mirror of
				https://github.com/gravitl/netmaker.git
				synced 2025-10-26 05:56:36 +08:00 
			
		
		
		
	
		
			
				
	
	
		
			548 lines
		
	
	
		
			No EOL
		
	
	
		
			26 KiB
		
	
	
	
		
			HTML
		
	
	
	
	
	
			
		
		
	
	
			548 lines
		
	
	
		
			No EOL
		
	
	
		
			26 KiB
		
	
	
	
		
			HTML
		
	
	
	
	
	
| 
 | |
| <!DOCTYPE html>
 | |
| 
 | |
| <html>
 | |
|   <head>
 | |
|     <meta charset="utf-8" />
 | |
|     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
 | |
|   <meta name="viewport" content="width=device-width,initial-scale=1">
 | |
|   <meta http-equiv="x-ua-compatible" content="ie=edge">
 | |
|   <meta name="lang:clipboard.copy" content="Copy to clipboard">
 | |
|   <meta name="lang:clipboard.copied" content="Copied to clipboard">
 | |
|   <meta name="lang:search.language" content="en">
 | |
|   <meta name="lang:search.pipeline.stopwords" content="True">
 | |
|   <meta name="lang:search.pipeline.trimmer" content="True">
 | |
|   <meta name="lang:search.result.none" content="No matching documents">
 | |
|   <meta name="lang:search.result.one" content="1 matching document">
 | |
|   <meta name="lang:search.result.other" content="# matching documents">
 | |
|   <meta name="lang:search.tokenizer" content="[\s\-]+">
 | |
| 
 | |
|   
 | |
|     <link href="https://fonts.gstatic.com/" rel="preconnect" crossorigin>
 | |
|     <link href="https://fonts.googleapis.com/css?family=Roboto+Mono:400,500,700|Roboto:300,400,400i,700&display=fallback" rel="stylesheet">
 | |
| 
 | |
|     <style>
 | |
|       body,
 | |
|       input {
 | |
|         font-family: "Roboto", "Helvetica Neue", Helvetica, Arial, sans-serif
 | |
|       }
 | |
| 
 | |
|       code,
 | |
|       kbd,
 | |
|       pre {
 | |
|         font-family: "Roboto Mono", "Courier New", Courier, monospace
 | |
|       }
 | |
|     </style>
 | |
|   
 | |
| 
 | |
|   <link rel="stylesheet" href="_static/stylesheets/application.css"/>
 | |
|   <link rel="stylesheet" href="_static/stylesheets/application-palette.css"/>
 | |
|   <link rel="stylesheet" href="_static/stylesheets/application-fixes.css"/>
 | |
|   
 | |
|   <link rel="stylesheet" href="_static/fonts/material-icons.css"/>
 | |
|   
 | |
|   <meta name="theme-color" content="#3f51b5">
 | |
|   <script src="_static/javascripts/modernizr.js"></script>
 | |
|   
 | |
|   
 | |
|   
 | |
|     <title>Egress Gateway — Netmaker 0.10.0 documentation</title>
 | |
|     <link rel="stylesheet" type="text/css" href="_static/pygments.css" />
 | |
|     <link rel="stylesheet" type="text/css" href="_static/material.css" />
 | |
|     <script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>
 | |
|     <script src="_static/jquery.js"></script>
 | |
|     <script src="_static/underscore.js"></script>
 | |
|     <script src="_static/doctools.js"></script>
 | |
|     <link rel="author" title="About these documents" href="about.html" />
 | |
|     <link rel="index" title="Index" href="genindex.html" />
 | |
|     <link rel="search" title="Search" href="search.html" />
 | |
|     <link rel="next" title="Relay Servers" href="relay-server.html" />
 | |
|     <link rel="prev" title="Ingress + External Clients" href="external-clients.html" />
 | |
|   
 | |
|    
 | |
| 
 | |
|   </head>
 | |
|   <body dir=ltr
 | |
|         data-md-color-primary=indigo data-md-color-accent=light-blue>
 | |
|   
 | |
|   <svg class="md-svg">
 | |
|     <defs data-children-count="0">
 | |
|       
 | |
|       <svg xmlns="http://www.w3.org/2000/svg" width="416" height="448" viewBox="0 0 416 448" id="__github"><path fill="currentColor" d="M160 304q0 10-3.125 20.5t-10.75 19T128 352t-18.125-8.5-10.75-19T96 304t3.125-20.5 10.75-19T128 256t18.125 8.5 10.75 19T160 304zm160 0q0 10-3.125 20.5t-10.75 19T288 352t-18.125-8.5-10.75-19T256 304t3.125-20.5 10.75-19T288 256t18.125 8.5 10.75 19T320 304zm40 0q0-30-17.25-51T296 232q-10.25 0-48.75 5.25Q229.5 240 208 240t-39.25-2.75Q130.75 232 120 232q-29.5 0-46.75 21T56 304q0 22 8 38.375t20.25 25.75 30.5 15 35 7.375 37.25 1.75h42q20.5 0 37.25-1.75t35-7.375 30.5-15 20.25-25.75T360 304zm56-44q0 51.75-15.25 82.75-9.5 19.25-26.375 33.25t-35.25 21.5-42.5 11.875-42.875 5.5T212 416q-19.5 0-35.5-.75t-36.875-3.125-38.125-7.5-34.25-12.875T37 371.5t-21.5-28.75Q0 312 0 260q0-59.25 34-99-6.75-20.5-6.75-42.5 0-29 12.75-54.5 27 0 47.5 9.875t47.25 30.875Q171.5 96 212 96q37 0 70 8 26.25-20.5 46.75-30.25T376 64q12.75 25.5 12.75 54.5 0 21.75-6.75 42 34 40 34 99.5z"/></svg>
 | |
|       
 | |
|     </defs>
 | |
|   </svg>
 | |
|   
 | |
|   <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer">
 | |
|   <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search">
 | |
|   <label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
 | |
|   <a href="#egress-gateway" tabindex="1" class="md-skip"> Skip to content </a>
 | |
|   <header class="md-header" data-md-component="header">
 | |
|   <nav class="md-header-nav md-grid">
 | |
|     <div class="md-flex navheader">
 | |
|       <div class="md-flex__cell md-flex__cell--shrink">
 | |
|         <a href="index.html" title="Netmaker 0.10.0 documentation"
 | |
|            class="md-header-nav__button md-logo">
 | |
|           
 | |
|             <i class="md-icon"></i>
 | |
|           
 | |
|         </a>
 | |
|       </div>
 | |
|       <div class="md-flex__cell md-flex__cell--shrink">
 | |
|         <label class="md-icon md-icon--menu md-header-nav__button" for="__drawer"></label>
 | |
|       </div>
 | |
|       <div class="md-flex__cell md-flex__cell--stretch">
 | |
|         <div class="md-flex__ellipsis md-header-nav__title" data-md-component="title">
 | |
|           <span class="md-header-nav__topic">Netmaker Docs</span>
 | |
|           <span class="md-header-nav__topic"> Egress Gateway </span>
 | |
|         </div>
 | |
|       </div>
 | |
|       <div class="md-flex__cell md-flex__cell--shrink">
 | |
|         <label class="md-icon md-icon--search md-header-nav__button" for="__search"></label>
 | |
|         
 | |
| <div class="md-search" data-md-component="search" role="dialog">
 | |
|   <label class="md-search__overlay" for="__search"></label>
 | |
|   <div class="md-search__inner" role="search">
 | |
|     <form class="md-search__form" action="search.html" method="get" name="search">
 | |
|       <input type="text" class="md-search__input" name="q" placeholder="Search"
 | |
|              autocapitalize="off" autocomplete="off" spellcheck="false"
 | |
|              data-md-component="query" data-md-state="active">
 | |
|       <label class="md-icon md-search__icon" for="__search"></label>
 | |
|       <button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
 | |
|         
 | |
|       </button>
 | |
|     </form>
 | |
|     <div class="md-search__output">
 | |
|       <div class="md-search__scrollwrap" data-md-scrollfix>
 | |
|         <div class="md-search-result" data-md-component="result">
 | |
|           <div class="md-search-result__meta">
 | |
|             Type to start searching
 | |
|           </div>
 | |
|           <ol class="md-search-result__list"></ol>
 | |
|         </div>
 | |
|       </div>
 | |
|     </div>
 | |
|   </div>
 | |
| </div>
 | |
| 
 | |
|       </div>
 | |
|       
 | |
|         <div class="md-flex__cell md-flex__cell--shrink">
 | |
|           <div class="md-header-nav__source">
 | |
|             <a href="https://github.com/gravitl/netmaker/" title="Go to repository" class="md-source" data-md-source="github">
 | |
| 
 | |
|     <div class="md-source__icon">
 | |
|       <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 24 24" width="28" height="28">
 | |
|         <use xlink:href="#__github" width="24" height="24"></use>
 | |
|       </svg>
 | |
|     </div>
 | |
|   
 | |
|   <div class="md-source__repository">
 | |
|     Netmaker
 | |
|   </div>
 | |
| </a>
 | |
|           </div>
 | |
|         </div>
 | |
|       
 | |
|       
 | |
|   
 | |
|   <script src="_static/javascripts/version_dropdown.js"></script>
 | |
|   <script>
 | |
|     var json_loc = ""versions.json"",
 | |
|         target_loc = "../",
 | |
|         text = "Versions";
 | |
|     $( document ).ready( add_version_dropdown(json_loc, target_loc, text));
 | |
|   </script>
 | |
|   
 | |
| 
 | |
|     </div>
 | |
|   </nav>
 | |
| </header>
 | |
| 
 | |
|   
 | |
|   <div class="md-container">
 | |
|     
 | |
|     
 | |
|     
 | |
|   <nav class="md-tabs" data-md-component="tabs">
 | |
|     <div class="md-tabs__inner md-grid">
 | |
|       <ul class="md-tabs__list">
 | |
|           <li class="md-tabs__item"><a href="index.html" class="md-tabs__link">Netmaker 0.10.0 documentation</a></li>
 | |
|       </ul>
 | |
|     </div>
 | |
|   </nav>
 | |
|     <main class="md-main">
 | |
|       <div class="md-main__inner md-grid" data-md-component="container">
 | |
|         
 | |
|           <div class="md-sidebar md-sidebar--primary" data-md-component="navigation">
 | |
|             <div class="md-sidebar__scrollwrap">
 | |
|               <div class="md-sidebar__inner">
 | |
|                 <nav class="md-nav md-nav--primary" data-md-level="0">
 | |
|   <label class="md-nav__title md-nav__title--site" for="__drawer">
 | |
|     <a href="index.html" title="Netmaker 0.10.0 documentation" class="md-nav__button md-logo">
 | |
|       
 | |
|         <i class="md-icon"></i>
 | |
|       
 | |
|     </a>
 | |
|     <a href="index.html"
 | |
|        title="Netmaker 0.10.0 documentation">Netmaker Docs</a>
 | |
|   </label>
 | |
|     <div class="md-nav__source">
 | |
|       <a href="https://github.com/gravitl/netmaker/" title="Go to repository" class="md-source" data-md-source="github">
 | |
| 
 | |
|     <div class="md-source__icon">
 | |
|       <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 24 24" width="28" height="28">
 | |
|         <use xlink:href="#__github" width="24" height="24"></use>
 | |
|       </svg>
 | |
|     </div>
 | |
|   
 | |
|   <div class="md-source__repository">
 | |
|     Netmaker
 | |
|   </div>
 | |
| </a>
 | |
|     </div>
 | |
|   
 | |
|   
 | |
| 
 | |
|   
 | |
|   <ul class="md-nav__list">
 | |
|     <li class="md-nav__item">
 | |
|     
 | |
|     
 | |
|       <a href="about.html" class="md-nav__link">About</a>
 | |
|       
 | |
|     
 | |
|     </li>
 | |
|     <li class="md-nav__item">
 | |
|     
 | |
|     
 | |
|       <a href="architecture.html" class="md-nav__link">Architecture</a>
 | |
|       
 | |
|     
 | |
|     </li>
 | |
|     <li class="md-nav__item">
 | |
|     
 | |
|     
 | |
|       <a href="install.html" class="md-nav__link">Install</a>
 | |
|       
 | |
|     
 | |
|     </li>
 | |
|     <li class="md-nav__item">
 | |
|     
 | |
|     
 | |
|       <a href="quick-start.html" class="md-nav__link">Quick Install</a>
 | |
|       
 | |
|     
 | |
|     </li>
 | |
|     <li class="md-nav__item">
 | |
|     
 | |
|     
 | |
|       <a href="getting-started.html" class="md-nav__link">Getting Started</a>
 | |
|       
 | |
|     
 | |
|     </li>
 | |
|     <li class="md-nav__item">
 | |
|     
 | |
|     
 | |
|       <a href="external-clients.html" class="md-nav__link">Ingress + External Clients</a>
 | |
|       
 | |
|     
 | |
|     </li>
 | |
|     <li class="md-nav__item">
 | |
|     
 | |
|     
 | |
|     <input class="md-toggle md-nav__toggle" data-md-toggle="toc" type="checkbox" id="__toc">
 | |
|     <label class="md-nav__link md-nav__link--active" for="__toc"> Egress Gateway </label>
 | |
|     
 | |
|       <a href="#" class="md-nav__link md-nav__link--active">Egress Gateway</a>
 | |
|       
 | |
|         
 | |
| <nav class="md-nav md-nav--secondary">
 | |
|     <label class="md-nav__title" for="__toc">Contents</label>
 | |
|   <ul class="md-nav__list" data-md-scrollfix="">
 | |
|         <li class="md-nav__item"><a href="#egress-gateway--page-root" class="md-nav__link">Egress Gateway</a><nav class="md-nav">
 | |
|               <ul class="md-nav__list">
 | |
|         <li class="md-nav__item"><a href="#introduction" class="md-nav__link">Introduction</a>
 | |
|         </li>
 | |
|         <li class="md-nav__item"><a href="#configuring-an-egress-gateway" class="md-nav__link">Configuring an Egress Gateway</a>
 | |
|         </li>
 | |
|         <li class="md-nav__item"><a href="#use-cases" class="md-nav__link">Use Cases</a><nav class="md-nav">
 | |
|               <ul class="md-nav__list">
 | |
|         <li class="md-nav__item"><a href="#remote-access" class="md-nav__link">1) Remote Access</a>
 | |
|         </li>
 | |
|         <li class="md-nav__item"><a href="#vpn-nat-gateway" class="md-nav__link">2) VPN / NAT Gateway</a>
 | |
|         </li></ul>
 | |
|             </nav>
 | |
|         </li></ul>
 | |
|             </nav>
 | |
|         </li>
 | |
|   </ul>
 | |
| </nav>
 | |
|       <ul class="md-nav__list"> 
 | |
|     <li class="md-nav__item">
 | |
|     
 | |
|     
 | |
|       <a href="#introduction" class="md-nav__link">Introduction</a>
 | |
|       
 | |
|     
 | |
|     </li>
 | |
|     <li class="md-nav__item">
 | |
|     
 | |
|     
 | |
|       <a href="#configuring-an-egress-gateway" class="md-nav__link">Configuring an Egress Gateway</a>
 | |
|       
 | |
|     
 | |
|     </li>
 | |
|     <li class="md-nav__item">
 | |
|     
 | |
|     
 | |
|       <a href="#use-cases" class="md-nav__link">Use Cases</a>
 | |
|       
 | |
|     
 | |
|     </li></ul>
 | |
|     
 | |
|     </li>
 | |
|     <li class="md-nav__item">
 | |
|     
 | |
|     
 | |
|       <a href="relay-server.html" class="md-nav__link">Relay Servers</a>
 | |
|       
 | |
|     
 | |
|     </li>
 | |
|     <li class="md-nav__item">
 | |
|     
 | |
|     
 | |
|       <a href="https://k8s.netmaker.org" class="md-nav__link">Kubernetes</a>
 | |
|       
 | |
|     
 | |
|     </li>
 | |
|     <li class="md-nav__item">
 | |
|     
 | |
|     
 | |
|       <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
 | |
|       
 | |
|     
 | |
|     </li>
 | |
|     <li class="md-nav__item">
 | |
|     
 | |
|     
 | |
|       <a href="client-installation.html" class="md-nav__link">Advanced Client Installation</a>
 | |
|       
 | |
|     
 | |
|     </li>
 | |
|     <li class="md-nav__item">
 | |
|     
 | |
|     
 | |
|       <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
 | |
|       
 | |
|     
 | |
|     </li>
 | |
|     <li class="md-nav__item">
 | |
|     
 | |
|     
 | |
|       <a href="usage.html" class="md-nav__link">External Guides</a>
 | |
|       
 | |
|     
 | |
|     </li>
 | |
|     <li class="md-nav__item">
 | |
|     
 | |
|     
 | |
|       <a href="ui-reference.html" class="md-nav__link">UI Reference</a>
 | |
|       
 | |
|     
 | |
|     </li>
 | |
|     <li class="md-nav__item">
 | |
|     
 | |
|     
 | |
|       <a href="api.html" class="md-nav__link">API Reference</a>
 | |
|       
 | |
|     
 | |
|     </li>
 | |
|     <li class="md-nav__item">
 | |
|     
 | |
|     
 | |
|       <a href="upgrades.html" class="md-nav__link">Upgrades</a>
 | |
|       
 | |
|     
 | |
|     </li>
 | |
|     <li class="md-nav__item">
 | |
|     
 | |
|     
 | |
|       <a href="troubleshoot.html" class="md-nav__link">Troubleshooting</a>
 | |
|       
 | |
|     
 | |
|     </li>
 | |
|     <li class="md-nav__item">
 | |
|     
 | |
|     
 | |
|       <a href="support.html" class="md-nav__link">Support</a>
 | |
|       
 | |
|     
 | |
|     </li>
 | |
|     <li class="md-nav__item">
 | |
|     
 | |
|     
 | |
|       <a href="conduct.html" class="md-nav__link">Code of Conduct</a>
 | |
|       
 | |
|     
 | |
|     </li>
 | |
|     <li class="md-nav__item">
 | |
|     
 | |
|     
 | |
|       <a href="license.html" class="md-nav__link">License</a>
 | |
|       
 | |
|     
 | |
|     </li>
 | |
|   </ul>
 | |
|   
 | |
| 
 | |
| </nav>
 | |
|               </div>
 | |
|             </div>
 | |
|           </div>
 | |
|           <div class="md-sidebar md-sidebar--secondary" data-md-component="toc">
 | |
|             <div class="md-sidebar__scrollwrap">
 | |
|               <div class="md-sidebar__inner">
 | |
|                 
 | |
| <nav class="md-nav md-nav--secondary">
 | |
|     <label class="md-nav__title" for="__toc">Contents</label>
 | |
|   <ul class="md-nav__list" data-md-scrollfix="">
 | |
|         <li class="md-nav__item"><a href="#egress-gateway--page-root" class="md-nav__link">Egress Gateway</a><nav class="md-nav">
 | |
|               <ul class="md-nav__list">
 | |
|         <li class="md-nav__item"><a href="#introduction" class="md-nav__link">Introduction</a>
 | |
|         </li>
 | |
|         <li class="md-nav__item"><a href="#configuring-an-egress-gateway" class="md-nav__link">Configuring an Egress Gateway</a>
 | |
|         </li>
 | |
|         <li class="md-nav__item"><a href="#use-cases" class="md-nav__link">Use Cases</a><nav class="md-nav">
 | |
|               <ul class="md-nav__list">
 | |
|         <li class="md-nav__item"><a href="#remote-access" class="md-nav__link">1) Remote Access</a>
 | |
|         </li>
 | |
|         <li class="md-nav__item"><a href="#vpn-nat-gateway" class="md-nav__link">2) VPN / NAT Gateway</a>
 | |
|         </li></ul>
 | |
|             </nav>
 | |
|         </li></ul>
 | |
|             </nav>
 | |
|         </li>
 | |
|   </ul>
 | |
| </nav>
 | |
|               </div>
 | |
|             </div>
 | |
|           </div>
 | |
|         
 | |
|         <div class="md-content">
 | |
|           <article class="md-content__inner md-typeset" role="main">
 | |
|             
 | |
|   
 | |
| <h1 id="egress-gateway--page-root">Egress Gateway<a class="headerlink" href="#egress-gateway--page-root" title="Permalink to this headline">¶</a></h1>
 | |
| 
 | |
| <h2 id="introduction">Introduction<a class="headerlink" href="#introduction" title="Permalink to this headline">¶</a></h2>
 | |
| <a class="reference internal image-reference" href="_images/egress1.png"><img alt="Gateway" class="align-center" src="_images/egress1.png" style="width: 80%;"/></a>
 | |
| <p>Netmaker allows your clients to reach external networks via an Egress Gateway. The Egress Gateway is a netclient which has been deployed to a server or router with access to a given subnet.</p>
 | |
| <p>In the netmaker UI, that node is set as an “egress gateway.” Range(s) are specified which this node has access to. Once created, all clients (and all new ext clients) in the network will be able to reach those ranges via the gateway.</p>
 | |
| 
 | |
| 
 | |
| <h2 id="configuring-an-egress-gateway">Configuring an Egress Gateway<a class="headerlink" href="#configuring-an-egress-gateway" title="Permalink to this headline">¶</a></h2>
 | |
| <p>Configuring an Egress Gateway is very straight forward. As a prerequisite, you must know what you are trying to access remotely. For instance:</p>
 | |
| <ul class="simple">
 | |
| <li><p>a VPC</p></li>
 | |
| <li><p>a Kubernetes network</p></li>
 | |
| <li><p>a home network</p></li>
 | |
| <li><p>an office network</p></li>
 | |
| <li><p>a data center</p></li>
 | |
| </ul>
 | |
| <p>After you have determined this, you must next deploy a netclient in a compatible location where the network is accessible. For instance, a Linux server or router in the office, or a Kubernetes worker node. This machine should be stable and relatively static (not expected to change its IP frequently or shut down unexpectedly).</p>
 | |
| <p>Next, you must determine which interface to use in order to reach the internal network. As an example, lets say there is a machine in the network at 10.10.10.2, and you have deployed the netclient on a different machine. You can run</p>
 | |
| <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">ip</span> <span class="n">route</span> <span class="n">get</span> <span class="mf">10.10</span><span class="o">.</span><span class="mf">10.2</span>
 | |
| </pre></div>
 | |
| </div>
 | |
| <p>This should return the interface used to reach that address (e.x. “eth2”)</p>
 | |
| <p>Finally, once you have determined the interface, the subnet, and deployed your netclient, you can go to your Netmaker UI and set the node as a gateway.</p>
 | |
| <a class="reference internal image-reference" href="_images/egress7.png"><img alt="Gateway" class="align-center" src="_images/egress7.png" style="width: 80%;"/></a>
 | |
| <p>At this point simply insert the range(s) into the first field, and the interface name into the second field, and click “create”.</p>
 | |
| <a class="reference internal image-reference" href="_images/ui-6.jpg"><img alt="Gateway" class="align-center" src="_images/ui-6.jpg" style="width: 80%;"/></a>
 | |
| <p>Netmaker will set iptables rules on the node, which will then implement these rules, allowing it to route traffic from the network to the specified range(s).</p>
 | |
| 
 | |
| 
 | |
| <h2 id="use-cases">Use Cases<a class="headerlink" href="#use-cases" title="Permalink to this headline">¶</a></h2>
 | |
| 
 | |
| <h3 id="remote-access">1) Remote Access<a class="headerlink" href="#remote-access" title="Permalink to this headline">¶</a></h3>
 | |
| <p>A common scenario would be to combine this with an “Ingress Gateway” to create a simple method for accessing a home or office network. Such a setup would typically have only two nodes: the ingress and egress gateways. The Ingress Gateway should usually be globally accessible, which makes the Netmaker server itself a good candidate. This means you need only the netmaker server as the Ingress, and one additional machine (in the private network you wish to reach), as the Egress.</p>
 | |
| <a class="reference internal image-reference" href="_images/egress2.png"><img alt="Gateway" class="align-center" src="_images/egress2.png" style="width: 80%;"/></a>
 | |
| <p>In some scenarios, a single node will act as both ingress and egress! For instance, you can enable acess to a VPC using your Netmaker server, deployed with a public IP. Traffic comes in over the public IP (encrypted of course) and then routes to the VPC subnet via the egress gateway.</p>
 | |
| <a class="reference internal image-reference" href="_images/egress3.png"><img alt="Gateway" class="align-center" src="_images/egress3.png" style="width: 50%;"/></a>
 | |
| 
 | |
| 
 | |
| <h3 id="vpn-nat-gateway">2) VPN / NAT Gateway<a class="headerlink" href="#vpn-nat-gateway" title="Permalink to this headline">¶</a></h3>
 | |
| <p>Most people think of a VPN as a remote server that keeps your internet traffic secure while you browse the web, or as a tool for accessing internet services in another country,using a VPN server based in that country.</p>
 | |
| <p>These are not typical use cases for Netmaker, but can be easily enabled.</p>
 | |
| <p><strong>The most important note is this: Do not use 0.0.0.0/0 as your egress gateway.</strong> This is how you typically set up a “standard” VPN with WireGuard, however, it will not work with Netmaker. The Netclient specifically ignores gateways that overlap with local ranges (for efficiency ranges). 0.0.0.0 overlaps with everything, so it is always ignored.</p>
 | |
| <p>Instead, use the following list of ranges:</p>
 | |
| <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="mf">0.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">5</span><span class="p">,</span><span class="mf">8.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">7</span><span class="p">,</span><span class="mf">11.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">8</span><span class="p">,</span><span class="mf">12.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">6</span><span class="p">,</span><span class="mf">16.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">4</span><span class="p">,</span><span class="mf">32.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">3</span><span class="p">,</span><span class="mf">64.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">2</span><span class="p">,</span><span class="mf">128.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">3</span><span class="p">,</span><span class="mf">160.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">5</span><span class="p">,</span><span class="mf">168.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">6</span><span class="p">,</span><span class="mf">172.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">12</span><span class="p">,</span><span class="mf">172.32</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">11</span><span class="p">,</span><span class="mf">172.64</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">10</span><span class="p">,</span><span class="mf">172.128</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">9</span><span class="p">,</span><span class="mf">173.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">8</span><span class="p">,</span><span class="mf">174.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">7</span><span class="p">,</span><span class="mf">176.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">4</span><span class="p">,</span><span class="mf">192.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">9</span><span class="p">,</span><span class="mf">192.128</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">11</span><span class="p">,</span><span class="mf">192.160</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">13</span><span class="p">,</span><span class="mf">192.169</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">16</span><span class="p">,</span><span class="mf">192.170</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">15</span><span class="p">,</span><span class="mf">192.172</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">14</span><span class="p">,</span><span class="mf">192.176</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">12</span><span class="p">,</span><span class="mf">192.192</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">10</span><span class="p">,</span><span class="mf">193.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">8</span><span class="p">,</span><span class="mf">194.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">7</span><span class="p">,</span><span class="mf">196.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">6</span><span class="p">,</span><span class="mf">200.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">5</span><span class="p">,</span><span class="mf">208.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">4</span>
 | |
| </pre></div>
 | |
| </div>
 | |
| <p>This list encompasses the standard “public” network ranges, and ignores the standard “private” network ranges.</p>
 | |
| <p>Simply paste this list into your “egress gateway ranges” and your clients should begin routing public-facing traffic over the gateway.</p>
 | |
| <a class="reference internal image-reference" href="_images/egress5.png"><img alt="Gateway" class="align-center" src="_images/egress5.png" style="width: 50%;"/></a>
 | |
| 
 | |
| 
 | |
| 
 | |
| 
 | |
| 
 | |
|           </article>
 | |
|         </div>
 | |
|       </div>
 | |
|     </main>
 | |
|   </div>
 | |
|   <footer class="md-footer">
 | |
|     <div class="md-footer-nav">
 | |
|       <nav class="md-footer-nav__inner md-grid">
 | |
|           
 | |
|             <a href="external-clients.html" title="Ingress + External Clients"
 | |
|                class="md-flex md-footer-nav__link md-footer-nav__link--prev"
 | |
|                rel="prev">
 | |
|               <div class="md-flex__cell md-flex__cell--shrink">
 | |
|                 <i class="md-icon md-icon--arrow-back md-footer-nav__button"></i>
 | |
|               </div>
 | |
|               <div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
 | |
|                 <span class="md-flex__ellipsis">
 | |
|                   <span
 | |
|                       class="md-footer-nav__direction"> Previous </span> Ingress + External Clients </span>
 | |
|               </div>
 | |
|             </a>
 | |
|           
 | |
|           
 | |
|             <a href="relay-server.html" title="Relay Servers"
 | |
|                class="md-flex md-footer-nav__link md-footer-nav__link--next"
 | |
|                rel="next">
 | |
|             <div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title"><span
 | |
|                 class="md-flex__ellipsis"> <span
 | |
|                 class="md-footer-nav__direction"> Next </span> Relay Servers </span>
 | |
|             </div>
 | |
|             <div class="md-flex__cell md-flex__cell--shrink"><i
 | |
|                 class="md-icon md-icon--arrow-forward md-footer-nav__button"></i>
 | |
|             </div>
 | |
|           
 | |
|         </a>
 | |
|         
 | |
|       </nav>
 | |
|     </div>
 | |
|     <div class="md-footer-meta md-typeset">
 | |
|       <div class="md-footer-meta__inner md-grid">
 | |
|         <div class="md-footer-copyright">
 | |
|           <div class="md-footer-copyright__highlight">
 | |
|               © Copyright 2021, Alex Feiszli.
 | |
|               
 | |
|           </div>
 | |
|             Created using
 | |
|             <a href="http://www.sphinx-doc.org/">Sphinx</a> 4.3.0.
 | |
|              and
 | |
|             <a href="https://github.com/bashtage/sphinx-material/">Material for
 | |
|               Sphinx</a>
 | |
|         </div>
 | |
|       </div>
 | |
|     </div>
 | |
|   </footer>
 | |
|   <script src="_static/javascripts/application.js"></script>
 | |
|   <script>app.initialize({version: "1.0.4", url: {base: ".."}})</script>
 | |
|   </body>
 | |
| </html> |