How to Create and Configure Gateways

Purpose

Understanding and Configuring Gateways in Netmaker

Introduction to Netmaker Gateways

Netmaker Gateways serve as the essential routing points within an overlay network, acting as hubs that facilitate traffic flow between the core Netmaker network and various endpoint devices. They are fundamental to ensuring that devices across different environments can reach the internal network and vice versa.

Additionally, when a direct P2P connection cannot be forged between devices, Netmaker automatically initiates connection over Gateways which have been set as "Auto Relay", their default setting.

Gateway Architecture and Supported Endpoints

At its core, a gateway functions as a router. It manages the communication between the Netmaker Network and three specific types of endpoints:

• User Devices: Personal devices connecting to the network through client software.

• WireGuard Configurations: Standard configuration files that allow non-Netclient devices to participate in the network.

• Netclients: Specific nodes where routing through a gateway is preferred over a standard peer-to-peer connection.

In addition to internal network routing, a gateway can be configured as an Internet Gateway. This capability enables "full-tunnel" traffic, allowing connected devices to route all their public internet traffic through the gateway, providing a secure egress point for the entire network.

Identifying Gateways in the Netmaker Dashboard

To view and manage the routing points in your network, you must navigate to the dashboard interface. Every network requires at least one enabled gateway to properly route traffic from user devices and WireGuard configuration files.

1. Open the Netmaker Dashboard and navigate to the Nodes section using the sidebar menu.

2. Locate specific machines, such as a demo-server, to check their current status.

3. Identify active gateways by looking for a blue GATEWAY tag appearing beneath the device name.

4. Hover over the tag to confirm that the node is ready to serve as a routing point for other devices in the network.

Attaching WireGuard Configs and Nodes

In Netmaker, gateways act as routing hubs for various network entities. To ensure traffic flows correctly between your overlay network and external devices, you must attach WireGuard configuration files and network nodes to a designated gateway.

Creating and Attaching WireGuard Config Files

When generating a new WireGuard configuration file, you must specify which gateway will handle its traffic. This is essential for devices that do not run the native netclient but still need to participate in the network.

1. Navigate to the Nodes section in the sidebar and select the Config files tab.

2. Click Add device and ensure the Config files method is selected.

3. Enter a unique Node name (e.g., 'my-router-1').

4. Use the Select node as gateway dropdown to choose an active gateway, such as 'cloud-linux'.

5. Click Create Config to finalize the attachment.

Once created, you can verify the association by navigating to the Gateways section and expanding the specific gateway to view its attached configuration files.

Assigning Gateways to Existing Nodes

Beyond configuration files, standard Netmaker nodes (netclients) can also be routed through a specific gateway. This is particularly useful for site-to-site connectivity or when certain nodes require a centralized exit point.

1. In the Nodes dashboard, switch to the Devices tab.

2. Identify the target node (e.g., 'site-linux-1') and click the Assign Gateway + button in its row.

3. In the modal, select the checkbox for the desired gateway (e.g., 'demo-server').

4. Click Assign Gateway to apply the routing changes.

After assignment, the gateway management page will reflect the new connection under the Connected Nodes sub-tab for that gateway.

Auto-Relaying Traffic

By default, Gateways will relay traffic between your devices, in case peer-to-peer connections cannot be established. When editing the Gateway, you can choose to disable this feature by toggling the Auto Relay feature:

Connecting User Devices through Gateways

For end-users, the Netmaker Desktop application provides a streamlined interface for connecting to overlay networks. Instead of manual configuration, users can dynamically select which gateway routes their traffic directly from the client interface.

Authenticating the Desktop Client

To begin, launch the Netmaker Desktop application on your local machine. You will be prompted to authenticate using your network credentials. Enter your Username and Password to access the list of available networks and resources.

Selecting Networks and Gateways

Once logged in, the application displays the networks you are authorized to join. To configure a connection:

1. Identify your target network (e.g., cloud-overlay) from the network list.

2. Expand the network details to reveal connection settings.

3. Use the Gateway dropdown menu to select the specific routing node you wish to use, such as the demo-server.

By default, without selecting a Gateway, the application will automatically select the fastest route amongst the available Gateways.

Establishing the Connection

After selecting the desired gateway, click the toggle switch next to the network name. The client will establish a secure WireGuard tunnel to the selected gateway, integrating the device into the virtual overlay network.

Verifying Connection Status

Administrators can monitor these active user sessions from the Netmaker Dashboard. By navigating to the Gateways management page and expanding the specific gateway used (e.g., demo-server), you can view the Connected Users tab. This section provides real-time confirmation of the user's presence, displaying their assigned private IP address and connection status.

Advanced Gateway Options and DNS Configuration

For more granular control over network traffic, Netmaker allows you to configure advanced gateway settings, including full-tunnel internet routing and customized DNS resolution. These settings are typically configured during the gateway creation process or by modifying an existing gateway node.

Setting Up an Internet Gateway

To enable a node to act as an internet gateway, you must toggle the Set as an Internet Gateway option during setup. This configuration enables "full tunnel" mode, where all traffic from connected devices is routed through the gateway node before reaching the public internet. This is particularly useful for establishing secure internet access VPNs.

1. In the Gateways management tab, locate the node you wish to configure.

2. If the node is already a gateway, you may need to delete and recreate the gateway entry to access all configuration options.

3. In the Create Gateway modal, select your target Linux node from the dropdown.

4. Toggle the Set as an Internet Gateway switch to the ON position.

Conclusion and Summary

Netmaker gateways provide a flexible routing architecture that centralizes traffic management for various network entities. By acting as a primary router, a gateway facilitates communication between the Netmaker Network and external endpoints, ensuring that traffic is directed efficiently and securely.

Key Gateway Use Cases

A Netmaker gateway supports three primary routing scenarios for devices within or connected to your overlay network:

• User Devices: Managing secure access for remote users connecting via the desktop application.

• WireGuard Config Files: Routing traffic to and from standard WireGuard configuration files (non-netclient devices).

• Netclients and Nodes: While Netmaker defaults to a peer-to-peer model, you can optionally configure specific netclient nodes to route their traffic through a gateway.

Full Tunnel Internet Access

Beyond internal network routing, gateways can be configured for Internet access. This "Full Tunnel" setup enables all traffic from a connected device to be routed through the gateway out to the public internet, effectively acting as a professional VPN service for your infrastructure.

Whether managing internal site-to-site connectivity or providing secure internet egress, the gateway system provides the necessary control to scale network architecture according to specific organizational needs.