Do you guys have plan to make a plugin for OPNsense?
Do you guys have plan to make a plugin for OPNsense?
We don't plan to personally maintain one, but there's an open issue on GH if you'd like to draw some attention to it: https://github.com/opnsense/plugins/issues/3094#issuecomment-1234961586
[deleted]
Thanks! We actually are planning a new implementation of STUN on the client, which should make peer discovery a lot better, though it's going to take a couple of months before we release it. There's a lot we can do to make the product work better, especially with local routing. It takes time, but we're always working towards that goal.
I have to say its a awesome solution even for home users like me. I use it as a "VPN" so I can get to my home network while on the road and to connect my office boxes with some NAS's at home so I can vauche for Netmaker to be a great solution for mesh networks+wireguard.
Mark my words, Netmaker is going to be big in notime
Thank you!
So I have an elaborate NFS setup of several VPSs. Earlier I was using NFS over Tailscale, but user space wireguard-go throughput (combined with high CPU usage) meant I could get at most 1/3rd of my bandwidth.
So I went ahead and setup netmaker on one of my distant VPSs and installed the clients on each of my servers.
So far it’s been great, and speeds are what I’d expect.
The only issue is that sometimes two nodes stop communicating with each other. Often deleting the config and recreating the netclient container with a new key will solve the problem but it has been happening a lot.
I've just set up netmaker on a DO instance and have 2 of my networks connected using egress gateways..
Can i run multiple egress gateways on the same network in case on of my hosts goes down?
Also, is it possible to use a pihole / adguard home dns server in the external client Wg config ?
Edit : the upgrade process looks.. well.. a nightmare.. will there be any improvement on this for the next release?
[deleted]
that's great.. and what i already have.. but i want to know (as i've tried and it didn't work) if i can do this with netmaker..
I download the conf file for the external clients, add in the dns line but it's not using my adguard home dns.
FYI you can configure external clients to use your own DNS server: https://docs.netmaker.org/external-clients.html#configuring-dns-for-ext-clients-optional
thank you.. this is what i was missing.
You can have multiple egress gateways on the same network, but you can't load balance them for the same address range. We're working on that for a future release.
As for the upgrade process, it's usually very simple: change image version for server, and upgrade clients. However, this release, we changed something low-level about how client-server communications work. It makes the comms much more reliable, but required some extra upgrade steps.
So i could have multiple egress gateways.. but i'd have to expose a different range on each one?
My range is 192.168.0.0/21
so i couldn't expose that on each egress.. i'd have to have
Yeah pretty much that's the current state. We'd like to have redundancy in place but it's going to take some time.
Just incase anyone else stumbles across this.. i've solved this by having a node on each of my servers.. but only one of them acting as egress.. if i ever have a failure on the node that has egress it's trivial to hit the dashboard and enable another one for egress instead (and disabling the broken one)..
it would be great if this could happen by default like it does with tailscale though!
This is a good feature suggestion, we'll roadmap it.
That would be awesome :)
Is there anywhere i can view th roadmap of the project? Like a public asana or similar?
Thanks for clarifying, I think I'll just have 3 online and then if a host goes down manually enable a different one for egress
RemindMe! 24 Hours
I will be messaging you in 1 day on 2022-10-17 22:52:55 UTC to remind you of this link
2 OTHERS CLICKED THIS LINK to send a PM to also be reminded and to reduce spam.
^(Parent commenter can ) ^(delete this message to hide from others.)
|^(Info)|^(Custom)|^(Your Reminders)|^(Feedback)| |-|-|-|-|
Network graph feature is dope!
[deleted]
You can just run wireguard and use an external client config.. unless you're trying to use a windows host as an ingress / egress gateway..
Personally, i couldn't even download the windows client.. the link is dead in their docs.
[deleted]
so you've done nothing with the information provider and you're all out of ideas? cool
I'm basically contested between this and Headscale.
AFAIK, Netmaker is kernel space WireGuard and TailScale is userspace WireGuard-GO.
The only advantage that Tailscale (and perhaps also Headscale) provides is that it has a TCP fallback mode.
I've just set it up last week for my machines, it is brilliant!
Just as a disclaimer, I'm one of the authors of Netmaker but did not make the video. Just thought it was relevant and wanted to share!
Need some info before I try this.
I hardly use wireguard for client to server VPNs. I use wireguard for mesh VPN between my 4 VPSs with each other, so I can connect the internal docker container IP addresses between the VPS instead of opening the ports on the public ip.
Can I do that with netmaker, or its mainly for client to server usecases?
It’s actually primarily made for mesh, it was made for your usecase
Thanks, will try it today.
Will it help with setting up access to VLANs?
Yup! using an Egress Gateway, you can configure remote access toa VLAN using Netmaker, which they cover in the video.
lmfaooo u sneak dissing??
Looking at relay option, based on docs it seems relay is either relay all or relay none? Can we use; attempt direct connect by all means, if fail then relay logic?
The Relay option actually lets you specify which peers should be relayed, it isn't all or none.
We also have the "failover" feature (in EE) which does what you're suggesting, attempts direct connection, and if it isn't working uses the failover server.
I worded that ambiguously , I meant all or none for the selected peer. How would you enable relay failover for all peers for example?
I failover server is the standard relay server?
Edit: This can all be self hosted, correct? Relay/Admin, etc.
Yes you are correct. For a given peer, it is Relayed for all other peers or none.
For the failover feature, it does it on a p2p basis. So a peer is only routed via the Failover for the specific peer for which it is unreachable.
And yes, all is self-hosted; we don't have a SaaS.