This guide explains how to set up an Internet Gateway (also known as an Exit Node) using Netmaker to allow network hosts to access the internet through a specific gateway. This is useful for creating a VPN-like network where client traffic is routed through a centralized gateway.
1. Introduction
Netmaker Internet Gateways: A Pro-only feature introduced in version 0.23.0 (beta), allowing Linux hosts in a Netmaker network to act as Internet gateways for other hosts.
Use Case: Machines connected to the Netmaker mesh can route their traffic through a Linux host, serving as the gateway for internet access.
2. Prerequisites
Netmaker installed and running.
A network created in Netmaker.
A Linux host that will act as the Internet Gateway (Exit Node).
Netmaker Remote Access Client (RAC) installed on hosts that need to use the gateway.
3. Setting Up the Internet Gateway for End Users
Step 1: Log into the Netmaker UI
Step 2: Enable the Internet Gateway Host to Act as a Remote Access Gateway
To allow clients to route internet traffic through the Internet Gateway using the Remote Access Client (RAC), configure the internet gateway machine as a Remote Access Gateway (RAG).
Steps:
1. Go to your netmaker network.
2. Go to the Remote Access tab.
3. Click on “Create Gateway”.
4. Select the host that you will use as the internet gateway. For this demo, we will be using the “Internet-Gateway-1” host
5. Select a reliable DNS server to prevent DNS leaks
6. Click on “Create Gateway”.
Step 3: Create a New Internet Gateway
1. Go to the Internet Gateways tab
2. Click on Create Internet Gateway
3. Select the host machine that you specified in step 2
4. Click on “Create Internet Gateway”.
4. Creating and Managing Users
Step 1: Create a service user for remote access to the Internet Gateway.
Navigate to the User Management section.
There are two ways to add users in Netmaker Professional:
Basic Auth: Directly create users by specifying their username, password, and any groups or roles.
User Invite: Send invitations via email (SMTP setup only required for self-hosted setup). Users receive a link to create their account with pre-assigned roles and groups.
1. Basic Auth: Direct User Creation
Create and Configure User
Service User: Access for operational tasks, primarily for remote access via the RAC app.
netmaker-group-user-grp: Group role for basic resource access.
2. User Invite: Sending Invitations
Create and Configure User
The user will get an email like below
Sign up via invite
There are two options to sign up:
With SSO (Single Sign-On).
By setting a password.
For SSO (Single Sign-On) functionality, your Netmaker server needs to have OAuth configured. Integrating OAuth
Step 2: Connect to the Internet Gateway through the RAC
Accessing RAC using your specified credentials
Click on “Connect”
Step 3: Test Access to the Internet via the Internet Gateway
Open a web browser or use the command line.
Visit a known website like "what is my IP" to verify that your public IP address has changed, or run the command
nslookup myip.opendns.com resolver1.opendns.comto check your new public IP.Confirm successful connectivity.
Important Notes
To prevent potential conflicts and server downtime, users should not configure the Netmaker server as both the Netmaker service host and the Internet Gateway on the same host.
A host can only be connected to one Internet Gateway, and a host connected to an Internet Gateway cannot act as a gateway itself (chaining gateways is not supported).