Netmaker makes it easy to create secure, peer-to-peer networks over the internet — even when nodes are behind NAT (Network Address Translation). This guide walks you through ensuring that your VPN network is taking advantage of the NAT Traversal functionalities of Netmaker.

Assign a Failover NodeCopied!

Netmaker Pro is fully capable of interconnecting hard-to-reach edge devices without much intervention. It allows you to designate a publicly reachable device—such as the Netmaker Server—as a Failover Node. With this feature, Netmaker detects if any peers in the network are unable to communicate directly—for example, nodes in different private networks behind NAT router/firewall. Once identified, Netmaker automatically reroutes the traffic through the Failover Node, enabling these peers to connect with each other via that node. It functions just like a TURN server.

See this guide for instructions on how to set a device as a Failover Node. You can only designate one device as a Failover Node per VPN network. Note that this feature only works when your machines are running Netclient.

Use [Relay] GatewaysCopied!

[Relay] Gateways function just like a failover node, albeit they don’t automatically reroute traffic for you. Gateways allow you full control over which nodes they relay traffic for. A [Relay] Gateway can be any public machine just like a failover node. And [relay] clients can be any machine installed with Netclient, typically behind NAT but can also be a public machine.

See this guide for instructions on how to set up a device as a [Relay] Gateway and how to assign [Relay] Clients to it. You can assign as many Relay Gateways as needed

Ensure STUN Servers are RunningCopied!

As of v0.18.0, Netmaker use a stun server (Session Traversal Utilities for NAT). This provides a tool for communications protocols to detect and traverse NATs that are located in the path between two endpoints. By default, netmaker uses publicly available STUN servers. You are free to set up your own stun severs and use those to augment/replace the public STUN servers. Update the STUN_LIST to list the STUN servers you wish to use. Two resources for installing your own STUN server are:

Coturn GitHub

https://ourcodeworld.com/articles/read/1175/how-to-create-and-configure-your-own-stun-turn-server-with-coturn-in-ubuntu-18-04

https://cloudkul.com/blog/how-to-install-turn-stun-server-on-aws-ubuntu-20-04/

References and Other SourcesCopied!

• https://docs.netmaker.io/docs/how-to-guides/integrating-non-native-devices

• https://docs.netmaker.io/docs/how-to-guides/how-to-setup-a-full-mesh-site-to-site-vpn-with-netmaker

• https://docs.netmaker.io/docs/how-to-guides/stabilize-netclient-connections-behind-nat

• https://docs.netmaker.io/docs/how-to-guides/securely-interconnecting-ec2-instances-across-private-amazon-vpc-subnets-using-netmaker