Skip to main content
All CollectionsEgress Gateways
How to Setup Internet Gw/exit node with netmaker
How to Setup Internet Gw/exit node with netmaker
M
Written by Majid Chebil
Updated over 2 months ago

This guide explains how to set up an Internet Gateway (also known as an Exit Node) using Netmaker to allow network hosts to access the internet through a specific gateway. This is useful for creating a VPN-like network where client traffic is routed through a centralized gateway.

1. Introduction

  • Netmaker Internet Gateways: A Pro-only feature introduced in version 0.23.0 (beta), allowing Linux hosts in a Netmaker network to act as Internet gateways for other hosts.

  • Use Case: Machines connected to the Netmaker mesh can route their traffic through a Linux host, serving as the gateway for internet access.

2. Prerequisites

  • Netmaker installed and running.

  • A network created in Netmaker.

  • A Linux host that will act as the Internet Gateway (Exit Node).

  • Netmaker Remote Access Client (RAC) installed on hosts that need to use the gateway.

3. Setting Up the Internet Gateway for End Users

Step 1: Log into the Netmaker UI

Step 2: Enable the Internet Gateway Host to Act as a Remote Access Gateway

To allow clients to route internet traffic through the Internet Gateway using the Remote Access Client (RAC), configure the internet gateway machine as a Remote Access Gateway (RAG).

Steps:

1. Go to your netmaker network.

2. Go to the Remote Access tab.

3. Click on “Create Gateway”.

4. Select the host that you will use as the internet gateway. For this demo, we will be using the “Internet-Gateway-1” host

5. Select a reliable DNS server to prevent DNS leaks

6. Click on “Create Gateway”.

Step 3: Create a New Internet Gateway

1. Go to the Internet Gateways tab

2. Click on Create Internet Gateway

3. Select the host machine that you specified in step 2

4. Click on “Create Internet Gateway”.

4. Creating and Managing Users

Step 1: Create a service user for remote access to the Internet Gateway.

Navigate to the User Management section.

There are two ways to add users in Netmaker Professional:

  • Basic Auth: Directly create users by specifying their username, password, and any groups or roles.

  • User Invite: Send invitations via email (SMTP setup only required for self-hosted setup). Users receive a link to create their account with pre-assigned roles and groups.

1. Basic Auth: Direct User Creation

Create and Configure User

Service User: Access for operational tasks, primarily for remote access via the RAC app.

netmaker-group-user-grp: Group role for basic resource access.

2. User Invite: Sending Invitations

Create and Configure User

The user will get an email like below

Sign up via invite

There are two options to sign up:

  1. With SSO (Single Sign-On).

  2. By setting a password.

For SSO (Single Sign-On) functionality, your Netmaker server needs to have OAuth configured. Integrating OAuth

Step 2: Connect to the Internet Gateway through the RAC

  1. Accessing RAC using your specified credentials

  2. Click on “Connect

Step 3: Test Access to the Internet via the Internet Gateway

  1. Open a web browser or use the command line.

  2. Visit a known website like "what is my IP" to verify that your public IP address has changed, or run the command nslookup myip.opendns.com resolver1.opendns.com to check your new public IP.

  3. Confirm successful connectivity.

Important Notes

  • To prevent potential conflicts and server downtime, users should not configure the Netmaker server as both the Netmaker service host and the Internet Gateway on the same host.

  • A host can only be connected to one Internet Gateway, and a host connected to an Internet Gateway cannot act as a gateway itself (chaining gateways is not supported).

Did this answer your question?