DocsAPI

Gateways

Secure routing and access across any network barrier

IntroductionCopied!

With the release of Netmaker v0.90.0, we’ve simplified things by combining the Remote Access and Relay functionalities into a single feature called Gateways. This new unified approach simplifies the management of secure device connections and ensures reliable network access, whether for remote devices connecting through Remote Access Gateways or nodes behind restrictive network configurations like CGNAT, Double NAT, or firewalls that require Relay functionality.

Here’s how Gateways work:

  1. Remote Access – This feature allows unmanaged devices, including smartphones, laptops, desktops, routers, and IoT devices, to securely connect to a Netmaker network via a Remote Access Gateway. It enables remote devices to access the network securely, without requiring full mesh connectivity.

  2. Relay – For devices behind CGNAT, Double NAT, or restrictive firewalls, the Relay functionality ensures continuous connectivity by routing traffic through a Relay Server, keeping communication intact even when direct access isn’t possible.

With the introduction of the unified Gateways feature in v0.9.0, we’ve combined Remote Access and Relay to simplify remote connections and overcome network restrictions, ensuring stable and secure communication across various network setups.

How Gateways WorkCopied!

A Gateway is a publicly reachable node in your Netmaker network that performs one or both of the following functions:

  • Remote Access: Provides entry for Remote Access Clients using the Netmaker Desktop App or WireGuard configuration files. These clients, such as smartphones, laptops, desktops, and IoT devices, connect to the gateway to securely access network services.

  • Relay: Routes traffic for nodes that cannot establish direct peer-to-peer connections due to network restrictions (e.g., NAT or firewalls).

Configuring a GatewayCopied!

Step 1: Create a Gateway

  1. Navigate to the Gateways interface of your network in the Netmaker dashboard.

  2. Click Create Gateway and select a node to act as the gateway. This node must have a public IP address (not behind a NAT).

    • If unsure, the Netmaker server is a good default choice.

  3. Optionally, set a default DNS server for clients that will connect through the gateway.

Relay ConfigurationCopied!

Adding Relayed Nodes

  1. Navigate to the Connected Nodes tab of your created Gateway.

  2. Click Add Connected Node and select the node that requires relaying.

  3. The selected node will now route its traffic through the gateway.

Auto Relays Option

When adding a new node to the network, you can pre-configure it as a relayed node by:

  1. Generating an enrollment key and specifying the relay and network.

  2. Using the enrollment key during the node setup to automatically configure it as a relayed node.

Generating WireGuard Config FilesCopied!

  1. Click Create Config in the Conf Files tab of your gateway.

  2. Optionally, you can configure the following parameters (leave blank for auto-generation)

    • Name: Assign a unique name to the client.

    • Public Key: Enhance security with a client-specific public key.

    • DNS: Specify a custom DNS server for the client.

    • Additional Addresses: Assign multiple IP addresses to the client.

    • Post Up: Add a custom script to execute after the client connects.

    • Post Down: Add a custom script to execute after the client disconnects.

  3. Download the WireGuard configuration file (conf file) or scan the QR code for unmanaged devices (e.g., routers, IoT devices, desktops) that support WireGuard.

Example WireGuard Configuration:

[Interface]
Address = 100.70.101.254/32,fd3c:2f98:6bb1:2e37:ffff:ffff:ffff:fffe/128
PrivateKey = UJBMEgy5KlWq/lpDy/3k2FewP1nlSjchOkIhYazA+Fo=
MTU = 1420
DNS = 1.1.1.1



[Peer]
PublicKey = KsHJHPJO4b6sviElK1XdGkw3M+oQFYJbVKnXBlLGGFA=
AllowedIPs = 100.70.101.0/24,fd3c:2f98:6bb1:2e37::/64,192.168.1.0/24
Endpoint = 134.122.28.173:443
PersistentKeepalive = 20

Once configured, the external client can securely connect to the network through the gateway. You can disable or delete the client at any time from the Nodes Interface.

Connected UsersCopied!

The Connected Users tab displays users connected via the Netmaker Desktop App. For each user, you can view their WireGuard configuration file and toggle the interface on or off.