search
APIGitHubYouTubeCommunityWebsite

3. Configure Routing

Getting Traffic Into, Out Of, and Between Devices in your Network

hashtag
Overview

Netmaker allows you to shape the way traffic routes into, out of, and between devices in the network. Here, we’ll show you some of these settings, depending on the type of network you wish to create.

Here is a quick overview of the routing features you may wish to use:

  • Into the Network

    • Gateway: This was discussed in the previous section for generating static WireGuard config files. It is also how Users are granted access to the network, so at least one Gateway must be deployed for user access.

  • Between Devices

    • Failover Node: A failover node is a device that will automatically route traffic between other devices if it detects that traffic is not flowing correctly.

    • Relay Node: A relay is a device that is set to always route traffic to and from a specified device. This should be used when a device is deployed in a very restrictive, unreliable, or roaming environment, ensuring it remains reachable at all times.

    • ACL Rules: ACL rules can be configured to specify which devices are allowed to communicate with one another. You simply enable or disable access between specific devices in the network.

  • Out of the Network

    • Egress: Egress is configured on a device that routes traffic to a local network or specific IPs outside of the VPN, such as a LAN, VPC, or IoT devices on an edge network.

    • Internet Gateway: An Internet Gateway is a device that routes all traffic from specified devices. It acts as a “full tunnel” VPN for the selected devices.

    • Gateway: As noted in the previous section, when defining a config file, you can specify Additional Addresses outside the VPN. The Gateway will route traffic to the client, which is then responsible for forwarding the traffic to the specified address ranges.

Review this list and determine which configurations you want to set up, then proceed to the corresponding section for instructions on how to implement them.

Into the Network

hashtag
Gateways

For users to reach the network, a Gateway must be defined.

Gateways will forward traffic from user devices into the network. Any Linux device (e.g. a netclient running on Linux or Docker) can act as a Gateway.

The Gateway should have a public endpoint that is not behind a NAT.

Default Gateway

Your Netmaker server will deploy a device that can act as a Gateway by default. In simple scenarios, we recommend using this device. It will be the first device you see in your Network, before you add any others.

There are a couple of reasons to use other devices as gateways:

  • Multiple gateways to segment traffic

  • Proximity to target devices, to decrease latency

If either of these apply to you, you can follow these steps.

1

hashtag
Deploy a node

Deploy a node using the previously mentioned steps for the Netclient. Reminder that this should be an easily reachable device. It should not be behind NAT or strict firewall. If it is, you will need to make sure port forwarding is set up correctly.

2

hashtag
Set as Gateway

Go to the “Gateways” interface of your network, click “Create Gateway” and select the device. There are some optional parameters which you may want to configure here:

Previous2. Add DevicesNext4. Grant User Access

Last updated

Was this helpful?