mirror of
https://github.com/gravitl/netmaker.git
synced 2024-09-20 15:26:04 +08:00
docs done
This commit is contained in:
parent
038422ce2f
commit
5e1876dc49
BIN
docs/_build/doctrees/client-installation.doctree
vendored
BIN
docs/_build/doctrees/client-installation.doctree
vendored
Binary file not shown.
BIN
docs/_build/doctrees/environment.pickle
vendored
BIN
docs/_build/doctrees/environment.pickle
vendored
Binary file not shown.
BIN
docs/_build/doctrees/support.doctree
vendored
BIN
docs/_build/doctrees/support.doctree
vendored
Binary file not shown.
BIN
docs/_build/doctrees/troubleshoot.doctree
vendored
BIN
docs/_build/doctrees/troubleshoot.doctree
vendored
Binary file not shown.
BIN
docs/_build/doctrees/usage.doctree
vendored
BIN
docs/_build/doctrees/usage.doctree
vendored
Binary file not shown.
|
@ -112,15 +112,40 @@ Managing Netclient
|
|||
Viewing Logs
|
||||
---------------
|
||||
|
||||
**to view current networks**
|
||||
``netclient list``
|
||||
|
||||
**to tail logs**
|
||||
``journalctl -u netclient@<net name> -f``
|
||||
|
||||
**to view all logs**
|
||||
``journalctl -u netclient@<net name>``
|
||||
|
||||
**to get most recent log run**
|
||||
``systemctl status netclient@<net name>``
|
||||
|
||||
Making Updates
|
||||
----------------
|
||||
|
||||
``vim /etc/netclient/netconfig-<network>``
|
||||
|
||||
Change any of the variables in this file, and changes will be pushed to the server and processed locally on the next checkin.
|
||||
|
||||
For instance, change the private address, endpoint, or name. See above example config file for details
|
||||
|
||||
|
||||
Adding/Removing Networks
|
||||
---------------------------
|
||||
|
||||
``netclient join -t <token>``
|
||||
|
||||
Set any of the above flags (netclient join --help) to override settings for joining the network.
|
||||
If a key is provided (-k), then a token is unnecessary, but grpc, server, ports, and network must all be provided via flags.
|
||||
|
||||
|
||||
Uninstalling
|
||||
---------------
|
||||
|
||||
Troubleshooting
|
||||
-----------------
|
||||
``netclient uninstall``
|
||||
|
||||
|
||||
|
|
26
docs/_build/html/_sources/support.rst.txt
vendored
26
docs/_build/html/_sources/support.rst.txt
vendored
|
@ -10,22 +10,15 @@ Does/Will Netmaker Support X Operating System?
|
|||
|
||||
Netmaker is initially available on a limited number of operating systems for good reason: Every operating system is designed differently. With a small team, we can either focus on making Netmaker do a lot on a few number of operating systems, or a little on a bunch of operating systems. We chose the first option. You can view the System Compatibility docs for more info, but in general, you should only be using Netmaker on systemd linux right now.
|
||||
|
||||
However, as of v0.4, we will technically be able to bring any operating system into the network. This is a bit of a hack. v0.4 introduces Ingress Gateways. Think of it this way. You set up a private network. You want devices to access it. You set up a single node as an "Ingress Gateway" and generate config files for "external clients." These clients are unmanaged and unmeshed, meaning they can access the network but only via the gateway. It also means they will not automatically account for changes to the network, and the user will have to update the configs manually.
|
||||
However, via "external clients", any device that supports WireGuard can be added to the network.
|
||||
|
||||
This lets us immediately "support" any device which can run WireGuard, which includes most operating systems at this point including phones and Windows.
|
||||
|
||||
As we stabilize the design and feature set of Netmaker, we will expand the operating system support for Netclient which configures dynamic, fully-meshed devices. Expect to see updates about new OS support every few weeks, until eventually the Ingress Gateway becomes unnecessary (though you will still want it for certain use cases).
|
||||
In future iterations will expand the operating system support for Netclient, and devices that must use the "external client" feature can switch to Netclient.
|
||||
|
||||
How do I install the Netclient on X?
|
||||
---------------------------------------
|
||||
|
||||
As per the above, there are many unsupported operating systems. You are still welcome to try, it is just an executable binary file after all. If the system is unix-based and has kernel WireGuard installed, netclient may very well mesh the device into the network. However, the service likely will encounter problems retrieving updates.
|
||||
|
||||
Why MongoDB? SQL is better and smaller.
|
||||
----------------------------------------
|
||||
|
||||
We are in a phase of rapid iteration. Every week the database schema changes. MongoDB makes our development process much more flexible. That said, we agree! SQL will be better for production, and indeed, we plan to switch over to SQL before v1.0, so please be patient with the resource consumption of MongoDB for the time being; it is helping to support a rapid pace of development.
|
||||
|
||||
|
||||
Is Netmaker a VPN like NordNPN?
|
||||
--------------------------------
|
||||
|
@ -41,10 +34,11 @@ https://github.com/pivpn/pivpn
|
|||
https://github.com/subspacecloud/subspace
|
||||
https://github.com/mullvad/mullvadvpn-app
|
||||
|
||||
Do you offer any paid support?
|
||||
---------------------------------
|
||||
Do you offer any enterprise support?
|
||||
--------------------------------------
|
||||
|
||||
If you are interested in enterprise support for your project, please contact info@gravitl.com.
|
||||
|
||||
Not at this time, but eventually we will. If you are interested, or if you are interested in sponsoring the project generally, please contact Alex Feiszli (alex@gravitl.com).
|
||||
|
||||
Why the SSPL License?
|
||||
----------------------
|
||||
|
@ -57,14 +51,6 @@ If you have concerns about the license leading to project restrictions down the
|
|||
|
||||
All that said, we will re-evaluate the license on a regular basis and determine if an OSI-approved license makes more sense. It's just easier to move from SSPL to another license than vice-versa.
|
||||
|
||||
Issues, Bugs, and Feature Requests
|
||||
=====================================
|
||||
|
||||
Issues / Bugs
|
||||
----------------
|
||||
|
||||
Feature Requests
|
||||
-------------------
|
||||
|
||||
Contact
|
||||
===========
|
||||
|
|
76
docs/_build/html/_sources/troubleshoot.rst.txt
vendored
76
docs/_build/html/_sources/troubleshoot.rst.txt
vendored
|
@ -3,17 +3,91 @@ Troubleshooting
|
|||
=================
|
||||
|
||||
Common Issues
|
||||
---------------
|
||||
--------------
|
||||
**How can I connect my Android, IOS, MacOS or Windows device to my Netmaker VPN?**
|
||||
Currently meshing one of these devices is not supported, however it will be soon.
|
||||
For now you can connect to your VPN by making one of the nodes an Ingressgateway, then
|
||||
create an Ext Client for each device. Finally, use the official WG app or another
|
||||
WG configuration app to connect via QR or downloading the device's WireGuard configuration.
|
||||
|
||||
**I've made changes to my nodes but the nodes themselves haven't updated yet, why?**
|
||||
Please allow your nodes to complete a check in or two, in order to reconfigure themselves.
|
||||
In some cases, it could take up to a minute or so.
|
||||
|
||||
**Do I have to use access keys to join a network?**
|
||||
Although keys are the preferred way to join a network, Netmaker does allow for manual node sign-ups.
|
||||
Simply turn on "allow manual signups" on your network and nodes will not connect until you manually aprove each one.
|
||||
|
||||
**Is there a community or forum to ask questions about Netmaker?**
|
||||
Yes, we have an active `discord <https://discord.gg/Pt4T9y9XK8>`_ community and issues on our `github <https://github.com/gravitl/netmaker/issues>`_ are answered frequently!
|
||||
You can also sign-up for updates at our `gravitl site <https://gravitl.com/>`_!
|
||||
|
||||
Server
|
||||
-------
|
||||
**Can I secure/encrypt all the traffic to my server and UI?**
|
||||
This can fairly simple to achieve assuming you have access to a domain and are familiar with Nginx.
|
||||
Please refer to the quick-start guide to see!
|
||||
|
||||
**Can I connect multiple nodes (mesh clients) behind a single firewall/router?**
|
||||
Yes! As of version 0.7 Netmaker supports UDP Hole Punching to allow this, without the use of a third party STUN server!
|
||||
Is UDP hole punching a risk for you? Well you can turn it off and make static nodes/ports for the server to refer to as well.
|
||||
|
||||
**What are the minimum specs to run the server?**
|
||||
We recommend at least 1 CPU and 2 GB Memory.
|
||||
|
||||
**Does this support IPv6 addressing?**
|
||||
Yes, Netmaker supports IPv6 addressing. When you create a network, just make sure to turn on Dual Stack.
|
||||
Nodes will be given IPv6 addresses along with their IPv4 address. It does not currently support IPv6 only.
|
||||
|
||||
**Does Netmaker support Raft Consensus?**
|
||||
Netmaker does not directly support it, but it uses `rqlite <https://github.com/rqlite/rqlite>`_ (which supports Raft) as the database.
|
||||
|
||||
**How do I uninstall Netmaker?**
|
||||
There is no official uninstall script for the Netmaker server at this time. If you followed the quick-start guide, simply run ``sudo docker-compose -f docker-compose.quickstart.yml down --volumes``
|
||||
to completely wipe your server. Otherwise kill the running binary and it's up to you to remove database records/volumes.
|
||||
|
||||
UI
|
||||
----
|
||||
**I want to make a seperate network and give my friend access to only that network.**
|
||||
Simply navigate to the UI (as an admin account). Select users in the top left and create them an account.
|
||||
Select the network(s) to give them and they should be good to go! They are an admin of that network(s) only now.
|
||||
|
||||
**I'm done with an access key, can I delete it?**
|
||||
Simply navigate to the UI (as an admin account). Select your network of interest, then the select the ``Access Keys`` tab.
|
||||
Then delete the rogue access key.
|
||||
|
||||
**I can't delete my network, why?**
|
||||
You **MUST** remove all nodes in a network before you can delete it.
|
||||
|
||||
**Can I have multiple nodes with the same name?**
|
||||
Yes, nodes can share names without issue. It may just be harder on you to know which is which.
|
||||
|
||||
Agent
|
||||
-------
|
||||
**How do I connect a node to my Netmaker network with Netclient?**
|
||||
First get your access token (not just access key), then run ``sudo netclient join -t <access token>``.
|
||||
**NOTE:** netclient may be under /etc/netclient/, i.e run ``sudo /etc/netclient/netclient join -t <access token>``
|
||||
|
||||
**How do I disconnect a node on a Netmaker network?**
|
||||
In order to leave a Netmaker network, run ``sudo netclient leave -n <network-name>``
|
||||
|
||||
**How do I check the logs of my agent on a node?**
|
||||
You will need sudo/root permissions, but you can run ``sudo systemctl status netclient@<insert network name>``
|
||||
or you may also run ``sudo journalctl -u netclient@<network name>``.
|
||||
Note for journalctl: you should hit the ``end`` key to get to view the most recent logs quickly or use ``journalctl -u netclient@<network name> -f`` instead.
|
||||
|
||||
**Can I check the configuration of my node on the node?**
|
||||
**A:** Yes, on the node simply run ``sudo cat /etc/netclient/netconfig-<network name>`` and you should see what your current configuration is!
|
||||
You can also see the current WireGuard configuration with ``sudo wg show``
|
||||
|
||||
**I am done with the agent on my machine, can I uninstall it?**
|
||||
Yes, on the node simply run ``sudo /etc/netclient/netclient uninstall``.
|
||||
|
||||
|
||||
CoreDNS
|
||||
--------
|
||||
**Is CoreDNS required to use Netmaker?**
|
||||
CoreDNS is not required. Simply start your server with ``DNS_MODE="off"``.
|
||||
|
||||
**What is the minimum DNS entry value I can use?**
|
||||
Netmaker supports down to two characters for DNS names for your networks domains**
|
||||
|
|
21
docs/_build/html/_sources/usage.rst.txt
vendored
21
docs/_build/html/_sources/usage.rst.txt
vendored
|
@ -19,21 +19,6 @@ Video Tutorials
|
|||
|
||||
Written Tutorials
|
||||
-----------------
|
||||
* `Kubernetes Cross-cloud cluster <https://itnext.io/how-to-deploy-a-single-kubernetes-cluster-across-multiple-clouds-using-k3s-and-wireguard-a5ae176a6e81>`_: Tutorial on setting up cross-cloud Kubernetes clusters using Netmaker.
|
||||
|
||||
Basic
|
||||
=====
|
||||
|
||||
Local Network
|
||||
=============
|
||||
|
||||
Site-to-Site
|
||||
============
|
||||
|
||||
Dual Stack with IPv6
|
||||
====================
|
||||
|
||||
Kubernetes Node Network
|
||||
========================
|
||||
|
||||
|
||||
* `K3s Cross-cloud cluster <https://itnext.io/how-to-deploy-a-single-kubernetes-cluster-across-multiple-clouds-using-k3s-and-wireguard-a5ae176a6e81>`_: Tutorial on setting up cross-cloud K3s clusters using Netmaker.
|
||||
* `MicroK8s Cross-cloud cluster <https://itnext.io/how-to-deploy-a-cross-cloud-kubernetes-cluster-with-built-in-disaster-recovery-bbce27fcc9d7>`_: Tutorial on setting up cross-cloud MicroK8s clusters using Netmaker.
|
||||
* `Secure access to private services <https://afeiszli.medium.com/how-to-enable-secure-access-to-your-hosted-services-using-netmaker-and-wireguard-1b3282d4b7aa>`_: Tutorial on setting up secure Nextcloud with Netmaker.
|
109
docs/_build/html/client-installation.html
vendored
109
docs/_build/html/client-installation.html
vendored
|
@ -375,7 +375,14 @@
|
|||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="server-installation.html#dns-mode-prereqisite-setup" class="md-nav__link">DNS Mode Prereqisite Setup</a>
|
||||
<a href="server-installation.html#server-configuration-reference" class="md-nav__link">Server Configuration Reference</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="server-installation.html#dns-mode-setup" class="md-nav__link">DNS Mode Setup</a>
|
||||
|
||||
|
||||
</li>
|
||||
|
@ -399,13 +406,6 @@
|
|||
<a href="server-installation.html#kubernetes-install" class="md-nav__link">Kubernetes Install</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="server-installation.html#configuration-reference" class="md-nav__link">Configuration Reference</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
@ -463,8 +463,6 @@
|
|||
<li class="md-nav__item"><a href="#adding-removing-networks" class="md-nav__link">Adding/Removing Networks</a>
|
||||
</li>
|
||||
<li class="md-nav__item"><a href="#uninstalling" class="md-nav__link">Uninstalling</a>
|
||||
</li>
|
||||
<li class="md-nav__item"><a href="#troubleshooting" class="md-nav__link">Troubleshooting</a>
|
||||
</li></ul>
|
||||
</nav>
|
||||
</li></ul>
|
||||
|
@ -556,41 +554,6 @@
|
|||
<a href="usage.html#external-tutorials" class="md-nav__link">External Tutorials</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="usage.html#basic" class="md-nav__link">Basic</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="usage.html#local-network" class="md-nav__link">Local Network</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="usage.html#site-to-site" class="md-nav__link">Site-to-Site</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="usage.html#dual-stack-with-ipv6" class="md-nav__link">Dual Stack with IPv6</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="usage.html#kubernetes-node-network" class="md-nav__link">Kubernetes Node Network</a>
|
||||
|
||||
|
||||
</li></ul>
|
||||
|
||||
</li>
|
||||
|
@ -682,13 +645,6 @@
|
|||
<a href="support.html#faq" class="md-nav__link">FAQ</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="support.html#issues-bugs-and-feature-requests" class="md-nav__link">Issues, Bugs, and Feature Requests</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
@ -832,8 +788,6 @@
|
|||
<li class="md-nav__item"><a href="#adding-removing-networks" class="md-nav__link">Adding/Removing Networks</a>
|
||||
</li>
|
||||
<li class="md-nav__item"><a href="#uninstalling" class="md-nav__link">Uninstalling</a>
|
||||
</li>
|
||||
<li class="md-nav__item"><a href="#troubleshooting" class="md-nav__link">Troubleshooting</a>
|
||||
</li></ul>
|
||||
</nav>
|
||||
</li></ul>
|
||||
|
@ -917,7 +871,8 @@
|
|||
</pre></div>
|
||||
</div>
|
||||
<p><code class="docutils literal notranslate"><span class="pre">sudo</span> <span class="pre">netclient</span> <span class="pre">join</span> <span class="pre">--help</span></code></p>
|
||||
<div class="highlight-YAML notranslate"><div class="highlight"><pre><span></span><span class="nt">NAME</span><span class="p">:</span>
|
||||
<div class="highlight-YAML notranslate"><div class="highlight"><pre><span></span><span class="l l-Scalar l-Scalar-Plain">alex@workstation:~$ sudo netclient join --help</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">NAME</span><span class="p p-Indicator">:</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">netclient join - Join a Netmaker network.</span>
|
||||
|
||||
<span class="nt">USAGE</span><span class="p">:</span>
|
||||
|
@ -925,7 +880,7 @@
|
|||
|
||||
<span class="nt">OPTIONS</span><span class="p">:</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">--network value, -n value Network to perform specified action against. (default</span><span class="p p-Indicator">:</span> <span class="s">"all"</span><span class="l l-Scalar l-Scalar-Plain">) [$NETCLIENT_NETWORK]</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">--password value, -p value Password for authenticating with netmaker. (default</span><span class="p p-Indicator">:</span> <span class="s">"badpassword"</span><span class="l l-Scalar l-Scalar-Plain">) [$NETCLIENT_PASSWORD]</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">--password value, -p value Password for authenticating with netmaker. [$NETCLIENT_PASSWORD]</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">--endpoint value, -e value Reachable (usually public) address for WireGuard (not the private WG address). [$NETCLIENT_ENDPOINT]</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">--macaddress value, -m value Mac Address for this machine. Used as a unique identifier within Netmaker network. [$NETCLIENT_MACADDRESS]</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">--publickey value, --pubkey value Public Key for WireGuard Interface. [$NETCLIENT_PUBLICKEY]</span>
|
||||
|
@ -938,14 +893,15 @@
|
|||
<span class="l l-Scalar l-Scalar-Plain">--address value, -a value WireGuard address for machine within Netmaker network. [$NETCLIENT_ADDRESS]</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">--addressIPv6 value, --a6 value WireGuard address for machine within Netmaker network. [$NETCLIENT_ADDRESSIPV6]</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">--interface value, -i value WireGuard local network interface name. [$NETCLIENT_INTERFACE]</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">--apiserver value Address + API Port (e.g. 1.2.3.4:8081) of Netmaker server. [$NETCLIENT_API_SERVER]</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">--grpcserver value Address + GRPC Port (e.g. 1.2.3.4:50051) of Netmaker server. [$NETCLIENT_GRPC_SERVER]</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">--apiserver value Address + GRPC Port (e.g. 1.2.3.4:50051) of Netmaker server. [$NETCLIENT_API_SERVER]</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">--grpcserver value Address + API Port (e.g. 1.2.3.4:8081) of Netmaker server. [$NETCLIENT_GRPC_SERVER]</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">--key value, -k value Access Key for signing up machine with Netmaker server during initial 'add'. [$NETCLIENT_ACCESSKEY]</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">--token value, -t value Access Token for signing up machine with Netmaker server during initial 'add'. [$NETCLIENT_ACCESSTOKEN]</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">--localrange value Local Range if network is local, for instance 192.168.1.0/24. [$NETCLIENT_LOCALRANGE]</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">--dns value Sets private dns if 'on'. Ignores if 'off'. Will retrieve from network if unset. [$NETCLIENT_DNS]</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">--dns value Sets private dns if 'on'. Ignores if 'off'. Will retrieve from network if unset. (default</span><span class="p p-Indicator">:</span> <span class="s">"on"</span><span class="l l-Scalar l-Scalar-Plain">) [$NETCLIENT_DNS]</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">--islocal value Sets endpoint to local address if 'yes'. Ignores if 'no'. Will retrieve from network if unset. [$NETCLIENT_IS_LOCAL]</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">--isdualstack value Sets ipv6 address if 'yes'. Ignores if 'no'. Will retrieve from network if unset. [$NETCLIENT_IS_DUALSTACK]</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">--udpholepunch value Turns on udp holepunching if 'yes'. Ignores if 'no'. Will retrieve from network if unset. [$NETCLIENT_UDP_HOLEPUNCH]</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">--ipforwarding value Sets ip forwarding on if 'on'. Ignores if 'off'. On by default. (default</span><span class="p p-Indicator">:</span> <span class="s">"on"</span><span class="l l-Scalar l-Scalar-Plain">) [$NETCLIENT_IPFORWARDING]</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">--postup value Sets PostUp command for WireGuard. [$NETCLIENT_POSTUP]</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">--postdown value Sets PostDown command for WireGuard. [$NETCLIENT_POSTDOWN]</span>
|
||||
|
@ -959,6 +915,7 @@
|
|||
<h3 id="config-file-reference">Config File Reference<a class="headerlink" href="#config-file-reference" title="Permalink to this headline">¶</a></h3>
|
||||
<p>There is a config file for each node under /etc/netconfig-<network name>. You can change these values and then set “postchanges” to “true”, or go to the CLI and run <code class="docutils literal notranslate"><span class="pre">netclient</span> <span class="pre">push</span> <span class="pre">-n</span> <span class="pre"><network></span></code></p>
|
||||
<div class="highlight-YAML notranslate"><div class="highlight"><pre><span></span><span class="nt">server</span><span class="p">:</span>
|
||||
<span class="nt">corednsaddr</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">147.182.251.203</span> <span class="c1"># Address of CoreDNS Server (set locally with resolvectl)</span>
|
||||
<span class="nt">grpcaddress</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">10.101.0.1:50051</span> <span class="c1"># Address of GRPC Server (used for all interaction with server after registration)</span>
|
||||
<span class="nt">apiaddress</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">1.2.3.4:8081</span> <span class="c1"># Address of API Server (used only for registration/unregistration)</span>
|
||||
<span class="nt">accesskey</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">5qKTbTgsvb45y3qyRmWft</span> <span class="c1"># Key used to sign up with server. Used only during registration</span>
|
||||
|
@ -971,12 +928,12 @@
|
|||
<span class="nt">localaddress</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">192.168.1.32</span> <span class="c1"># Address on local network, used as endpoint for other local nodes for faster comms</span>
|
||||
<span class="nt">wgaddress</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">10.7.11.2</span> <span class="c1"># Private WG addres on network</span>
|
||||
<span class="nt">wgaddress6</span><span class="p">:</span> <span class="s">"f8:34:41:77:5c:15"</span> <span class="c1"># Private ipv6 address if network is dual stack</span>
|
||||
<span class="nt">roaming</span><span class="p">:</span> <span class="s">"on"</span> <span class="c1"># Whether or not to grab new endpoint value automatically</span>
|
||||
<span class="nt">dns</span><span class="p">:</span> <span class="s">"off"</span> <span class="c1"># Whether or not to set local DNS based on Netmaker's Private DNS server</span>
|
||||
<span class="nt">roaming</span><span class="p">:</span> <span class="s">"yes"</span> <span class="c1"># Whether or not to grab new endpoint value automatically</span>
|
||||
<span class="nt">dnson</span><span class="p">:</span> <span class="s">"no"</span> <span class="c1"># Whether or not to set local DNS based on Netmaker's Private DNS server</span>
|
||||
<span class="nt">islocal</span><span class="p">:</span> <span class="s">"no"</span> <span class="c1"># Based on network. If yes, will use local IP as endpoint.</span>
|
||||
<span class="nt">isdualstack</span><span class="p">:</span> <span class="s">"yes"</span> <span class="c1"># Use IPv6 in addition to IPv4</span>
|
||||
<span class="nt">isingressgateway</span><span class="p">:</span> <span class="s">"no"</span> <span class="c1"># whether or not node is an ingress gateway (will set iptables forwarding rules)</span>
|
||||
<span class="nt">allowedips</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># not currently used</span>
|
||||
<span class="nt">allowedips</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># additional IP's to add to client</span>
|
||||
<span class="nt">localrange</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># local range if it's a local network. For instance, 192.168.1.0/24</span>
|
||||
<span class="nt">postup</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># postup command, used by ingress/egress gateways to set iptables</span>
|
||||
<span class="nt">postdown</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># postdown command, used by ingress/egress gateways to set iptables</span>
|
||||
|
@ -986,9 +943,11 @@
|
|||
<span class="nt">privatekey</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># private key, set only for changing and then will revert to blank in config</span>
|
||||
<span class="nt">endpoint</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">78.170.22.168</span> <span class="c1"># public endpoint for reaching node </span>
|
||||
<span class="nt">postchanges</span><span class="p">:</span> <span class="s">"false"</span> <span class="c1"># if true, will post and config file changes on next checkin and then revert to false</span>
|
||||
<span class="nt">ipforwarding</span><span class="p">:</span> <span class="s">"on"</span> <span class="c1"># set ip forwarding; highly recommended to leave on</span>
|
||||
<span class="nt">network</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">home</span> <span class="c1"># the network (duplicate of node.network)</span>
|
||||
<span class="nt">daemon</span><span class="p">:</span> <span class="s">"on"</span> <span class="c1"># whether or not to manage systemd</span>
|
||||
<span class="nt">ipforwarding</span><span class="p">:</span> <span class="s">"yes"</span> <span class="c1"># set ip forwarding; highly recommended to leave on</span>
|
||||
<span class="nt">isstatic</span><span class="p">:</span> <span class="s">"no"</span> <span class="c1"># if yes, daemon will not change pubkey, endpoint, or address</span>
|
||||
<span class="nt">udpholepunch</span><span class="p">:</span> <span class="s">"yes"</span> <span class="c1"># run UDP hole punching (will ignore port above, e.g. 51821)</span>
|
||||
<span class="nt">network</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">home</span> <span class="c1"># the network (duplicate of node.network)</span>
|
||||
<span class="nt">daemon</span><span class="p">:</span> <span class="s">"yes"</span> <span class="c1"># whether or not to manage systemd</span>
|
||||
<span class="nt">operatingsystem</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># not currently in use</span>
|
||||
</pre></div>
|
||||
</div>
|
||||
|
@ -1007,18 +966,32 @@
|
|||
<h2 id="managing-netclient">Managing Netclient<a class="headerlink" href="#managing-netclient" title="Permalink to this headline">¶</a></h2>
|
||||
|
||||
<h3 id="viewing-logs">Viewing Logs<a class="headerlink" href="#viewing-logs" title="Permalink to this headline">¶</a></h3>
|
||||
<dl class="simple">
|
||||
<dt><strong>to view current networks</strong></dt><dd><p><code class="docutils literal notranslate"><span class="pre">netclient</span> <span class="pre">list</span></code></p>
|
||||
</dd>
|
||||
<dt><strong>to tail logs</strong></dt><dd><p><code class="docutils literal notranslate"><span class="pre">journalctl</span> <span class="pre">-u</span> <span class="pre">netclient@<net</span> <span class="pre">name></span> <span class="pre">-f</span></code></p>
|
||||
</dd>
|
||||
<dt><strong>to view all logs</strong></dt><dd><p><code class="docutils literal notranslate"><span class="pre">journalctl</span> <span class="pre">-u</span> <span class="pre">netclient@<net</span> <span class="pre">name></span></code></p>
|
||||
</dd>
|
||||
<dt><strong>to get most recent log run</strong></dt><dd><p><code class="docutils literal notranslate"><span class="pre">systemctl</span> <span class="pre">status</span> <span class="pre">netclient@<net</span> <span class="pre">name></span></code></p>
|
||||
</dd>
|
||||
</dl>
|
||||
|
||||
|
||||
<h3 id="making-updates">Making Updates<a class="headerlink" href="#making-updates" title="Permalink to this headline">¶</a></h3>
|
||||
<p><code class="docutils literal notranslate"><span class="pre">vim</span> <span class="pre">/etc/netclient/netconfig-<network></span></code></p>
|
||||
<p>Change any of the variables in this file, and changes will be pushed to the server and processed locally on the next checkin.</p>
|
||||
<p>For instance, change the private address, endpoint, or name. See above example config file for details</p>
|
||||
|
||||
|
||||
<h3 id="adding-removing-networks">Adding/Removing Networks<a class="headerlink" href="#adding-removing-networks" title="Permalink to this headline">¶</a></h3>
|
||||
<p><code class="docutils literal notranslate"><span class="pre">netclient</span> <span class="pre">join</span> <span class="pre">-t</span> <span class="pre"><token></span></code></p>
|
||||
<p>Set any of the above flags (netclient join –help) to override settings for joining the network.
|
||||
If a key is provided (-k), then a token is unnecessary, but grpc, server, ports, and network must all be provided via flags.</p>
|
||||
|
||||
|
||||
<h3 id="uninstalling">Uninstalling<a class="headerlink" href="#uninstalling" title="Permalink to this headline">¶</a></h3>
|
||||
|
||||
|
||||
<h3 id="troubleshooting">Troubleshooting<a class="headerlink" href="#troubleshooting" title="Permalink to this headline">¶</a></h3>
|
||||
<p><code class="docutils literal notranslate"><span class="pre">netclient</span> <span class="pre">uninstall</span></code></p>
|
||||
|
||||
|
||||
|
||||
|
|
42
docs/_build/html/genindex.html
vendored
42
docs/_build/html/genindex.html
vendored
|
@ -502,41 +502,6 @@
|
|||
<a href="usage.html#external-tutorials" class="md-nav__link">External Tutorials</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="usage.html#basic" class="md-nav__link">Basic</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="usage.html#local-network" class="md-nav__link">Local Network</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="usage.html#site-to-site" class="md-nav__link">Site-to-Site</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="usage.html#dual-stack-with-ipv6" class="md-nav__link">Dual Stack with IPv6</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="usage.html#kubernetes-node-network" class="md-nav__link">Kubernetes Node Network</a>
|
||||
|
||||
|
||||
</li></ul>
|
||||
|
||||
</li>
|
||||
|
@ -628,13 +593,6 @@
|
|||
<a href="support.html#faq" class="md-nav__link">FAQ</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="support.html#issues-bugs-and-feature-requests" class="md-nav__link">Issues, Bugs, and Feature Requests</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
|
48
docs/_build/html/index.html
vendored
48
docs/_build/html/index.html
vendored
|
@ -503,41 +503,6 @@
|
|||
<a href="usage.html#external-tutorials" class="md-nav__link">External Tutorials</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="usage.html#basic" class="md-nav__link">Basic</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="usage.html#local-network" class="md-nav__link">Local Network</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="usage.html#site-to-site" class="md-nav__link">Site-to-Site</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="usage.html#dual-stack-with-ipv6" class="md-nav__link">Dual Stack with IPv6</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="usage.html#kubernetes-node-network" class="md-nav__link">Kubernetes Node Network</a>
|
||||
|
||||
|
||||
</li></ul>
|
||||
|
||||
</li>
|
||||
|
@ -629,13 +594,6 @@
|
|||
<a href="support.html#faq" class="md-nav__link">FAQ</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="support.html#issues-bugs-and-feature-requests" class="md-nav__link">Issues, Bugs, and Feature Requests</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
@ -903,11 +861,6 @@
|
|||
<ul>
|
||||
<li class="toctree-l1"><a class="reference internal" href="usage.html">Using Netmaker</a><ul>
|
||||
<li class="toctree-l2"><a class="reference internal" href="usage.html#external-tutorials">External Tutorials</a></li>
|
||||
<li class="toctree-l2"><a class="reference internal" href="usage.html#basic">Basic</a></li>
|
||||
<li class="toctree-l2"><a class="reference internal" href="usage.html#local-network">Local Network</a></li>
|
||||
<li class="toctree-l2"><a class="reference internal" href="usage.html#site-to-site">Site-to-Site</a></li>
|
||||
<li class="toctree-l2"><a class="reference internal" href="usage.html#dual-stack-with-ipv6">Dual Stack with IPv6</a></li>
|
||||
<li class="toctree-l2"><a class="reference internal" href="usage.html#kubernetes-node-network">Kubernetes Node Network</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
|
@ -946,7 +899,6 @@
|
|||
<ul>
|
||||
<li class="toctree-l1"><a class="reference internal" href="support.html">Support</a><ul>
|
||||
<li class="toctree-l2"><a class="reference internal" href="support.html#faq">FAQ</a></li>
|
||||
<li class="toctree-l2"><a class="reference internal" href="support.html#issues-bugs-and-feature-requests">Issues, Bugs, and Feature Requests</a></li>
|
||||
<li class="toctree-l2"><a class="reference internal" href="support.html#contact">Contact</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
|
|
42
docs/_build/html/search.html
vendored
42
docs/_build/html/search.html
vendored
|
@ -508,41 +508,6 @@
|
|||
<a href="usage.html#external-tutorials" class="md-nav__link">External Tutorials</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="usage.html#basic" class="md-nav__link">Basic</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="usage.html#local-network" class="md-nav__link">Local Network</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="usage.html#site-to-site" class="md-nav__link">Site-to-Site</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="usage.html#dual-stack-with-ipv6" class="md-nav__link">Dual Stack with IPv6</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="usage.html#kubernetes-node-network" class="md-nav__link">Kubernetes Node Network</a>
|
||||
|
||||
|
||||
</li></ul>
|
||||
|
||||
</li>
|
||||
|
@ -634,13 +599,6 @@
|
|||
<a href="support.html#faq" class="md-nav__link">FAQ</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="support.html#issues-bugs-and-feature-requests" class="md-nav__link">Issues, Bugs, and Feature Requests</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
|
2
docs/_build/html/searchindex.js
vendored
2
docs/_build/html/searchindex.js
vendored
File diff suppressed because one or more lines are too long
69
docs/_build/html/support.html
vendored
69
docs/_build/html/support.html
vendored
|
@ -375,7 +375,14 @@
|
|||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="server-installation.html#dns-mode-prereqisite-setup" class="md-nav__link">DNS Mode Prereqisite Setup</a>
|
||||
<a href="server-installation.html#server-configuration-reference" class="md-nav__link">Server Configuration Reference</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="server-installation.html#dns-mode-setup" class="md-nav__link">DNS Mode Setup</a>
|
||||
|
||||
|
||||
</li>
|
||||
|
@ -399,13 +406,6 @@
|
|||
<a href="server-installation.html#kubernetes-install" class="md-nav__link">Kubernetes Install</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="server-installation.html#configuration-reference" class="md-nav__link">Configuration Reference</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
@ -639,24 +639,14 @@
|
|||
</li>
|
||||
<li class="md-nav__item"><a href="#how-do-i-install-the-netclient-on-x" class="md-nav__link">How do I install the Netclient on X?</a>
|
||||
</li>
|
||||
<li class="md-nav__item"><a href="#why-mongodb-sql-is-better-and-smaller" class="md-nav__link">Why MongoDB? SQL is better and smaller.</a>
|
||||
</li>
|
||||
<li class="md-nav__item"><a href="#is-netmaker-a-vpn-like-nordnpn" class="md-nav__link">Is Netmaker a VPN like NordNPN?</a>
|
||||
</li>
|
||||
<li class="md-nav__item"><a href="#do-you-offer-any-paid-support" class="md-nav__link">Do you offer any paid support?</a>
|
||||
<li class="md-nav__item"><a href="#do-you-offer-any-enterprise-support" class="md-nav__link">Do you offer any enterprise support?</a>
|
||||
</li>
|
||||
<li class="md-nav__item"><a href="#why-the-sspl-license" class="md-nav__link">Why the SSPL License?</a>
|
||||
</li></ul>
|
||||
</nav>
|
||||
</li>
|
||||
<li class="md-nav__item"><a href="#issues-bugs-and-feature-requests" class="md-nav__link">Issues, Bugs, and Feature Requests</a><nav class="md-nav">
|
||||
<ul class="md-nav__list">
|
||||
<li class="md-nav__item"><a href="#issues-bugs" class="md-nav__link">Issues / Bugs</a>
|
||||
</li>
|
||||
<li class="md-nav__item"><a href="#feature-requests" class="md-nav__link">Feature Requests</a>
|
||||
</li></ul>
|
||||
</nav>
|
||||
</li>
|
||||
<li class="md-nav__item"><a href="#contact" class="md-nav__link">Contact</a>
|
||||
</li></ul>
|
||||
</nav>
|
||||
|
@ -670,13 +660,6 @@
|
|||
<a href="#faq" class="md-nav__link">FAQ</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="#issues-bugs-and-feature-requests" class="md-nav__link">Issues, Bugs, and Feature Requests</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
@ -793,24 +776,14 @@
|
|||
</li>
|
||||
<li class="md-nav__item"><a href="#how-do-i-install-the-netclient-on-x" class="md-nav__link">How do I install the Netclient on X?</a>
|
||||
</li>
|
||||
<li class="md-nav__item"><a href="#why-mongodb-sql-is-better-and-smaller" class="md-nav__link">Why MongoDB? SQL is better and smaller.</a>
|
||||
</li>
|
||||
<li class="md-nav__item"><a href="#is-netmaker-a-vpn-like-nordnpn" class="md-nav__link">Is Netmaker a VPN like NordNPN?</a>
|
||||
</li>
|
||||
<li class="md-nav__item"><a href="#do-you-offer-any-paid-support" class="md-nav__link">Do you offer any paid support?</a>
|
||||
<li class="md-nav__item"><a href="#do-you-offer-any-enterprise-support" class="md-nav__link">Do you offer any enterprise support?</a>
|
||||
</li>
|
||||
<li class="md-nav__item"><a href="#why-the-sspl-license" class="md-nav__link">Why the SSPL License?</a>
|
||||
</li></ul>
|
||||
</nav>
|
||||
</li>
|
||||
<li class="md-nav__item"><a href="#issues-bugs-and-feature-requests" class="md-nav__link">Issues, Bugs, and Feature Requests</a><nav class="md-nav">
|
||||
<ul class="md-nav__list">
|
||||
<li class="md-nav__item"><a href="#issues-bugs" class="md-nav__link">Issues / Bugs</a>
|
||||
</li>
|
||||
<li class="md-nav__item"><a href="#feature-requests" class="md-nav__link">Feature Requests</a>
|
||||
</li></ul>
|
||||
</nav>
|
||||
</li>
|
||||
<li class="md-nav__item"><a href="#contact" class="md-nav__link">Contact</a>
|
||||
</li></ul>
|
||||
</nav>
|
||||
|
@ -831,19 +804,14 @@
|
|||
|
||||
<h3 id="does-will-netmaker-support-x-operating-system">Does/Will Netmaker Support X Operating System?<a class="headerlink" href="#does-will-netmaker-support-x-operating-system" title="Permalink to this headline">¶</a></h3>
|
||||
<p>Netmaker is initially available on a limited number of operating systems for good reason: Every operating system is designed differently. With a small team, we can either focus on making Netmaker do a lot on a few number of operating systems, or a little on a bunch of operating systems. We chose the first option. You can view the System Compatibility docs for more info, but in general, you should only be using Netmaker on systemd linux right now.</p>
|
||||
<p>However, as of v0.4, we will technically be able to bring any operating system into the network. This is a bit of a hack. v0.4 introduces Ingress Gateways. Think of it this way. You set up a private network. You want devices to access it. You set up a single node as an “Ingress Gateway” and generate config files for “external clients.” These clients are unmanaged and unmeshed, meaning they can access the network but only via the gateway. It also means they will not automatically account for changes to the network, and the user will have to update the configs manually.</p>
|
||||
<p>This lets us immediately “support” any device which can run WireGuard, which includes most operating systems at this point including phones and Windows.</p>
|
||||
<p>As we stabilize the design and feature set of Netmaker, we will expand the operating system support for Netclient which configures dynamic, fully-meshed devices. Expect to see updates about new OS support every few weeks, until eventually the Ingress Gateway becomes unnecessary (though you will still want it for certain use cases).</p>
|
||||
<p>However, via “external clients”, any device that supports WireGuard can be added to the network.</p>
|
||||
<p>In future iterations will expand the operating system support for Netclient, and devices that must use the “external client” feature can switch to Netclient.</p>
|
||||
|
||||
|
||||
<h3 id="how-do-i-install-the-netclient-on-x">How do I install the Netclient on X?<a class="headerlink" href="#how-do-i-install-the-netclient-on-x" title="Permalink to this headline">¶</a></h3>
|
||||
<p>As per the above, there are many unsupported operating systems. You are still welcome to try, it is just an executable binary file after all. If the system is unix-based and has kernel WireGuard installed, netclient may very well mesh the device into the network. However, the service likely will encounter problems retrieving updates.</p>
|
||||
|
||||
|
||||
<h3 id="why-mongodb-sql-is-better-and-smaller">Why MongoDB? SQL is better and smaller.<a class="headerlink" href="#why-mongodb-sql-is-better-and-smaller" title="Permalink to this headline">¶</a></h3>
|
||||
<p>We are in a phase of rapid iteration. Every week the database schema changes. MongoDB makes our development process much more flexible. That said, we agree! SQL will be better for production, and indeed, we plan to switch over to SQL before v1.0, so please be patient with the resource consumption of MongoDB for the time being; it is helping to support a rapid pace of development.</p>
|
||||
|
||||
|
||||
<h3 id="is-netmaker-a-vpn-like-nordnpn">Is Netmaker a VPN like NordNPN?<a class="headerlink" href="#is-netmaker-a-vpn-like-nordnpn" title="Permalink to this headline">¶</a></h3>
|
||||
<p>No. Netmaker makes Virtual Networks, which are technically VPNs, but different. It’s more like a corporate VPN, or a VPC (if you’re familiar with AWS).</p>
|
||||
<p>If you’re looking to achieve self-hosted web browsing, with functionality similar to NordVPN, ExpressVPN, Surfshark, Tunnelbear, or Private Internet Access, this is probably not the project for you. Technically, you can accomplish this with Netmaker, but it would be a little like using a all-terrain vehicle for stock car racing.</p>
|
||||
|
@ -854,8 +822,8 @@
|
|||
<a class="reference external" href="https://github.com/mullvad/mullvadvpn-app">https://github.com/mullvad/mullvadvpn-app</a></p>
|
||||
|
||||
|
||||
<h3 id="do-you-offer-any-paid-support">Do you offer any paid support?<a class="headerlink" href="#do-you-offer-any-paid-support" title="Permalink to this headline">¶</a></h3>
|
||||
<p>Not at this time, but eventually we will. If you are interested, or if you are interested in sponsoring the project generally, please contact Alex Feiszli (<a class="reference external" href="mailto:alex%40gravitl.com">alex<span>@</span>gravitl<span>.</span>com</a>).</p>
|
||||
<h3 id="do-you-offer-any-enterprise-support">Do you offer any enterprise support?<a class="headerlink" href="#do-you-offer-any-enterprise-support" title="Permalink to this headline">¶</a></h3>
|
||||
<p>If you are interested in enterprise support for your project, please contact <a class="reference external" href="mailto:info%40gravitl.com">info<span>@</span>gravitl<span>.</span>com</a>.</p>
|
||||
|
||||
|
||||
<h3 id="why-the-sspl-license">Why the SSPL License?<a class="headerlink" href="#why-the-sspl-license" title="Permalink to this headline">¶</a></h3>
|
||||
|
@ -866,15 +834,6 @@
|
|||
|
||||
|
||||
|
||||
<h2 id="issues-bugs-and-feature-requests">Issues, Bugs, and Feature Requests<a class="headerlink" href="#issues-bugs-and-feature-requests" title="Permalink to this headline">¶</a></h2>
|
||||
|
||||
<h3 id="issues-bugs">Issues / Bugs<a class="headerlink" href="#issues-bugs" title="Permalink to this headline">¶</a></h3>
|
||||
|
||||
|
||||
<h3 id="feature-requests">Feature Requests<a class="headerlink" href="#feature-requests" title="Permalink to this headline">¶</a></h3>
|
||||
|
||||
|
||||
|
||||
<h2 id="contact">Contact<a class="headerlink" href="#contact" title="Permalink to this headline">¶</a></h2>
|
||||
<p>If you need help, try the discord or open a GitHub ticket.</p>
|
||||
<p>Email: <a class="reference external" href="mailto:info%40gravitl.com">info<span>@</span>gravitl<span>.</span>com</a></p>
|
||||
|
|
91
docs/_build/html/troubleshoot.html
vendored
91
docs/_build/html/troubleshoot.html
vendored
|
@ -375,7 +375,14 @@
|
|||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="server-installation.html#dns-mode-prereqisite-setup" class="md-nav__link">DNS Mode Prereqisite Setup</a>
|
||||
<a href="server-installation.html#server-configuration-reference" class="md-nav__link">Server Configuration Reference</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="server-installation.html#dns-mode-setup" class="md-nav__link">DNS Mode Setup</a>
|
||||
|
||||
|
||||
</li>
|
||||
|
@ -399,13 +406,6 @@
|
|||
<a href="server-installation.html#kubernetes-install" class="md-nav__link">Kubernetes Install</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="server-installation.html#configuration-reference" class="md-nav__link">Configuration Reference</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
@ -654,13 +654,6 @@
|
|||
<a href="support.html#faq" class="md-nav__link">FAQ</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="support.html#issues-bugs-and-feature-requests" class="md-nav__link">Issues, Bugs, and Feature Requests</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
@ -796,18 +789,86 @@
|
|||
<h1 id="troubleshoot--page-root">Troubleshooting<a class="headerlink" href="#troubleshoot--page-root" title="Permalink to this headline">¶</a></h1>
|
||||
|
||||
<h2 id="common-issues">Common Issues<a class="headerlink" href="#common-issues" title="Permalink to this headline">¶</a></h2>
|
||||
<dl class="simple">
|
||||
<dt><strong>How can I connect my Android, IOS, MacOS or Windows device to my Netmaker VPN?</strong></dt><dd><p>Currently meshing one of these devices is not supported, however it will be soon.
|
||||
For now you can connect to your VPN by making one of the nodes an Ingressgateway, then
|
||||
create an Ext Client for each device. Finally, use the official WG app or another
|
||||
WG configuration app to connect via QR or downloading the device’s WireGuard configuration.</p>
|
||||
</dd>
|
||||
<dt><strong>I’ve made changes to my nodes but the nodes themselves haven’t updated yet, why?</strong></dt><dd><p>Please allow your nodes to complete a check in or two, in order to reconfigure themselves.
|
||||
In some cases, it could take up to a minute or so.</p>
|
||||
</dd>
|
||||
<dt><strong>Do I have to use access keys to join a network?</strong></dt><dd><p>Although keys are the preferred way to join a network, Netmaker does allow for manual node sign-ups.
|
||||
Simply turn on “allow manual signups” on your network and nodes will not connect until you manually aprove each one.</p>
|
||||
</dd>
|
||||
<dt><strong>Is there a community or forum to ask questions about Netmaker?</strong></dt><dd><p>Yes, we have an active <a class="reference external" href="https://discord.gg/Pt4T9y9XK8">discord</a> community and issues on our <a class="reference external" href="https://github.com/gravitl/netmaker/issues">github</a> are answered frequently!
|
||||
You can also sign-up for updates at our <a class="reference external" href="https://gravitl.com/">gravitl site</a>!</p>
|
||||
</dd>
|
||||
</dl>
|
||||
|
||||
|
||||
<h2 id="server">Server<a class="headerlink" href="#server" title="Permalink to this headline">¶</a></h2>
|
||||
<dl class="simple">
|
||||
<dt><strong>Can I secure/encrypt all the traffic to my server and UI?</strong></dt><dd><p>This can fairly simple to achieve assuming you have access to a domain and are familiar with Nginx.
|
||||
Please refer to the quick-start guide to see!</p>
|
||||
</dd>
|
||||
<dt><strong>Can I connect multiple nodes (mesh clients) behind a single firewall/router?</strong></dt><dd><p>Yes! As of version 0.7 Netmaker supports UDP Hole Punching to allow this, without the use of a third party STUN server!
|
||||
Is UDP hole punching a risk for you? Well you can turn it off and make static nodes/ports for the server to refer to as well.</p>
|
||||
</dd>
|
||||
<dt><strong>What are the minimum specs to run the server?</strong></dt><dd><p>We recommend at least 1 CPU and 2 GB Memory.</p>
|
||||
</dd>
|
||||
<dt><strong>Does this support IPv6 addressing?</strong></dt><dd><p>Yes, Netmaker supports IPv6 addressing. When you create a network, just make sure to turn on Dual Stack.
|
||||
Nodes will be given IPv6 addresses along with their IPv4 address. It does not currently support IPv6 only.</p>
|
||||
</dd>
|
||||
<dt><strong>Does Netmaker support Raft Consensus?</strong></dt><dd><p>Netmaker does not directly support it, but it uses <a class="reference external" href="https://github.com/rqlite/rqlite">rqlite</a> (which supports Raft) as the database.</p>
|
||||
</dd>
|
||||
<dt><strong>How do I uninstall Netmaker?</strong></dt><dd><p>There is no official uninstall script for the Netmaker server at this time. If you followed the quick-start guide, simply run <code class="docutils literal notranslate"><span class="pre">sudo</span> <span class="pre">docker-compose</span> <span class="pre">-f</span> <span class="pre">docker-compose.quickstart.yml</span> <span class="pre">down</span> <span class="pre">--volumes</span></code>
|
||||
to completely wipe your server. Otherwise kill the running binary and it’s up to you to remove database records/volumes.</p>
|
||||
</dd>
|
||||
</dl>
|
||||
|
||||
|
||||
<h2 id="ui">UI<a class="headerlink" href="#ui" title="Permalink to this headline">¶</a></h2>
|
||||
<dl class="simple">
|
||||
<dt><strong>I want to make a seperate network and give my friend access to only that network.</strong></dt><dd><p>Simply navigate to the UI (as an admin account). Select users in the top left and create them an account.
|
||||
Select the network(s) to give them and they should be good to go! They are an admin of that network(s) only now.</p>
|
||||
</dd>
|
||||
<dt><strong>I’m done with an access key, can I delete it?</strong></dt><dd><p>Simply navigate to the UI (as an admin account). Select your network of interest, then the select the <code class="docutils literal notranslate"><span class="pre">Access</span> <span class="pre">Keys</span></code> tab.
|
||||
Then delete the rogue access key.</p>
|
||||
</dd>
|
||||
<dt><strong>I can’t delete my network, why?</strong></dt><dd><p>You <strong>MUST</strong> remove all nodes in a network before you can delete it.</p>
|
||||
</dd>
|
||||
<dt><strong>Can I have multiple nodes with the same name?</strong></dt><dd><p>Yes, nodes can share names without issue. It may just be harder on you to know which is which.</p>
|
||||
</dd>
|
||||
</dl>
|
||||
|
||||
|
||||
<h2 id="agent">Agent<a class="headerlink" href="#agent" title="Permalink to this headline">¶</a></h2>
|
||||
<dl class="simple">
|
||||
<dt><strong>How do I connect a node to my Netmaker network with Netclient?</strong></dt><dd><p>First get your access token (not just access key), then run <code class="docutils literal notranslate"><span class="pre">sudo</span> <span class="pre">netclient</span> <span class="pre">join</span> <span class="pre">-t</span> <span class="pre"><access</span> <span class="pre">token></span></code>.
|
||||
<strong>NOTE:</strong> netclient may be under /etc/netclient/, i.e run <code class="docutils literal notranslate"><span class="pre">sudo</span> <span class="pre">/etc/netclient/netclient</span> <span class="pre">join</span> <span class="pre">-t</span> <span class="pre"><access</span> <span class="pre">token></span></code></p>
|
||||
</dd>
|
||||
<dt><strong>How do I disconnect a node on a Netmaker network?</strong></dt><dd><p>In order to leave a Netmaker network, run <code class="docutils literal notranslate"><span class="pre">sudo</span> <span class="pre">netclient</span> <span class="pre">leave</span> <span class="pre">-n</span> <span class="pre"><network-name></span></code></p>
|
||||
</dd>
|
||||
<dt><strong>How do I check the logs of my agent on a node?</strong></dt><dd><p>You will need sudo/root permissions, but you can run <code class="docutils literal notranslate"><span class="pre">sudo</span> <span class="pre">systemctl</span> <span class="pre">status</span> <span class="pre">netclient@<insert</span> <span class="pre">network</span> <span class="pre">name></span></code>
|
||||
or you may also run <code class="docutils literal notranslate"><span class="pre">sudo</span> <span class="pre">journalctl</span> <span class="pre">-u</span> <span class="pre">netclient@<network</span> <span class="pre">name></span></code>.
|
||||
Note for journalctl: you should hit the <code class="docutils literal notranslate"><span class="pre">end</span></code> key to get to view the most recent logs quickly or use <code class="docutils literal notranslate"><span class="pre">journalctl</span> <span class="pre">-u</span> <span class="pre">netclient@<network</span> <span class="pre">name></span> <span class="pre">-f</span></code> instead.</p>
|
||||
</dd>
|
||||
<dt><strong>Can I check the configuration of my node on the node?</strong></dt><dd><p><strong>A:</strong> Yes, on the node simply run <code class="docutils literal notranslate"><span class="pre">sudo</span> <span class="pre">cat</span> <span class="pre">/etc/netclient/netconfig-<network</span> <span class="pre">name></span></code> and you should see what your current configuration is!
|
||||
You can also see the current WireGuard configuration with <code class="docutils literal notranslate"><span class="pre">sudo</span> <span class="pre">wg</span> <span class="pre">show</span></code></p>
|
||||
</dd>
|
||||
<dt><strong>I am done with the agent on my machine, can I uninstall it?</strong></dt><dd><p>Yes, on the node simply run <code class="docutils literal notranslate"><span class="pre">sudo</span> <span class="pre">/etc/netclient/netclient</span> <span class="pre">uninstall</span></code>.</p>
|
||||
</dd>
|
||||
</dl>
|
||||
|
||||
|
||||
<h2 id="coredns">CoreDNS<a class="headerlink" href="#coredns" title="Permalink to this headline">¶</a></h2>
|
||||
<dl class="simple">
|
||||
<dt><strong>Is CoreDNS required to use Netmaker?</strong></dt><dd><p>CoreDNS is not required. Simply start your server with <code class="docutils literal notranslate"><span class="pre">DNS_MODE="off"</span></code>.</p>
|
||||
</dd>
|
||||
<dt><strong>What is the minimum DNS entry value I can use?</strong></dt><dd><p>Netmaker supports down to two characters for DNS names for your networks domains**</p>
|
||||
</dd>
|
||||
</dl>
|
||||
|
||||
|
||||
|
||||
|
|
97
docs/_build/html/usage.html
vendored
97
docs/_build/html/usage.html
vendored
|
@ -375,7 +375,14 @@
|
|||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="server-installation.html#dns-mode-prereqisite-setup" class="md-nav__link">DNS Mode Prereqisite Setup</a>
|
||||
<a href="server-installation.html#server-configuration-reference" class="md-nav__link">Server Configuration Reference</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="server-installation.html#dns-mode-setup" class="md-nav__link">DNS Mode Setup</a>
|
||||
|
||||
|
||||
</li>
|
||||
|
@ -399,13 +406,6 @@
|
|||
<a href="server-installation.html#kubernetes-install" class="md-nav__link">Kubernetes Install</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="server-installation.html#configuration-reference" class="md-nav__link">Configuration Reference</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
@ -514,16 +514,6 @@
|
|||
<li class="md-nav__item"><a href="#written-tutorials" class="md-nav__link">Written Tutorials</a>
|
||||
</li></ul>
|
||||
</nav>
|
||||
</li>
|
||||
<li class="md-nav__item"><a href="#basic" class="md-nav__link">Basic</a>
|
||||
</li>
|
||||
<li class="md-nav__item"><a href="#local-network" class="md-nav__link">Local Network</a>
|
||||
</li>
|
||||
<li class="md-nav__item"><a href="#site-to-site" class="md-nav__link">Site-to-Site</a>
|
||||
</li>
|
||||
<li class="md-nav__item"><a href="#dual-stack-with-ipv6" class="md-nav__link">Dual Stack with IPv6</a>
|
||||
</li>
|
||||
<li class="md-nav__item"><a href="#kubernetes-node-network" class="md-nav__link">Kubernetes Node Network</a>
|
||||
</li></ul>
|
||||
</nav>
|
||||
</li>
|
||||
|
@ -536,41 +526,6 @@
|
|||
<a href="#external-tutorials" class="md-nav__link">External Tutorials</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="#basic" class="md-nav__link">Basic</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="#local-network" class="md-nav__link">Local Network</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="#site-to-site" class="md-nav__link">Site-to-Site</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="#dual-stack-with-ipv6" class="md-nav__link">Dual Stack with IPv6</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="#kubernetes-node-network" class="md-nav__link">Kubernetes Node Network</a>
|
||||
|
||||
|
||||
</li></ul>
|
||||
|
||||
</li>
|
||||
|
@ -662,13 +617,6 @@
|
|||
<a href="support.html#faq" class="md-nav__link">FAQ</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
||||
<a href="support.html#issues-bugs-and-feature-requests" class="md-nav__link">Issues, Bugs, and Feature Requests</a>
|
||||
|
||||
|
||||
</li>
|
||||
<li class="md-nav__item">
|
||||
|
||||
|
@ -786,16 +734,6 @@
|
|||
<li class="md-nav__item"><a href="#written-tutorials" class="md-nav__link">Written Tutorials</a>
|
||||
</li></ul>
|
||||
</nav>
|
||||
</li>
|
||||
<li class="md-nav__item"><a href="#basic" class="md-nav__link">Basic</a>
|
||||
</li>
|
||||
<li class="md-nav__item"><a href="#local-network" class="md-nav__link">Local Network</a>
|
||||
</li>
|
||||
<li class="md-nav__item"><a href="#site-to-site" class="md-nav__link">Site-to-Site</a>
|
||||
</li>
|
||||
<li class="md-nav__item"><a href="#dual-stack-with-ipv6" class="md-nav__link">Dual Stack with IPv6</a>
|
||||
</li>
|
||||
<li class="md-nav__item"><a href="#kubernetes-node-network" class="md-nav__link">Kubernetes Node Network</a>
|
||||
</li></ul>
|
||||
</nav>
|
||||
</li>
|
||||
|
@ -826,26 +764,13 @@
|
|||
|
||||
<h3 id="written-tutorials">Written Tutorials<a class="headerlink" href="#written-tutorials" title="Permalink to this headline">¶</a></h3>
|
||||
<ul class="simple">
|
||||
<li><p><a class="reference external" href="https://itnext.io/how-to-deploy-a-single-kubernetes-cluster-across-multiple-clouds-using-k3s-and-wireguard-a5ae176a6e81">Kubernetes Cross-cloud cluster</a>: Tutorial on setting up cross-cloud Kubernetes clusters using Netmaker.</p></li>
|
||||
<li><p><a class="reference external" href="https://itnext.io/how-to-deploy-a-single-kubernetes-cluster-across-multiple-clouds-using-k3s-and-wireguard-a5ae176a6e81">K3s Cross-cloud cluster</a>: Tutorial on setting up cross-cloud K3s clusters using Netmaker.</p></li>
|
||||
<li><p><a class="reference external" href="https://itnext.io/how-to-deploy-a-cross-cloud-kubernetes-cluster-with-built-in-disaster-recovery-bbce27fcc9d7">MicroK8s Cross-cloud cluster</a>: Tutorial on setting up cross-cloud MicroK8s clusters using Netmaker.</p></li>
|
||||
<li><p><a class="reference external" href="https://afeiszli.medium.com/how-to-enable-secure-access-to-your-hosted-services-using-netmaker-and-wireguard-1b3282d4b7aa">Secure access to private services</a>: Tutorial on setting up secure Nextcloud with Netmaker.</p></li>
|
||||
</ul>
|
||||
|
||||
|
||||
|
||||
<h2 id="basic">Basic<a class="headerlink" href="#basic" title="Permalink to this headline">¶</a></h2>
|
||||
|
||||
|
||||
<h2 id="local-network">Local Network<a class="headerlink" href="#local-network" title="Permalink to this headline">¶</a></h2>
|
||||
|
||||
|
||||
<h2 id="site-to-site">Site-to-Site<a class="headerlink" href="#site-to-site" title="Permalink to this headline">¶</a></h2>
|
||||
|
||||
|
||||
<h2 id="dual-stack-with-ipv6">Dual Stack with IPv6<a class="headerlink" href="#dual-stack-with-ipv6" title="Permalink to this headline">¶</a></h2>
|
||||
|
||||
|
||||
<h2 id="kubernetes-node-network">Kubernetes Node Network<a class="headerlink" href="#kubernetes-node-network" title="Permalink to this headline">¶</a></h2>
|
||||
|
||||
|
||||
|
||||
|
||||
</article>
|
||||
|
|
|
@ -112,15 +112,40 @@ Managing Netclient
|
|||
Viewing Logs
|
||||
---------------
|
||||
|
||||
**to view current networks**
|
||||
``netclient list``
|
||||
|
||||
**to tail logs**
|
||||
``journalctl -u netclient@<net name> -f``
|
||||
|
||||
**to view all logs**
|
||||
``journalctl -u netclient@<net name>``
|
||||
|
||||
**to get most recent log run**
|
||||
``systemctl status netclient@<net name>``
|
||||
|
||||
Making Updates
|
||||
----------------
|
||||
|
||||
``vim /etc/netclient/netconfig-<network>``
|
||||
|
||||
Change any of the variables in this file, and changes will be pushed to the server and processed locally on the next checkin.
|
||||
|
||||
For instance, change the private address, endpoint, or name. See above example config file for details
|
||||
|
||||
|
||||
Adding/Removing Networks
|
||||
---------------------------
|
||||
|
||||
``netclient join -t <token>``
|
||||
|
||||
Set any of the above flags (netclient join --help) to override settings for joining the network.
|
||||
If a key is provided (-k), then a token is unnecessary, but grpc, server, ports, and network must all be provided via flags.
|
||||
|
||||
|
||||
Uninstalling
|
||||
---------------
|
||||
|
||||
Troubleshooting
|
||||
-----------------
|
||||
``netclient uninstall``
|
||||
|
||||
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
alex@workstation:~$ sudo netclient join --help
|
||||
NAME:
|
||||
netclient join - Join a Netmaker network.
|
||||
|
||||
|
@ -6,7 +7,7 @@ USAGE:
|
|||
|
||||
OPTIONS:
|
||||
--network value, -n value Network to perform specified action against. (default: "all") [$NETCLIENT_NETWORK]
|
||||
--password value, -p value Password for authenticating with netmaker. (default: "badpassword") [$NETCLIENT_PASSWORD]
|
||||
--password value, -p value Password for authenticating with netmaker. [$NETCLIENT_PASSWORD]
|
||||
--endpoint value, -e value Reachable (usually public) address for WireGuard (not the private WG address). [$NETCLIENT_ENDPOINT]
|
||||
--macaddress value, -m value Mac Address for this machine. Used as a unique identifier within Netmaker network. [$NETCLIENT_MACADDRESS]
|
||||
--publickey value, --pubkey value Public Key for WireGuard Interface. [$NETCLIENT_PUBLICKEY]
|
||||
|
@ -19,17 +20,18 @@ OPTIONS:
|
|||
--address value, -a value WireGuard address for machine within Netmaker network. [$NETCLIENT_ADDRESS]
|
||||
--addressIPv6 value, --a6 value WireGuard address for machine within Netmaker network. [$NETCLIENT_ADDRESSIPV6]
|
||||
--interface value, -i value WireGuard local network interface name. [$NETCLIENT_INTERFACE]
|
||||
--apiserver value Address + API Port (e.g. 1.2.3.4:8081) of Netmaker server. [$NETCLIENT_API_SERVER]
|
||||
--grpcserver value Address + GRPC Port (e.g. 1.2.3.4:50051) of Netmaker server. [$NETCLIENT_GRPC_SERVER]
|
||||
--apiserver value Address + GRPC Port (e.g. 1.2.3.4:50051) of Netmaker server. [$NETCLIENT_API_SERVER]
|
||||
--grpcserver value Address + API Port (e.g. 1.2.3.4:8081) of Netmaker server. [$NETCLIENT_GRPC_SERVER]
|
||||
--key value, -k value Access Key for signing up machine with Netmaker server during initial 'add'. [$NETCLIENT_ACCESSKEY]
|
||||
--token value, -t value Access Token for signing up machine with Netmaker server during initial 'add'. [$NETCLIENT_ACCESSTOKEN]
|
||||
--localrange value Local Range if network is local, for instance 192.168.1.0/24. [$NETCLIENT_LOCALRANGE]
|
||||
--dns value Sets private dns if 'on'. Ignores if 'off'. Will retrieve from network if unset. [$NETCLIENT_DNS]
|
||||
--dns value Sets private dns if 'on'. Ignores if 'off'. Will retrieve from network if unset. (default: "on") [$NETCLIENT_DNS]
|
||||
--islocal value Sets endpoint to local address if 'yes'. Ignores if 'no'. Will retrieve from network if unset. [$NETCLIENT_IS_LOCAL]
|
||||
--isdualstack value Sets ipv6 address if 'yes'. Ignores if 'no'. Will retrieve from network if unset. [$NETCLIENT_IS_DUALSTACK]
|
||||
--udpholepunch value Turns on udp holepunching if 'yes'. Ignores if 'no'. Will retrieve from network if unset. [$NETCLIENT_UDP_HOLEPUNCH]
|
||||
--ipforwarding value Sets ip forwarding on if 'on'. Ignores if 'off'. On by default. (default: "on") [$NETCLIENT_IPFORWARDING]
|
||||
--postup value Sets PostUp command for WireGuard. [$NETCLIENT_POSTUP]
|
||||
--postdown value Sets PostDown command for WireGuard. [$NETCLIENT_POSTDOWN]
|
||||
--daemon value Installs daemon if 'on'. Ignores if 'off'. On by default. (default: "on") [$NETCLIENT_DAEMON]
|
||||
--roaming value Checks for IP changes if 'on'. Ignores if 'off'. On by default. (default: "on") [$NETCLIENT_ROAMING]
|
||||
--help, -h show help (default: false)
|
||||
--help, -h show help (default: false)
|
|
@ -1,4 +1,5 @@
|
|||
server:
|
||||
corednsaddr: 147.182.251.203 # Address of CoreDNS Server (set locally with resolvectl)
|
||||
grpcaddress: 10.101.0.1:50051 # Address of GRPC Server (used for all interaction with server after registration)
|
||||
apiaddress: 1.2.3.4:8081 # Address of API Server (used only for registration/unregistration)
|
||||
accesskey: 5qKTbTgsvb45y3qyRmWft # Key used to sign up with server. Used only during registration
|
||||
|
@ -11,12 +12,12 @@ node:
|
|||
localaddress: 192.168.1.32 # Address on local network, used as endpoint for other local nodes for faster comms
|
||||
wgaddress: 10.7.11.2 # Private WG addres on network
|
||||
wgaddress6: "f8:34:41:77:5c:15" # Private ipv6 address if network is dual stack
|
||||
roaming: "on" # Whether or not to grab new endpoint value automatically
|
||||
dns: "off" # Whether or not to set local DNS based on Netmaker's Private DNS server
|
||||
roaming: "yes" # Whether or not to grab new endpoint value automatically
|
||||
dnson: "no" # Whether or not to set local DNS based on Netmaker's Private DNS server
|
||||
islocal: "no" # Based on network. If yes, will use local IP as endpoint.
|
||||
isdualstack: "yes" # Use IPv6 in addition to IPv4
|
||||
isingressgateway: "no" # whether or not node is an ingress gateway (will set iptables forwarding rules)
|
||||
allowedips: "" # not currently used
|
||||
allowedips: "" # additional IP's to add to client
|
||||
localrange: "" # local range if it's a local network. For instance, 192.168.1.0/24
|
||||
postup: "" # postup command, used by ingress/egress gateways to set iptables
|
||||
postdown: "" # postdown command, used by ingress/egress gateways to set iptables
|
||||
|
@ -26,7 +27,9 @@ node:
|
|||
privatekey: "" # private key, set only for changing and then will revert to blank in config
|
||||
endpoint: 78.170.22.168 # public endpoint for reaching node
|
||||
postchanges: "false" # if true, will post and config file changes on next checkin and then revert to false
|
||||
ipforwarding: "on" # set ip forwarding; highly recommended to leave on
|
||||
network: home # the network (duplicate of node.network)
|
||||
daemon: "on" # whether or not to manage systemd
|
||||
operatingsystem: "" # not currently in use
|
||||
ipforwarding: "yes" # set ip forwarding; highly recommended to leave on
|
||||
isstatic: "no" # if yes, daemon will not change pubkey, endpoint, or address
|
||||
udpholepunch: "yes" # run UDP hole punching (will ignore port above, e.g. 51821)
|
||||
network: home # the network (duplicate of node.network)
|
||||
daemon: "yes" # whether or not to manage systemd
|
||||
operatingsystem: "" # not currently in use
|
|
@ -10,22 +10,15 @@ Does/Will Netmaker Support X Operating System?
|
|||
|
||||
Netmaker is initially available on a limited number of operating systems for good reason: Every operating system is designed differently. With a small team, we can either focus on making Netmaker do a lot on a few number of operating systems, or a little on a bunch of operating systems. We chose the first option. You can view the System Compatibility docs for more info, but in general, you should only be using Netmaker on systemd linux right now.
|
||||
|
||||
However, as of v0.4, we will technically be able to bring any operating system into the network. This is a bit of a hack. v0.4 introduces Ingress Gateways. Think of it this way. You set up a private network. You want devices to access it. You set up a single node as an "Ingress Gateway" and generate config files for "external clients." These clients are unmanaged and unmeshed, meaning they can access the network but only via the gateway. It also means they will not automatically account for changes to the network, and the user will have to update the configs manually.
|
||||
However, via "external clients", any device that supports WireGuard can be added to the network.
|
||||
|
||||
This lets us immediately "support" any device which can run WireGuard, which includes most operating systems at this point including phones and Windows.
|
||||
|
||||
As we stabilize the design and feature set of Netmaker, we will expand the operating system support for Netclient which configures dynamic, fully-meshed devices. Expect to see updates about new OS support every few weeks, until eventually the Ingress Gateway becomes unnecessary (though you will still want it for certain use cases).
|
||||
In future iterations will expand the operating system support for Netclient, and devices that must use the "external client" feature can switch to Netclient.
|
||||
|
||||
How do I install the Netclient on X?
|
||||
---------------------------------------
|
||||
|
||||
As per the above, there are many unsupported operating systems. You are still welcome to try, it is just an executable binary file after all. If the system is unix-based and has kernel WireGuard installed, netclient may very well mesh the device into the network. However, the service likely will encounter problems retrieving updates.
|
||||
|
||||
Why MongoDB? SQL is better and smaller.
|
||||
----------------------------------------
|
||||
|
||||
We are in a phase of rapid iteration. Every week the database schema changes. MongoDB makes our development process much more flexible. That said, we agree! SQL will be better for production, and indeed, we plan to switch over to SQL before v1.0, so please be patient with the resource consumption of MongoDB for the time being; it is helping to support a rapid pace of development.
|
||||
|
||||
|
||||
Is Netmaker a VPN like NordNPN?
|
||||
--------------------------------
|
||||
|
@ -41,10 +34,11 @@ https://github.com/pivpn/pivpn
|
|||
https://github.com/subspacecloud/subspace
|
||||
https://github.com/mullvad/mullvadvpn-app
|
||||
|
||||
Do you offer any paid support?
|
||||
---------------------------------
|
||||
Do you offer any enterprise support?
|
||||
--------------------------------------
|
||||
|
||||
If you are interested in enterprise support for your project, please contact info@gravitl.com.
|
||||
|
||||
Not at this time, but eventually we will. If you are interested, or if you are interested in sponsoring the project generally, please contact Alex Feiszli (alex@gravitl.com).
|
||||
|
||||
Why the SSPL License?
|
||||
----------------------
|
||||
|
@ -57,14 +51,6 @@ If you have concerns about the license leading to project restrictions down the
|
|||
|
||||
All that said, we will re-evaluate the license on a regular basis and determine if an OSI-approved license makes more sense. It's just easier to move from SSPL to another license than vice-versa.
|
||||
|
||||
Issues, Bugs, and Feature Requests
|
||||
=====================================
|
||||
|
||||
Issues / Bugs
|
||||
----------------
|
||||
|
||||
Feature Requests
|
||||
-------------------
|
||||
|
||||
Contact
|
||||
===========
|
||||
|
|
|
@ -4,90 +4,90 @@ Troubleshooting
|
|||
|
||||
Common Issues
|
||||
--------------
|
||||
- **How can I connect my Android, IOS, MacOS or Windows device to my Netmaker VPN?**
|
||||
* **A:** Currently meshing one of these devices is not supported, however it will be soon.
|
||||
**How can I connect my Android, IOS, MacOS or Windows device to my Netmaker VPN?**
|
||||
Currently meshing one of these devices is not supported, however it will be soon.
|
||||
For now you can connect to your VPN by making one of the nodes an Ingressgateway, then
|
||||
create an Ext Client for each device. Finally, use the official WG app or another
|
||||
WG configuration app to connect via QR or downloading the device's WireGuard configuration.
|
||||
|
||||
- **I've made changes to my nodes but the nodes themselves haven't updated yet, why?**
|
||||
* **A:** Please allow your nodes to complete a check in or two, in order to reconfigure themselves.
|
||||
**I've made changes to my nodes but the nodes themselves haven't updated yet, why?**
|
||||
Please allow your nodes to complete a check in or two, in order to reconfigure themselves.
|
||||
In some cases, it could take up to a minute or so.
|
||||
|
||||
- **Do I have to use access keys to join a network?**
|
||||
* **A:** Although keys are the preferred way to join a network, Netmaker does allow for manual node sign-ups.
|
||||
**Do I have to use access keys to join a network?**
|
||||
Although keys are the preferred way to join a network, Netmaker does allow for manual node sign-ups.
|
||||
Simply turn on "allow manual signups" on your network and nodes will not connect until you manually aprove each one.
|
||||
|
||||
- **Is there a community or forum to ask questions about Netmaker?**
|
||||
* **A:** Yes, we have an active `discord <https://discord.gg/Pt4T9y9XK8>`_ community and issues on our `github <https://github.com/gravitl/netmaker/issues>`_ are answered frequently!
|
||||
**Is there a community or forum to ask questions about Netmaker?**
|
||||
Yes, we have an active `discord <https://discord.gg/Pt4T9y9XK8>`_ community and issues on our `github <https://github.com/gravitl/netmaker/issues>`_ are answered frequently!
|
||||
You can also sign-up for updates at our `gravitl site <https://gravitl.com/>`_!
|
||||
|
||||
Server
|
||||
-------
|
||||
- **Can I secure/encrypt all the traffic to my server and UI?**
|
||||
* **A:** This can fairly simple to achieve assuming you have access to a domain and are familiar with Nginx.
|
||||
**Can I secure/encrypt all the traffic to my server and UI?**
|
||||
This can fairly simple to achieve assuming you have access to a domain and are familiar with Nginx.
|
||||
Please refer to the quick-start guide to see!
|
||||
|
||||
- **Can I connect multiple nodes (mesh clients) behind a single firewall/router?**
|
||||
* **A:** Yes! As of version 0.7 Netmaker supports UDP Hole Punching to allow this, without the use of a third party STUN server!
|
||||
**Can I connect multiple nodes (mesh clients) behind a single firewall/router?**
|
||||
Yes! As of version 0.7 Netmaker supports UDP Hole Punching to allow this, without the use of a third party STUN server!
|
||||
Is UDP hole punching a risk for you? Well you can turn it off and make static nodes/ports for the server to refer to as well.
|
||||
|
||||
- **What are the minimum specs to run the server?**
|
||||
* **A:** We recommend at least 1 CPU and 2 GB Memory.
|
||||
**What are the minimum specs to run the server?**
|
||||
We recommend at least 1 CPU and 2 GB Memory.
|
||||
|
||||
- **Does this support IPv6 addressing?**
|
||||
* **A:** Yes, Netmaker supports IPv6 addressing. When you create a network, just make sure to turn on Dual Stack.
|
||||
**Does this support IPv6 addressing?**
|
||||
Yes, Netmaker supports IPv6 addressing. When you create a network, just make sure to turn on Dual Stack.
|
||||
Nodes will be given IPv6 addresses along with their IPv4 address. It does not currently support IPv6 only.
|
||||
|
||||
- **Does Netmaker support Raft Consensus?**
|
||||
* **A:** Netmaker does not directly support it, but it uses `rqlite <https://github.com/rqlite/rqlite>`_ (which supports Raft) as the database.
|
||||
**Does Netmaker support Raft Consensus?**
|
||||
Netmaker does not directly support it, but it uses `rqlite <https://github.com/rqlite/rqlite>`_ (which supports Raft) as the database.
|
||||
|
||||
- **How do I uninstall Netmaker?**
|
||||
* **A:** There is no official uninstall script for the Netmaker server at this time. If you followed the quick-start guide, simply run ``sudo docker-compose -f docker-compose.quickstart.yml down --volumes``
|
||||
**How do I uninstall Netmaker?**
|
||||
There is no official uninstall script for the Netmaker server at this time. If you followed the quick-start guide, simply run ``sudo docker-compose -f docker-compose.quickstart.yml down --volumes``
|
||||
to completely wipe your server. Otherwise kill the running binary and it's up to you to remove database records/volumes.
|
||||
|
||||
UI
|
||||
----
|
||||
- **I want to make a seperate network and give my friend access to only that network.**
|
||||
* **A:** Simply navigate to the UI (as an admin account). Select users in the top left and create them an account.
|
||||
**I want to make a seperate network and give my friend access to only that network.**
|
||||
Simply navigate to the UI (as an admin account). Select users in the top left and create them an account.
|
||||
Select the network(s) to give them and they should be good to go! They are an admin of that network(s) only now.
|
||||
|
||||
- **I'm done with an access key, can I delete it?**
|
||||
* **A:** Simply navigate to the UI (as an admin account). Select your network of interest, then the select the ``Access Keys`` tab.
|
||||
**I'm done with an access key, can I delete it?**
|
||||
Simply navigate to the UI (as an admin account). Select your network of interest, then the select the ``Access Keys`` tab.
|
||||
Then delete the rogue access key.
|
||||
|
||||
- **I can't delete my network, why?**
|
||||
* **A:** You **MUST** remove all nodes in a network before you can delete it.
|
||||
**I can't delete my network, why?**
|
||||
You **MUST** remove all nodes in a network before you can delete it.
|
||||
|
||||
- **Can I have multiple nodes with the same name?**
|
||||
* **A:** Yes, nodes can share names without issue. It may just be harder on you to know which is which.
|
||||
**Can I have multiple nodes with the same name?**
|
||||
Yes, nodes can share names without issue. It may just be harder on you to know which is which.
|
||||
|
||||
Agent
|
||||
-------
|
||||
- **How do I connect a node to my Netmaker network with Netclient?**
|
||||
* **A:** First get your access token (not just access key), then run ``sudo netclient join -t <access token>``.
|
||||
**How do I connect a node to my Netmaker network with Netclient?**
|
||||
First get your access token (not just access key), then run ``sudo netclient join -t <access token>``.
|
||||
**NOTE:** netclient may be under /etc/netclient/, i.e run ``sudo /etc/netclient/netclient join -t <access token>``
|
||||
|
||||
- **How do I disconnect a node on a Netmaker network?**
|
||||
* **A:** In order to leave a Netmaker network, run ``sudo netclient leave -n <network-name>``
|
||||
**How do I disconnect a node on a Netmaker network?**
|
||||
In order to leave a Netmaker network, run ``sudo netclient leave -n <network-name>``
|
||||
|
||||
- **How do I check the logs of my agent on a node?**
|
||||
* **A:** You will need sudo/root permissions, but you can run ``sudo systemctl status netclient@<insert network name>``
|
||||
**How do I check the logs of my agent on a node?**
|
||||
You will need sudo/root permissions, but you can run ``sudo systemctl status netclient@<insert network name>``
|
||||
or you may also run ``sudo journalctl -u netclient@<network name>``.
|
||||
Note for journalctl: you should hit the ``end`` key to get to view the most recent logs quickly or use ``journalctl -u netclient@<network name> -f`` instead.
|
||||
|
||||
- **Can I check the configuration of my node on the node?**
|
||||
* **A:** Yes, on the node simply run ``sudo cat /etc/netclient/netconfig-<network name>`` and you should see what your current configuration is!
|
||||
**Can I check the configuration of my node on the node?**
|
||||
**A:** Yes, on the node simply run ``sudo cat /etc/netclient/netconfig-<network name>`` and you should see what your current configuration is!
|
||||
You can also see the current WireGuard configuration with ``sudo wg show``
|
||||
|
||||
- **I am done with the agent on my machine, can I uninstall it?**
|
||||
* **A:** Yes, on the node simply run ``sudo /etc/netclient/netclient uninstall``.
|
||||
**I am done with the agent on my machine, can I uninstall it?**
|
||||
Yes, on the node simply run ``sudo /etc/netclient/netclient uninstall``.
|
||||
|
||||
|
||||
CoreDNS
|
||||
--------
|
||||
- **Is CoreDNS required to use Netmaker?**
|
||||
* **A:** CoreDNS is not required. Simply start your server with ``DNS_MODE="off"``.
|
||||
**Is CoreDNS required to use Netmaker?**
|
||||
CoreDNS is not required. Simply start your server with ``DNS_MODE="off"``.
|
||||
|
||||
- **What is the minimum DNS entry value I can use?**
|
||||
* **A:** Netmaker supports down to two characters for DNS names for your networks domains**
|
||||
**What is the minimum DNS entry value I can use?**
|
||||
Netmaker supports down to two characters for DNS names for your networks domains**
|
||||
|
|
|
@ -19,21 +19,6 @@ Video Tutorials
|
|||
|
||||
Written Tutorials
|
||||
-----------------
|
||||
* `Kubernetes Cross-cloud cluster <https://itnext.io/how-to-deploy-a-single-kubernetes-cluster-across-multiple-clouds-using-k3s-and-wireguard-a5ae176a6e81>`_: Tutorial on setting up cross-cloud Kubernetes clusters using Netmaker.
|
||||
|
||||
Basic
|
||||
=====
|
||||
|
||||
Local Network
|
||||
=============
|
||||
|
||||
Site-to-Site
|
||||
============
|
||||
|
||||
Dual Stack with IPv6
|
||||
====================
|
||||
|
||||
Kubernetes Node Network
|
||||
========================
|
||||
|
||||
|
||||
* `K3s Cross-cloud cluster <https://itnext.io/how-to-deploy-a-single-kubernetes-cluster-across-multiple-clouds-using-k3s-and-wireguard-a5ae176a6e81>`_: Tutorial on setting up cross-cloud K3s clusters using Netmaker.
|
||||
* `MicroK8s Cross-cloud cluster <https://itnext.io/how-to-deploy-a-cross-cloud-kubernetes-cluster-with-built-in-disaster-recovery-bbce27fcc9d7>`_: Tutorial on setting up cross-cloud MicroK8s clusters using Netmaker.
|
||||
* `Secure access to private services <https://afeiszli.medium.com/how-to-enable-secure-access-to-your-hosted-services-using-netmaker-and-wireguard-1b3282d4b7aa>`_: Tutorial on setting up secure Nextcloud with Netmaker.
|
Loading…
Reference in a new issue