Planning Your Endpoints

Overview

Now that we have a network (or networks) configured for our VPN, it is time to start adding in the devices that will make up the networks. Before we do this, it is helpful to understand what needs to be deployed, and where. For instance, do you need a Node in the office on a Linux server, or a Client deployed on a Router? Do you need a Gateway in the cloud?

This chapter will provide clarity on what devices you will need to add to your network, and how you will need to add them, including supporting features which may be necessary.

By the end of this chapter, you should have a good mental picture of which devices are going into your network, and how you will add them (via Netclient or WireGuard config file).

Types of Clients: Netclient, Config File, Netmaker Desktop/Mobile

Netmaker has 3 types of Clients: The Netclient, Static WireGuard Config Files, and our user apps (Netmaker Desktop and Mobile).

Netclient (Nodes)

When the Netclient is deployed to your network it appears as a Node in your dashboard.

The Netclient is meant to be deployed on servers, which are either endpoints, or will serve a routing function in the network:

• Forward traffic to a LAN or Internet

• Act as Gateway for connections from static WireGuard, users, or other Netclients

Every network will at least need one Netclient to function, so this is a good place to start.

Netclient In Multiple Networks

A Netclient can be a part of multiple networks simultaneously, and can serve different functions in different networks. After adding a Netclient to Netmaker, you can choose to give it access to different networks. In Network A it could forward traffic to a local network, while in Network B it could just be an Endpoint, or a Relay.

The main use of this is to have dedicated clients which serve as Gateways within multiple networks, since most use cases require a Gateway. The Netclient maintains secure segmentation between networks, so traffic does not leak between them.

Example Network with One Netclient: Internet VPN

If you are logging into Netmaker for the first time, you will see an auto-generated network with a single, default device in it, which is set as a Gateway. In order to set this device as an Internet Gateway, simply edit the device settings, and toggle on "Internet Gateway." This use case is now complete.

You, as a user, now just have to download a user app, log in, and connect, and you now have a fully functioning full-tunnel VPN.

Example Network with Two Netclients: Remote Access VPN

The most common use case we see at Netmaker only requires 2 netclients to function.

Netclient 1: Acts as a Gateway for user connections.

Netclient 2: Acts as Egress to a local network.

Netclient 1 is deployed in a public-facing environment, so that users can access the network from anywhere. The default node works fine for this.

Netclient 2 is deployed inside the private environment, and configured to forward traffic to the local network.

Example Network with Many Netclients: Overlay Network / Mesh VPN

With servers deployed in the cloud, the office, and at the edge, Company X needed a simple overlay so these servers could all reach each other. So, they installed the Netclient on each server and to make them all accessible from one another, giving direct, peer-to-peer access between the devices.

Static WireGuard (Clients)

If you have endpoints which do not support the netclient, you will want to generate Config Files and apply them to these devices using WireGuard.

These are just simple configuration files, which can be used on any WireGuard-compatible device.

These config files connect over a Gateway.

There are a few reasons you may want to use static WireGuard clients, rather than the Netclient:

User Apps (Netmaker Desktop and Mobile)

The user apps enable users to sign-in to the network using their credentials, and connect to the VPN. This is the recommended method for connecting to the VPN from end user devices for remote access. These should not be considered “Endpoints” in this context. On your local laptop, we recommend installing Netmaker Desktop to use while testing out your network.

Next Steps

By this point you should have a good understanding of what you will need to deploy to set up your network. Once you know which devices will serve as the foundation of your network, it is time to move on to add these devices into your network and configure them for their required role.

We will start with the non-user devices, which are the Endpoints, Routers, Relays, and Gateways of your network. After that, we will move on to configuring user access.