# How to Create and Configure Gateways {% embed url="" %} ### Purpose Understanding and Configuring Gateways in Netmaker ### Introduction to Netmaker Gateways Netmaker Gateways serve as the essential routing points within an overlay network, acting as hubs that facilitate traffic flow between the core Netmaker network and various endpoint devices. They are fundamental to ensuring that devices across different environments can reach the internal network and vice versa. Additionally, when a direct P2P connection cannot be forged between devices, Netmaker automatically initiates connection over Gateways which have been set as "Auto Relay", their default setting. #### Gateway Architecture and Supported Endpoints At its core, a gateway functions as a router. It manages the communication between the Netmaker Network and three specific types of endpoints: * **User Devices:** Personal devices connecting to the network through client software. * **WireGuard Configurations:** Standard configuration files that allow non-Netclient devices to participate in the network. * **Netclients:** Specific nodes where routing through a gateway is preferred over a standard peer-to-peer connection.

In addition to internal network routing, a gateway can be configured as an **Internet Gateway**. This capability enables "full-tunnel" traffic, allowing connected devices to route all their public internet traffic through the gateway, providing a secure egress point for the entire network.

#### Identifying Gateways in the Netmaker Dashboard To view and manage the routing points in your network, you must navigate to the dashboard interface. Every network requires at least one enabled gateway to properly route traffic from user devices and WireGuard configuration files. 1. Open the Netmaker Dashboard and navigate to the **Nodes** section using the sidebar menu. 2. Locate specific machines, such as a **demo-server**, to check their current status. 3. Identify active gateways by looking for a blue **GATEWAY** tag appearing beneath the device name. 4. Hover over the tag to confirm that the node is ready to serve as a routing point for other devices in the network.

### Attaching WireGuard Configs and Nodes In Netmaker, gateways act as routing hubs for various network entities. To ensure traffic flows correctly between your overlay network and external devices, you must attach WireGuard configuration files and network nodes to a designated gateway. #### Creating and Attaching WireGuard Config Files When generating a new WireGuard configuration file, you must specify which gateway will handle its traffic. This is essential for devices that do not run the native netclient but still need to participate in the network.

1. Navigate to the **Nodes** section in the sidebar and select the **Config files** tab. 2. Click **Add device** and ensure the **Config files** method is selected. 3. Enter a unique **Node name** (e.g., 'my-router-1'). 4. Use the **Select node as gateway** dropdown to choose an active gateway, such as 'cloud-linux'. 5. Click **Create Config** to finalize the attachment. Once created, you can verify the association by navigating to the **Gateways** section and expanding the specific gateway to view its attached configuration files.

#### Assigning Gateways to Existing Nodes Beyond configuration files, standard Netmaker nodes (netclients) can also be routed through a specific gateway. This is particularly useful for site-to-site connectivity or when certain nodes require a centralized exit point.

1. In the **Nodes** dashboard, switch to the **Devices** tab. 2. Identify the target node (e.g., 'site-linux-1') and click the **Assign Gateway +** button in its row. 3. In the modal, select the checkbox for the desired gateway (e.g., 'demo-server'). 4. Click **Assign Gateway** to apply the routing changes. After assignment, the gateway management page will reflect the new connection under the **Connected Nodes** sub-tab for that gateway.

### Auto-Relaying Traffic By default, Gateways will relay traffic between your devices, in case peer-to-peer connections cannot be established. When editing the Gateway, you can choose to disable this feature by toggling the Auto Relay feature:

### Connecting User Devices through Gateways For end-users, the Netmaker Desktop application provides a streamlined interface for connecting to overlay networks. Instead of manual configuration, users can dynamically select which gateway routes their traffic directly from the client interface. #### Authenticating the Desktop Client To begin, launch the Netmaker Desktop application on your local machine. You will be prompted to authenticate using your network credentials. Enter your **Username** and **Password** to access the list of available networks and resources.

#### Selecting Networks and Gateways Once logged in, the application displays the networks you are authorized to join. To configure a connection: 1. Identify your target network (e.g., **cloud-overlay**) from the network list. 2. Expand the network details to reveal connection settings. 3. Use the **Gateway** dropdown menu to select the specific routing node you wish to use, such as the **demo-server**. By default, without selecting a Gateway, the application will automatically select the fastest route amongst the available Gateways.

#### Establishing the Connection After selecting the desired gateway, click the toggle switch next to the network name. The client will establish a secure WireGuard tunnel to the selected gateway, integrating the device into the virtual overlay network.

#### Verifying Connection Status Administrators can monitor these active user sessions from the Netmaker Dashboard. By navigating to the **Gateways** management page and expanding the specific gateway used (e.g., **demo-server**), you can view the **Connected Users** tab. This section provides real-time confirmation of the user's presence, displaying their assigned private IP address and connection status.

### Advanced Gateway Options and DNS Configuration For more granular control over network traffic, Netmaker allows you to configure advanced gateway settings, including full-tunnel internet routing and customized DNS resolution. These settings are typically configured during the gateway creation process or by modifying an existing gateway node.

#### Setting Up an Internet Gateway To enable a node to act as an internet gateway, you must toggle the **Set as an Internet Gateway** option during setup. This configuration enables "full tunnel" mode, where all traffic from connected devices is routed through the gateway node before reaching the public internet. This is particularly useful for establishing secure internet access VPNs.

1. In the **Gateways** management tab, locate the node you wish to configure. 2. If the node is already a gateway, you may need to delete and recreate the gateway entry to access all configuration options. 3. In the **Create Gateway** modal, select your target Linux node from the dropdown. 4. Toggle the **Set as an Internet Gateway** switch to the **ON** position. ### Conclusion and Summary Netmaker gateways provide a flexible routing architecture that centralizes traffic management for various network entities. By acting as a primary router, a gateway facilitates communication between the Netmaker Network and external endpoints, ensuring that traffic is directed efficiently and securely.

#### Key Gateway Use Cases A Netmaker gateway supports three primary routing scenarios for devices within or connected to your overlay network: * **User Devices:** Managing secure access for remote users connecting via the desktop application. * **WireGuard Config Files:** Routing traffic to and from standard WireGuard configuration files (non-netclient devices). * **Netclients and Nodes:** While Netmaker defaults to a peer-to-peer model, you can optionally configure specific netclient nodes to route their traffic through a gateway.

#### Full Tunnel Internet Access Beyond internal network routing, gateways can be configured for Internet access. This "Full Tunnel" setup enables all traffic from a connected device to be routed through the gateway out to the public internet, effectively acting as a professional VPN service for your infrastructure.

Whether managing internal site-to-site connectivity or providing secure internet egress, the gateway system provides the necessary control to scale network architecture according to specific organizational needs. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://learn.netmaker.io/getting-started/walkthrough/how-to-create-and-configure-gateways.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.