvc/app/models/OPNsense/Netbird/Authentication.xml b/security/netbird/src/opnsense/mvc/app/models/OPNsense/Netbird/Authentication.xml
index b9ac20dd2..1886653c2 100644
--- a/security/netbird/src/opnsense/mvc/app/models/OPNsense/Netbird/Authentication.xml
+++ b/security/netbird/src/opnsense/mvc/app/models/OPNsense/Netbird/Authentication.xml
@@ -5,10 +5,9 @@
Y
- https://api.netbird.io:443
+ https://api.netbird.io
-
-
+
/^[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}$/i
Please specify a valid setup key.
diff --git a/security/netbird/src/opnsense/mvc/app/models/OPNsense/Netbird/Settings.php b/security/netbird/src/opnsense/mvc/app/models/OPNsense/Netbird/Settings.php
index 4d3a3b4c4..f0ea65e07 100644
--- a/security/netbird/src/opnsense/mvc/app/models/OPNsense/Netbird/Settings.php
+++ b/security/netbird/src/opnsense/mvc/app/models/OPNsense/Netbird/Settings.php
@@ -46,6 +46,7 @@ class Settings extends BaseModel
$config["WgPort"] = (int)$this->general->wireguardPort->__toString();
$config["ServerSSHAllowed"] = $this->ssh->enable->__toString() == 1;
+ $config["IpMapping"] = $this->general->ipmapping->__toString();
$config["EnableSSHRoot"] = $this->ssh->enableRoot->__toString() == 1;
$config["EnableSSHSFTP"] = $this->ssh->enableSFTP->__toString() == 1;
$config["EnableSSHLocalPortForwarding"] = $this->ssh->enableLocalPortForwarding->__toString() == 1;
diff --git a/security/netbird/src/opnsense/mvc/app/models/OPNsense/Netbird/Settings.xml b/security/netbird/src/opnsense/mvc/app/models/OPNsense/Netbird/Settings.xml
index b606c6f75..a271bd6d4 100644
--- a/security/netbird/src/opnsense/mvc/app/models/OPNsense/Netbird/Settings.xml
+++ b/security/netbird/src/opnsense/mvc/app/models/OPNsense/Netbird/Settings.xml
@@ -15,6 +15,11 @@
65535
Please specify a valid port.
+
+ Y
+ /^(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}(?:\/(?:(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}|[a-zA-Z][a-zA-Z0-9_.-]*))?$/u
+ Invalid syntax. E.g. 12.34.56.78 or 12.34.56.78/10.0.0.1 or 12.34.56.200,12.34.56.78/10.0.0.1,12.34.56.80/eth1
+
diff --git a/security/netbird/src/opnsense/mvc/app/views/OPNsense/Netbird/authentication.volt b/security/netbird/src/opnsense/mvc/app/views/OPNsense/Netbird/authentication.volt
index 7d2652c4d..96ec7ea57 100644
--- a/security/netbird/src/opnsense/mvc/app/views/OPNsense/Netbird/authentication.volt
+++ b/security/netbird/src/opnsense/mvc/app/views/OPNsense/Netbird/authentication.volt
@@ -1,4 +1,5 @@
{#
+ # Copyright (C) 2026 Konstantinos Spartalis
# Copyright (C) 2025 Ralph Moser, PJ Monitoring GmbH
# Copyright (C) 2025 squared GmbH
# Copyright (C) 2025 Christopher Linn, BackendMedia IT-Services GmbH
@@ -29,20 +30,39 @@