Ctrlk
APIGitHubYouTubeCommunityWebsite

Set up a Static IP User VPN for Whitelisting, with WireGuard and Netmaker

This guide is intended for IT administrators who want to route user traffic through a static IP address for whitelisting purposes.

Why this is useful:

  • Provide support staff with a single IP to whitelist on a customer firewall so support traffic can reach on-site services.

  • Give a customer a single outbound, whitelisted IP by installing the VPN client locally and routing outbound traffic through your endpoint.

Netmaker lets you deploy an endpoint and route all internet-bound traffic through it; that endpoint’s public IP is what you can whitelist on firewalls. Follow the steps below.

1

Log into your Netmaker dashboard

In your Netmaker dashboard (on-prem or cloud) you will see a Node already deployed. In the cloud version you select a region for your endpoint. On-prem, the server can act as an endpoint.

You can use the existing endpoint to route traffic, or deploy your own if you have a specific IP you want to use.

Netmaker dashboard screenshot
2

(optional) Deploy an endpoint

If you want to use a pre-existing IP, deploy the netclient on a device with that IP (note: must run Linux).

Click the “+Add device” button in the dashboard and follow the steps.

Add device screenshot
3

Set as Gateway to Internet

Once the node is visible in your dashboard, set it as a Gateway to route traffic from other VPN devices to the internet.

  • Navigate to the “Gateways” screen.

  • Click “+ Create Gateway” and select the node.

4

Invite Users

As an administrator, invite users to use the VPN:

  • Add their email addresses (or create usernames manually).

  • Grant them access to the platform. (If using Pro, you can enable IDP sync to join automatically.)

  • When inviting, select “Service Users” — this grants only the ability to use the VPN client.

  • Add them to the group with access to the network (typically “[network name] User Group”).

  • Click “Create User Invites”.

5

User Access

Users need to:

  • Download the VPN client from: http://netmaker.io/download

  • Install the client.

  • Log in with their credentials (username/password or OAuth).

  • Select the network and toggle to connect/disconnect.

While connected, all the user’s internet traffic will flow through the endpoint you deployed.

Client download/connection screenshots
6

That’s it!

Use the public IP of the endpoint when whitelisting traffic, and your users will have access.

PreviousHow to Use Netmaker with a Reverse ProxyNextRemote Access VPN to Azure with WireGuard

Last updated

Was this helpful?