# Set up a Static IP User VPN for Whitelisting, with WireGuard and Netmaker

This guide is intended for IT administrators who want to route user traffic through a static IP address for whitelisting purposes.

Why this is useful:

* Provide support staff with a single IP to whitelist on a customer firewall so support traffic can reach on-site services.
* Give a customer a single outbound, whitelisted IP by installing the VPN client locally and routing outbound traffic through your endpoint.

Netmaker lets you deploy an endpoint and route all internet-bound traffic through it; that endpoint’s public IP is what you can whitelist on firewalls. Follow the steps below.

{% stepper %}
{% step %}

### Log into your Netmaker dashboard

In your Netmaker dashboard (on-prem or cloud) you will see a Node already deployed. In the cloud version you select a region for your endpoint. On-prem, the server can act as an endpoint.

You can use the existing endpoint to route traffic, or deploy your own if you have a specific IP you want to use.

![Netmaker dashboard screenshot](/files/ff4e6ccb9fbf952ad19ea79e5760c8ad968ab2da)
{% endstep %}

{% step %}

### (optional) Deploy an endpoint

If you want to use a pre-existing IP, deploy the netclient on a device with that IP (note: must run Linux).

Click the “+Add device” button in the dashboard and follow the steps.

![Add device screenshot](/files/2e8d79e491262e3b58b40a5be8cd0850aa857e07)
{% endstep %}

{% step %}

### Set as Gateway to Internet

Once the node is visible in your dashboard, set it as a Gateway to route traffic from other VPN devices to the internet.

* Navigate to the “Gateways” screen.
* Click “+ Create Gateway” and select the node.<br>

  <figure><img src="/files/VY8yc2t7f12p4KPfB1cI" alt=""><figcaption></figcaption></figure>

{% endstep %}

{% step %}

### Invite Users

As an administrator, invite users to use the VPN:

* Add their email addresses (or create usernames manually).
* Grant them access to the platform. (If using Pro, you can enable IDP sync to join automatically.)
* When inviting, select “Service Users” — this grants only the ability to use the VPN client.
* Add them to the group with access to the network (typically “\[network name] User Group”).
* Click “Create User Invites”.

<figure><img src="/files/qo0DQp7Otu7pxeexEkHo" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}

### User Access

Users need to:

* Download the VPN client from: <http://netmaker.io/download>
* Install the client.
* Log in with their credentials (username/password or OAuth).
* Select the network and toggle to connect/disconnect.

While connected, all the user’s internet traffic will flow through the endpoint you deployed.

![Client download/connection screenshots](/files/096ad5818de577a7560827d1179a003c71ad982e)

<figure><img src="/files/y9qSbE0zMQ3MeJgOkRir" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/TsCZBJuM3cGTI5DFpxJw" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}

<figure><img src="/files/XJrhZzJeU5aEe1ysk7Sz" alt=""><figcaption></figcaption></figure>

{% endstep %}
{% endstepper %}

### That’s it!

Use the public IP of the endpoint when whitelisting traffic, and your users will have access.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://learn.netmaker.io/how-to-guides/set-up-a-static-ip-user-vpn-for-whitelisting-with-wireguard-and-netmaker.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.