> For the complete documentation index, see [llms.txt](https://learn.netmaker.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://learn.netmaker.io/getting-started/quick-start/setup-guide.md). # Setup Guide ## First Time Log In (On-Prem Only) On first login, you will need to create an Admin user. {% stepper %} {% step %} ### Go to Dashboard After installing Netmaker, go to dashboard.\ to start using the platform. {% endstep %} {% step %} ### Create your admin user Create your first admin user, with a username and password. If you'd like to configure MFA, you can do this from within the platform Settings after logging in. {% endstep %} {% step %} ### Log In Log In with your new user. {% endstep %} {% endstepper %} ## Create a Network Netmaker deploys a network by default (called "netmaker") which you can use. However, if you'd like to create your own, or have multiple, click on "Create network" in your Dashboard to add a new one. ![](/files/5qQxYAzBrV7xxRT4eLEw) This network should have a sensible name. More importantly, it should have a non-overlapping, private address range. If you are running a small (less than 254 machines) network, and are unsure of which CIDR’s to use, you could consider: * 10.11.12.0/24 * 10.20.30.0/24 * 10.99.98.0/24 #### Network Settings Description The Network creation form has a few fields which may seem unfamiliar. Here is a brief description: **IPv4:** Adds private IPv4 to all nodes in a network **IPv6:** Adds private IPv6 to all nodes in a network **Default Access Control:** Indicates the default ACL value for a node when it joins in respect to it’s peers (enabled or disabled). Once your network is created, you should see the network (Wg Net here but it will be the name you chose when creating the network): ![](/files/82f9pVvcasYnY7Yklt6h) When you click on the NetId and then the Nodes button (or go direct via the left-hand menu and then Nodes) you see that the netmaker server has added itself to the network. From here, you can move on to adding additional nodes to the network. ![](/files/etj6wzC2LMvo3sGBXCpa) ## Create a Key Adding nodes to the network typically requires a key. Enrollment keys offer different ways to register with a server. By default, Netmaker will create a key you can use with your network. However, you can create your own if you would like to specify certain settings. Navigate to the Keys interface. You should see a create button in the top right corner. ![](/files/owGm1QCjsMa0koD4fVsg) After clicking that, you should be brought to a window like this. ![](/files/zsqFVxEVHoDTFvsRyvmI) This will give you a few different options on how you want to set up your enrollment key. you can set it up with unlimited uses, limited uses, or timebound uses. You can also setup one or multiple networks to join, or you can set it to no networks and then join a network through the UI in the devices interface. You can also create any tags you would like for that key. ![](/files/5Nd2c3XHfbHCfXREW1RO) If an enrollment key runs out of uses, or is expired, the key will show as invalid like in the image below.
After your enrollment key is created, you can click on that key to get the registration token.
* The **Enrollment Key** value is the secret string that will allow your node to authenticate with the Netmaker network. This can be used with existing netclient installations where additional configurations (such as setting the server IP manually) may be required. This is not typical. E.g. `netclient register -k -s grpc.myserver.com -p 50051` * The **Registration Token** value is a base64 encoded string that contains the server IP and grpc port, as well as the enrollment key. This is decoded by the netclient and can be used with existing netclient installations like this: `netclient register -t `. You should use this method for adding a network to a node that is already on a network. For instance, Node A is in the **mynet** network and now you are adding it to **default**. * The **Register Command** value is a command that can be run on Linux systems after installing the Netclient. It will register with the server directly from the command line. Other variations (eg Docker) are covered with the remaining values. ## Deploy Nodes Nodes act as the endpoints of your network, and can perform special networking tasks such as relaying traffic and forwarding traffic to local environments. Nodes are deployed with the **Netclient.** {% stepper %} {% step %} ### Prerequisite Every machine on which you install should have WireGuard and systemd already installed. {% endstep %} {% step %} ### SSH to each machine SSH to each machine and become root: ```bash sudo su - ``` {% endstep %} {% step %} ### Prerequisite Check Every Linux machine on which you run the netclient must have WireGuard and systemd installed. {% endstep %} {% step %} ### Install netclient Follow the installation instructions for your operating system [here](broken://pages/6dd8b1ec772bcf61316d4351aec1318ab175831e#installation) {% endstep %} {% endstepper %} You should get output similar to the below. The netclient retrieves local settings, submits them to the server for processing, and retrieves updated settings. Then it sets the local network configuration. For more information about this process, see the [client installation](broken://pages/6dd8b1ec772bcf61316d4351aec1318ab175831e#installation) documentation. If this process failed and you do not see your node in the console (see below), then reference the [troubleshooting](/references/troubleshooting.md) documentation. ![Output from Netclient Install](/files/91176395ff6c19384b245ba1aae6ddc5b1df4c95) Repeat the above steps for every machine you would like to add to your network. You can re-use the same install command so long as you do not run out of uses on your access key (after which it will be invalidated and deleted). Once installed on all nodes, you can test the connection by pinging the private address of any node from any other node. ![Node Success](/files/7f23606719bdc4684d75a42444c0ce58160a9d5c) ## Manage Devices Your machines should now be visible in the control panel. ![](/files/JI1BjRmPsBt9ThYtxgos) Each node has an associated device. Nodes represent the device **within a network,** while the device remains the same across networks. The device will have settings like verbosity and listen ports which can be modified. The Device can be found in the Devices tab on the UI. You should be taken to a screen like this. ![](/files/KUyM6ialhIiaNbDmKp0n) In here you can see the device's name, the endpoint of the server running netclient, the public key for that host, the version number, and a switch to set that host’s node as the default node. When this is switched on, that node will serve as the default node when a network is created. Clicking on a device will bring you to the device details. ![](/files/qJADOozLQXS00sE5uZB4) This will give you more information like the firewall in use, MTUs, and listening port. You can also see networks associated with that device and options to edit or delete the device. If you are going to delete a device. ![](/files/qPkzVPQcyesTDkH9bPgy) In the edit screen, you can make changes to the logging verbosity, listening port and proxy listening port, local range, MTU, and name. These fields will also update in the node, as the node gets this info from the device. If you want to change the endpoint, the associated node has to be static. You can view/modify/delete any node by selecting it in the NODES tab. For instance, you can change the name to something more sensible like “workstation” or “api server”. You can also modify network settings here, such as keys or the WireGuard port. These settings will be picked up by the node on its next check-in. For more information, see Advanced Configuration in the [Using Netmaker](/how-to-guides.md) docs. ![](/files/UziRRVlm7wgekTUTIC53) Nodes can be added/removed/modified on the network at any time. Nodes can also be added to multiple Netmaker networks. Any changes will get picked up by any nodes on a given network and will take about \~30 seconds to take effect. ## Uninstalling the netclient {% stepper %} {% step %} ### Remove node from network To remove your nodes from a network (default here), run the following on each node: ```bash sudo netclient leave default ``` Replace "default" with the actual name of the network (eg wg-net). {% endstep %} {% step %} ### Remove netclient entirely To remove the netclient entirely from each node (after running the above step), run: ```bash sudo systemctl stop netclient && sudo systemctl disable netclient && sudo systemctl daemon-reload && sudo rm -rf /etc/netclient /etc/systemd/system/netclient.service /usr/sbin/netclient ``` {% endstep %} {% endstepper %} ## Uninstalling Netmaker To uninstall Netmaker from the server, simply run: ```bash docker-compose down ``` Or to remove the docker volumes for a future installation: ```bash docker-compose down --volumes ``` --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://learn.netmaker.io/getting-started/quick-start/setup-guide.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.