Netmaker is a tool for creating and managing virtual networks

Related tags

Network netmaker
Overview

Connect any computers together over a secure, fast, private network, and manage multiple networks from a central server.

What is Netmaker?

Netmaker is a tool for creating and managing virtual networks. The goal is to make virtual/overlay/mesh networking easy for non-networking people. It should be like clicking a button. Netmaker consists of a server, an agent, and a UI. You spin up the Netmaker server and then install netclient (the agent) on your computers. Netmaker will do the rest. It will tell all of your computers how to reach each other and will keep them informed of any changes to the network.

Netmaker's handy dandy UI can be found here.

Under the hood, Netmaker uses WireGuard to create encrypted tunnels between every node in your virtual network, creating a full mesh overlay. Netmaker takes the work out of manually configuring machines with WireGuard and updating them every time you have a change in your network. The netclient agent is self-updating and pulls any necessary changes (such as new peers) from the server.

Why Netmaker?

  1. Create a flat, secure network between multiple/hybrid cloud environments
  2. Integrate central and edge services
  3. Secure a home or office network while providing remote connectivity
  4. Manage cryptocurrency proof-of-stake machines
  5. Provide an additional layer of security on an existing network
  6. Encrypt Kubernetes inter-node communications
  7. Secure site-to-site connections

Compatible Systems

Netmaker works on most linux systems that have systemd. It works with Fedora, Ubuntu, and Raspian. Just make sure you have WireGuard installed. Having a problem? Open an issue or Contact us.

In future releases, we have plans to support other platforms such as Windows and MacOS.

Docs

For more information, please read the docs, or check out the Quick Start below:

Quick Start

Video Tutorial

Prereqs:

  1. A server with an IP reachable by your computers (a small ec2 instance or droplet would do just fine).
  2. Linux installed on the above server (we use Ubuntu, but anything that runs Docker should work).
  3. Install Docker (can run without Docker as well, but is not preferred. If this is a requirement, view the Advanced Usage docs).

Launch Netmaker:

  1. Clone this repo or just copy contents of "docker-compose.yml" to your Netmaker server (from prereqs).
  2. In docker-compose.yml, change BACKEND_URL to the public IP ofthat machine.
  3. Run sudo docker-compose up
  4. Navigate to your server's IP in the browser and you should see the Netmaker UI asking to create a new admin user.
  5. Create a new admin user
  6. . Click "Create Network" and fill out the details
  7. You are now ready to begin using Netmaker. Create a key or enable manual node sign up so that your nodes can connect.

On your machines :

Run the following: curl -sfL https://raw.githubusercontent.com/gravitl/netmaker/v0.1/netclient-install.sh | SERVER_URL=:50051 NET_NAME= KEY= sh -
(Note: Key can be left out if manual node signup is enabled)

LICENSE

Netmaker's source code and all artifacts in this repository are freely available. All versions are published under the Server Side Public License (SSPL), version 1, which can be found under the "licensing" directory: LICENSE.txt.

CONTACT

Email: [email protected]
Discord: https://discord.gg/zRb9Vfhk8A

Comments
  • Nobody can ping anybody, including netmaker

    Nobody can ping anybody, including netmaker

    Hi, standard AWS setup as per the docs, on an EC2 Micro 20.04.2 instance. DNS, dashboard etc. are working. Tunnels are up, but no-one can ping anyone. Even on the netmaker server:

    $ ping 10.20.32.4
    PING 10.20.32.4 (10.20.32.4) 56(84) bytes of data.
    From 10.20.32.1 icmp_seq=1 Destination Host Unreachable
    ping: sendmsg: Destination address required
    From 10.20.32.1 icmp_seq=2 Destination Host Unreachable
    ping: sendmsg: Destination address required
    From 10.20.32.1 icmp_seq=3 Destination Host Unreachable
    ping: sendmsg: Destination address required
    

    My docker-compose.yml:

    version: "3.4"
    
    services:
      netmaker:
        container_name: netmaker
        image: gravitl/netmaker:v0.9.1
        volumes:
          - /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket
          - /run/systemd/system:/run/systemd/system
          - /etc/systemd/system:/etc/systemd/system
          - /sys/fs/cgroup:/sys/fs/cgroup
          - /usr/bin/wg:/usr/bin/wg
          - dnsconfig:/root/config/dnsconfig
          - sqldata:/root/data
        cap_add:
          - NET_ADMIN
          - SYS_ADMIN
        restart: always
        network_mode: host
        privileged: true
        environment:
          SERVER_HOST: "<public IP>"
          SERVER_API_CONN_STRING: "api.netmaker.<domain>.com:443"
          SERVER_GRPC_CONN_STRING: "grpc.netmaker.<domain>.com:443"
          COREDNS_ADDR: "<public IP>"
          GRPC_SSL: "on"
          DNS_MODE: "on"
          SERVER_HTTP_HOST: "api.netmaker.<domain>.com"
          SERVER_GRPC_HOST: "grpc.netmaker.<domain>.com"
          API_PORT: "8081"
          GRPC_PORT: "50051"
          CLIENT_MODE: "on"
          MASTER_KEY: "<key>"
          SERVER_GRPC_WIREGUARD: "off"
          CORS_ALLOWED_ORIGIN: "*"
          DATABASE: "sqlite"
          NODE_ID: "netmaker-server-1"
          AUTH_PROVIDER: "google"
          CLIENT_ID: "<id>.apps.googleusercontent.com"
          CLIENT_SECRET: "<secret>"
          SERVER_HTTP_HOST: "api.netmaker.<domain>.com"
          FRONTEND_URL: "https://dashboard.netmaker.<domain>.com"
      netmaker-ui:
        container_name: netmaker-ui
        depends_on:
          - netmaker
        image: gravitl/netmaker-ui:v0.9.1
        links:
          - "netmaker:api"
        ports:
          - "8082:80"
        environment:
          BACKEND_URL: "https://api.netmaker.<domain>.com"
        restart: always
      coredns:
        depends_on:
          - netmaker
        image: coredns/coredns
        command: -conf /root/dnsconfig/Corefile
        container_name: coredns
        restart: always
        ports:
          - "<EC2 private IP>:53/udp"
          - "<EC2 private IP>:53/tcp"
        volumes:
          - dnsconfig:/root/dnsconfig
      caddy:
        image: caddy:latest
        container_name: caddy
        restart: unless-stopped
        network_mode: host # Wants ports 80 and 443!
        volumes:
          - /root/Caddyfile:/etc/caddy/Caddyfile
          # - $PWD/site:/srv # you could also serve a static site in site folder
          - caddy_data:/data
          - caddy_conf:/config
    volumes:
      caddy_data: {}
      caddy_conf: {}
      sqldata: {}
      dnsconfig: {}
    

    Caddyfile

    {
        # LetsEncrypt account
        email [email protected]<domain>.com
    }
    
    # Dashboard
    https://dashboard.netmaker.<domain>.com {
        reverse_proxy http://127.0.0.1:8082
    }
    
    # API
    https://api.netmaker.<domain>.com {
        reverse_proxy http://127.0.0.1:8081
    }
    
    # gRPC
    https://grpc.netmaker.<domain>.com {
        reverse_proxy h2c://127.0.0.1:50051
    }
    
    opened by ethanfowler 20
  • feature enhancement for work on pi like server

    feature enhancement for work on pi like server

    please can you make some feature enhancement for netmaker server work with raspberry pi like a server,it work with x86 architectura but not wit arm,now i have a server working with debian 10 installed on virtual mode,thanks in advanced image

    opened by spereg53 19
  • [Bug]: netclient unable connect to mq server[Unable to connect (A TLS error occurred.)]

    [Bug]: netclient unable connect to mq server[Unable to connect (A TLS error occurred.)]

    Contact Details

    [email protected]

    What happened?

    netclient was unable to connect to the MQ server because of a certificate problem。

    I have three clients, two Linux and one Mac OS. None of them can connect to the MQ server.

    When I use the OpenSSL command to verify the certificate, one Linux can pass the verification, but the other Linux and MacOS fail. The following is the version and verification output of OpenSSL.

    version: Linux1: OpenSSL 1.1.1f 31 Mar 2020 Linux2: OpenSSL 1.0.2k-fips 26 Jan 2017 MacOS: LibreSSL 2.8.3

    Linux1:

    [email protected]:/etc/netclient/netmaker-api.xxx.com# openssl verify -CAfileroot.pem client.pem
    client.pem: OK
    
    [email protected]:/etc/netclient/netmaker-api.xxx.com# mosquitto_pub -h netmaker-api.xxx.com -p 8883 -t hello/test -m 'dddxxx' --cert client.pem --cafile root.pem --key /etc/netclient/client.key -d
    Client mosq-bI0YtDTTcIrbLGxeXV sending CONNECT
    Client mosq-bI0YtDTTcIrbLGxeXV received CONNACK (0)
    Client mosq-bI0YtDTTcIrbLGxeXV sending PUBLISH (d0, q0, r0, m1, 'hello/test', ... (6 bytes))
    Client mosq-bI0YtDTTcIrbLGxeXV sending DISCONNECT
    
    

    Linux2:

    [[email protected] netmaker-api.xxx.com]# openssl verify -CAfile root.pem client.pem
    client.pem: C = US, O = Gravitl, CN = CA Root
    error 6 at 0 depth lookup:unable to decode issuer public key
    140375689643920:error:0609E09C:digital envelope routines:PKEY_SET_TYPE:unsupported algorithm:p_lib.c:239:
    140375689643920:error:0B07706F:x509 certificate routines:X509_PUBKEY_get:unsupported algorithm:x_pubkey.c:148:
    140375689643920:error:0609E09C:digital envelope routines:PKEY_SET_TYPE:unsupported algorithm:p_lib.c:239:
    140375689643920:error:0B07706F:x509 certificate routines:X509_PUBKEY_get:unsupported algorithm:x_pubkey.c:148:
    140375689643920:error:0B06E06C:x509 certificate routines:X509_get_pubkey_parameters:unable to get certs public key:x509_vfy.c:2098:
    
    [[email protected] netmaker-api.xxx.com]# mosquitto_pub -h netmaker-api.xxx.com -p 8883 -t hello/test -m 'dddxxx' --cert /etc/netclient/netmaker-api.xxx.com/client.pem --cafile /etc/netclient/netmaker-api.xxx.com/root.pem --key /etc/netclient/client.key  -d
    Error: Unable to load client certificate "/etc/netclient/netmaker-api.xxx.com/client.pem".
    OpenSSL Error[0]: error:0609E09C:digital envelope routines:PKEY_SET_TYPE:unsupported algorithm
    OpenSSL Error[1]: error:0B07706F:x509 certificate routines:X509_PUBKEY_get:unsupported algorithm
    OpenSSL Error[2]: error:140BF10C:SSL routines:SSL_SET_CERT:x509 lib
    Unable to connect (A TLS error occurred.).
    

    MacOS:

    MacBook-Air:netmaker-api.xxx.com root# openssl verify -CAfile root.pem client.pem
    client.pem: C = US, O = Gravitl, CN = CA Root
    error 6 at 1 depth lookup:unable to decode issuer public key
    8673539756:error:06FFF09C:digital envelope routines:CRYPTO_internal:unsupported algorithm:/AppleInternal/Library/BuildRoots/66382bca-8bca-11ec-aade-6613bcf0e2ee/Library/Caches/com.apple.xbs/Sources/libressl/libressl-2.8/crypto/evp/p_lib.c:245:
    8673539756:error:0BFFF06F:x509 certificate routines:CRYPTO_internal:unsupported algorithm:/AppleInternal/Library/BuildRoots/66382bca-8bca-11ec-aade-6613bcf0e2ee/Library/Caches/com.apple.xbs/Sources/libressl/libressl-2.8/crypto/asn1/x_pubkey.c:197:
    
    
    MacBook-Air:netmaker-api.xxx.com root# mosquitto_pub -h netmaker-api.xxx.
    com -p 8883 --cafile ./root.pem --cert client.pem --key ../client.key -t hello/wt -m x -d
    Client null sending CONNECT
    Error: host name verification failed.
    OpenSSL Error[0]: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
    Error: A TLS error occurred.
    
    

    Although the openssl command of Linux 1 and mosquitto_pub command runs successfully, but when netclient is started, it is still unable to connect to the MQ server.

    Please let me know how I can solve this problem. Thank you!

    Version

    v0.14.0

    What OS are you using?

    Linux, Mac

    Relevant log output

    [[email protected] ~]# netclient daemon -vvv
    [netclient] 2022-05-17 23:42:05 initializing network default
    [netclient] 2022-05-17 23:42:05 pulling latest config for  default
    [netclient] 2022-05-17 23:42:08 waiting for interface...
    [netclient] 2022-05-17 23:42:08 interface ready - netclient.. ENGAGE
    [netclient] 2022-05-17 23:42:10 started daemon for server  netmaker-api.xxx.com
    [netclient] 2022-05-17 23:42:10 netclient daemon started for server:  netmaker-api.xxx.com
    [netclient] 2022-05-17 23:42:40 unable to connect to broker, retrying ...
    [netclient] 2022-05-17 23:42:40 could not connect to broker netmaker-api.xxx.com connect timeout
    [netclient] 2022-05-17 23:42:40 connection issue detected.. attempt connection with new certs
    [netclient] 2022-05-17 23:42:40 register at https://netmaker-api.xxx.com/api/server/register
    [netclient] 2022-05-17 23:42:40 certificates/key saved
    [netclient] 2022-05-17 23:42:41 restarting netclient.service
    [netclient] 2022-05-17 23:43:11 local port has changed from  0  to  51821
    
    [email protected]:~# docker logs mq --tail 20 -f
    1652845513: New connection from 127.0.0.0:21825 on port 8883.
    1652845513: OpenSSL Error[0]: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate
    1652845513: Client <unknown> disconnected: Protocol error.
    

    Contributing guidelines

    • [X] Yes, I did.
    bug 
    opened by raojinlin 18
  • netclient on mipsle, build failed.

    netclient on mipsle, build failed.

    there does not have a MIPS architecture NetClient, but i only use wireguard in openwrt. when i build with GOARCH=mipsle go build -ldflags "-s -w" , There's an error /tmp/go-build2451609279/b001/pkg.a(netclient.syso): unsupported arch 5

    opened by oycol 17
  • unable to run netclient-arm in openwrt

    unable to run netclient-arm in openwrt

    OS: openwrt 19.07.7 OPENWRT_BOARD="bcm53xx/generic" OPENWRT_ARCH="arm_cortex-a9"

    Router Model: Buffalo WZR-1750DHP

    I think this router use ARMv7 processor

    [email protected]:~# cat /proc/cpuinfo
    processor	: 0
    model name	: ARMv7 Processor rev 0 (v7l)
    BogoMIPS	: 800.00
    Features	: half thumb fastmult edsp tls 
    CPU implementer	: 0x41
    CPU architecture: 7
    CPU variant	: 0x3
    CPU part	: 0xc09
    CPU revision	: 0
    

    But I tried with all three version in latest release , no one works.

    ARM64

    [email protected]:~# wget https://github.com/gravitl/netmaker/releases/download/latest/netclient.arm64 -O netclient.arm64
    Downloading 'https://github.com/gravitl/netmaker/releases/download/latest/netclient.arm64'
    Connecting to 13.114.40.48:443
    Redirected to /351486934/df182280-9c36-11eb-9747-cd0a85c259f1?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20210414%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210414T084743Z&X-Amz-Expires=300&X-Amz-Signature=63210426e0712f508982bf394526fe448fed481ca13909e9ee00d70e898e0f38&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=351486934&response-content-disposition=attachment%3B%20filename%3Dnetclient.arm64&response-content-type=application%2Foctet-stream on github-releases.githubusercontent.com
    Writing to 'netclient.arm64'
    netclient.arm64      100% |*******************************| 15052k  0:00:00 ETA
    Download completed (15413376 bytes)
    [email protected]:~# chmod +x netclient.arm64
    [email protected]:~# ./netclient.arm64
    ./netclient.arm64: line 1: syntax error: unexpected word (expecting ")")
    [email protected]:~# 
    
    

    ARM7

    [email protected]:~# wget https://github.com/gravitl/netmaker/releases/download/latest/netclient.arm7 -O netclient.arm7
    Downloading 'https://github.com/gravitl/netmaker/releases/download/latest/netclient.arm7'
    Connecting to 52.69.186.44:443
    Redirected to /351486934/6749f800-9c36-11eb-8088-a2c5c13159bc?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20210414%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210414T084836Z&X-Amz-Expires=300&X-Amz-Signature=476322616ef762811ecd546afa722566bd9c6ebd87f08a93a5a6a5868994dc04&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=351486934&response-content-disposition=attachment%3B%20filename%3Dnetclient.arm7&response-content-type=application%2Foctet-stream on github-releases.githubusercontent.com
    Writing to 'netclient.arm7'
    netclient.arm7       100% |*******************************| 13701k  0:00:00 ETA
    Download completed (14030586 bytes)
    [email protected]:~# chmod +x netclient.arm7
    [email protected]:~# ./netclient.arm7
    Illegal instruction
    [email protected]:~# 
    
    

    netclient

    [email protected]:~# wget https://github.com/gravitl/netmaker/releases/download/latest/netclient -O netclient
    Downloading 'https://github.com/gravitl/netmaker/releases/download/latest/netclient'
    Connecting to 52.69.186.44:443
    Redirected to /351486934/84f46e80-9bf0-11eb-85f0-b095d1f8b6ab?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20210414%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210414T084920Z&X-Amz-Expires=300&X-Amz-Signature=8a5169f0d410a9d0b060bc37234876b86740480c20fb6e5b6bff88c0139546d2&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=351486934&response-content-disposition=attachment%3B%20filename%3Dnetclient&response-content-type=application%2Foctet-stream on github-releases.githubusercontent.com
    Writing to 'netclient'
    netclient            100% |*******************************| 13836k  0:00:00 ETA
    Download completed (14168935 bytes)
    [email protected]:~# chmod +x netclient
    [email protected]:~# ./netclient
    ./netclient: line 1: ELF: not found
    ./netclient: line 2: syntax error: unexpected "("
    [email protected]:~# 
    

    Did I miss something ? maybe some libraries ??

    opened by changchichung 17
  • [Bug]: no interfaces found, but interface was up after 5 seconds

    [Bug]: no interfaces found, but interface was up after 5 seconds

    Contact Details

    No response

    What happened?

    our server 2016 takes about 5 seconds for the interface to become up, which is causing the join command to fail

    2022/03/22 20:01:02 [netclient] waiting for interface...
    no interfaces found
    2022/03/22 20:01:02 [netclient] error installing: could not reliably create interface
    

    after checking the code its only waiting for less than 4 seconds for the interface to be up, and this time could be highered to say 10 seconds!

    https://github.com/gravitl/netmaker/blob/452efaad24a5ed31466d0409738ebe6c1343ab90/netclient/wireguard/common.go#L176

    Version

    v0.12.0

    What OS are you using?

    Windows

    Relevant log output

    No response

    Contributing guidelines

    • [X] Yes, I did.
    bug 
    opened by si458 16
  • Helm Chart Not Working (0.2.0)

    Helm Chart Not Working (0.2.0)

    Error: INSTALLATION FAILED: create: failed to create: Secret "sh.helm.release.v1.netmaker-helm-1657841004.v1" is invalid: data: Too long: must have at most 1048576 bytes

    Maybe to do with .helmgitignore , special characters or something else... ?

    opened by nashford77 14
  • [Bug]: Could not connect to broker.netmaker.domain.tld

    [Bug]: Could not connect to broker.netmaker.domain.tld

    What happened?

    Installation works fine and is able to create network and key but cannot add nodes to the network. It continues to complain that cannot connect to the broker. Although the *.netmaker.{{domain}} is forwarded correctly, which is required for the acme certificate anyway. I can ping the master node where I have installed netmaker but not the peers. Also cannot ssh to the master node even if I can ping and ufw shows the open port.

    The ufw ports are open on the server and client as well: To Action From


    443/tcp ALLOW Anywhere
    53/udp ALLOW Anywhere
    53/tcp ALLOW Anywhere
    51821:51830/udp ALLOW Anywhere
    8883/tcp ALLOW Anywhere
    22/tcp ALLOW Anywhere
    443/tcp (v6) ALLOW Anywhere (v6)
    53/udp (v6) ALLOW Anywhere (v6)
    53/tcp (v6) ALLOW Anywhere (v6)
    51821:51830/udp (v6) ALLOW Anywhere (v6)
    8883/tcp (v6) ALLOW Anywhere (v6)
    22/tcp (v6) ALLOW Anywhere (v6)

    Here is the dashboard image. It seems to recognize the devices and get the right ip addresses but cannot ping the image

    Version

    v0.14.2

    What OS are you using?

    Linux

    Relevant log output

    [netclient] 2022-06-05 16:15:24 joining default-net at api.netmaker.{{domain}}:443 
    [netclient] 2022-06-05 16:15:24 starting wireguard 
    [netclient] 2022-06-05 16:15:27 certificates/key saved  
    [netclient] 2022-06-05 16:15:57 unable to connect to broker, retrying ... 
    Ping tcp://broker.netmaker.{{domain}}:8883({{ip_address}}:8883) - Connected - time=131.885665ms
    Ping tcp://broker.netmaker.{{domain}}:8883({{ip_address}}:8883) - Connected - time=190.40443ms
    Ping tcp://broker.netmaker.{{domain}}:8883({{ip_address}}:8883) - Connected - time=130.113114ms
    [netclient] 2022-06-05 16:16:01 could not connect to broker broker.netmaker.{{domain}} connect timeout 
    [netclient] 2022-06-05 16:16:01 connection issue detected.. attempt connection with new certs and broker information 
    [netclient] 2022-06-05 16:16:01 certificates/key saved  
    [netclient] 2022-06-05 16:16:33 could not connect to broker at broker.netmaker.{{domain}}:8883 
    [netclient] 2022-06-05 16:16:33 failed to publish update for join connection timeout
    

    Contributing guidelines

    • [X] Yes, I did.
    bug 
    opened by rowhit 14
  • arm64 container images are only published on the test-workflow tag

    arm64 container images are only published on the test-workflow tag

    Based on comments in #480 I thought that arm64 images were being published but I ran into the same issues described in #457 when trying to run v0.9.3, v0.9.2, and v0.9.1. Then I looked at the actual images on docker hub and noticed that only the test-workflow tag has an arm64 version published. However that tag was published 2 months ago. I'd like to use the current version and upgrade when new versions are released.

    Can you start publishing arm64 container images for new versions?

    opened by lnhrdt 14
  • failed to create admin

    failed to create admin

    sudo wget -qO - https://raw.githubusercontent.com/gravitl/netmaker/master/scripts/nm-quick.sh | bash -s -- -d xx.ddns.net -e [email protected] Installation succeeded, use http://xx.ddns.net:8082 open the web, create admin failed, tips:Could not reach server

    bug ui 
    opened by lihaiz 13
  • Feat/coredns plugin netmaker

    Feat/coredns plugin netmaker

    Netmaker when running on HA architecture needs a shared filesystem to store the DNS data. These shared filesystems are hard to build and maintain. The goal of this plugin is to rely on the API (hence the database) as the only source of truth.

    This allows to run a CoreDNS server uncorrelated from the Netmaker installation that handles the DNS queries accurately.

    In order to build this I started the creation of a netmaker client library. If this part is too shady, we can directy import it in the CoreDNS plugin.

    Is this PR interesting for you ?

    opened by restanrm 13
  • [Bug]: traefix repored errors bad cerificate

    [Bug]: traefix repored errors bad cerificate

    Contact Details

    No response

    What happened?


    Dear all. I've setup netmaker server and severl clients. However, now I have a problem which is the client cannot get pull information from the server. I dont know how to fix it. When I check the server status, I got such errors: Dec 04 13:27:49 gis-server netclient[11784]: [netclient] 2022-12-04 13:27:49 [mqpublish.go-75] checkin(): network: vpntunnel endpoint has changed from 202.192.25.27 to Dec 04 13:28:19 gis-server netclient[11784]: [netclient] 2022-12-04 13:28:19 [mqpublish.go-252] publish(): could not connect to broker at broker.nm.66-42-77-231.nip.io:443 Dec 04 13:28:19 gis-server netclient[11784]: [netclient] 2022-12-04 13:28:19 [mqpublish.go-78] checkin(): network: vpntunnel could not publish endpoint change Dec 04 13:28:49 gis-server netclient[11784]: [netclient] 2022-12-04 13:28:49 [mqpublish.go-252] publish(): could not connect to broker at broker.nm.66-42-77-231.nip.io:443 Dec 04 13:28:49 gis-server netclient[11784]: [netclient] 2022-12-04 13:28:49 [mqpublish.go-149] Hello(): Network: vpntunnel error publishing ping, connection timeout Dec 04 13:28:49 gis-server netclient[11784]: [netclient] 2022-12-04 13:28:49 [mqpublish.go-150] Hello(): running pull on vpntunnel to reconnect Dec 04 13:29:21 gis-server netclient[11784]: [netclient] 2022-12-04 13:29:21 [mqpublish.go-153] Hello(): could not run pull on vpntunnel, error: Get "Get "https://api.nm.66-42-77-231.nip.io:443/api/nodes/vpntunnel/

    On the server side, I checked the docker logs for traefik, and got such errors too: time="2022-12-04T05:28:24Z" level=error msg="Error during connection: readfrom tcp 172.18.0.3:38672->172.18.0.4:8883: remote error: tls: bad certificate" time="2022-12-04T05:28:24Z" level=error msg="Error during connection: readfrom tcp 172.18.0.3:38674->172.18.0.4:8883: remote error: tls: bad certificate" time="2022-12-04T05:28:24Z" level=error msg="Error during connection: readfrom tcp 172.18.0.3:38676->172.18.0.4:8883: remote error: tls: bad certificate"

    I just used the default docker config without any modifications. Anybody know why the server reported "bad certificate"?

    Version

    v0.16.3

    What OS are you using?

    No response

    Relevant log output

    No response

    Contributing guidelines

    • [X] Yes, I did.
    bug 
    opened by yanggis 0
  • [Bug]: Ext. Clients & Nodes naming allows characters which break functionality

    [Bug]: Ext. Clients & Nodes naming allows characters which break functionality

    Contact Details

    [email protected]

    What happened?

    if you assign a name that includes for example a slash ("/") and then try to edit that client, the edit form will not show up. web console also gives a 401 error. i suspect this is because it seems to break the path in the url.

    have not tested other scenarios, but i suspect it would misbehave in a similar way.

    Version

    v0.16.3

    What OS are you using?

    Linux

    Relevant log output

    No response

    Contributing guidelines

    • [X] Yes, I did.
    bug 
    opened by pipelinedave 0
  • [Bug]: Fyne Error when running Netclient on Windows server

    [Bug]: Fyne Error when running Netclient on Windows server

    What happened?

    Installed and tried to run Netclient on Windows 2016 datacenter and got Fyne Error

    Clipboard Image

    I assume it is somehow related to the GUI There is suggestionto emulate OpenGL but that is unfortunately not under my control. The machine is VPS hosted by Contabo hosting and they don't emulate OGL

    Any suggestions?

    Version

    v0.16.3

    What OS are you using?

    Windows

    Relevant log output

    No response

    Contributing guidelines

    • [X] Yes, I did.
    bug 
    opened by jekcom 2
  • [Bug]: Overwriting wireguard configuration bypasses netmaker's eagress configuration

    [Bug]: Overwriting wireguard configuration bypasses netmaker's eagress configuration

    Contact Details

    [email protected]

    What happened?

    Summary

    Modifying the external client configuration gives me access to the whole network. It seems that it ignores the egress configuration of the netmaker node.

    Configuration of the network

    The egress node (netmaker-1) gives access to two nodes of the network: 192.168.1.206 and 192.168.1.151. netmaker-1 is also the ingress node of the network.

    image

    The external client (nm-media) gets the following configuration (with line (1), not (2)).

    [Interface]
    Address = 10.109.93.1/32
    PrivateKey = [Removed]
    MTU = 1280
    DNS = 192.168.1.206
    
    [Peer]
    PublicKey = [Removed]
    (1) AllowedIPs = 10.109.93.0/24,192.168.1.206/32,192.168.1.151/32 -> Original configuration generated by Netmaker (same as egress configuration)
    (2) AllowedIPs = 10.109.93.0/24,192.168.1.0/24 -> Manually modified configuration
    Endpoint = [Removed]
    PersistentKeepalive = 20
    

    However, if I change (1) for (2), the external client has access to the entire network.

    Expected behaviour

    The external client cannot access the entire network when (1) is replaced by (2). In other words, the Netmaker's network configuration has more priority than the external client configuration, which can be overwritten by the user.

    Thank you for looking at this!

    Best regards, Marc.

    Version

    v0.16.0

    What OS are you using?

    Linux

    Relevant log output

    No response

    Contributing guidelines

    • [X] Yes, I did.
    bug 
    opened by marcbenedi 0
  • [Bug]: Egress Gateway breaks internet access on reboot

    [Bug]: Egress Gateway breaks internet access on reboot

    Contact Details

    [email protected]

    What happened?

    We have a Ubuntu Server 22.04 node with two physical network interfaces: one connected to a LAN with internet access, the other connected to a LAN without internet access. I want to use this node as an Egress Gateway so other hosts on the LAN without internet access are addressable and accessible from within the mesh network.

    The node works as expected when running Netclient. When the node is set as an Egress Gateway in Netmaker, it continues to work as expected until its next reboot (or manual sudo netclient pull command). After reboot, the node:

    • loses internet access
    • cannot be accessed by SSH from within the mesh network
    • does not respond to ping from the mesh network
    • cannot be accessed by SSH from the local LAN
    • does not respond to ping from the local LAN

    If we login to the node by its console, run a manual sudo netclient leave command, and reboot, then the node regains its internet access and is again reachable from the local LAN.

    Version

    v0.16.3

    What OS are you using?

    Linux

    Relevant log output

    ## after running sudo netclient pull on Egress Gateway
    setupMQTT(): unable to connect to broker, retrying ...
    setupMQTT(): could not connect to broker [redacted] nslookup failed for broker ... check dns records
    ...
    checkin(): error encountered checking public ip addresses:  public address not found
    GetLocalListenPort(): failed to parse interface nm-[redacted]
    UpdateLocalListenPort(): network: [redacted] error encountered checking local listen port:  nm-[redacted] file does not exist
    GetFileWithRetry(): failed to retrieve file  /etc/netclient/config/traffic-[redacted] , retrying...
    GetFileWithRetry(): failed to retrieve file  /etc/netclient/config/traffic-[redacted] , retrying...
    Hello(): Network: [redacted] error publishing ping, open /etc/netclient/config/traffic-[redacted]: no such file or directory
    Hello(): running pull on [redacted] to reconnect
    ReplaceWithBackup(): used backup file for network:  [redacted]
    Hello(): could not run pull on [redacted], error: open /etc/netclient/config/netconfig-[redacted]: no such file or directory
    checkin(): collecting metrics for node [redacted]
    publishMetrics(): failed to authenticate when publishing metrics could not read secrets file open /etc/netclient/config/secret-[redacted]: no such file or directory
    Checkin(): checkin routine closed
    ...
    ## after Egress Gateway reboot
    Checkin(): MQ client is not connected, skipping checkin...
    

    Contributing guidelines

    • [X] Yes, I did.
    bug 
    opened by charleswinsor 0
Releases(v0.17.0)
Owner
GRAVITL
We build the distributed cloud.
GRAVITL
A library for working with IP addresses and networks in Go

IPLib I really enjoy Python's ipaddress library and Ruby's ipaddr, I think you can write a lot of neat software if some of the little problems around

Chad Robinson 96 Nov 30, 2022
webrpc is a schema-driven approach to writing backend services for modern Web apps and networks

webrpc is a schema-driven approach to writing backend servers for the Web. Write your server's api interface in a schema format of RIDL or JSON, and t

null 488 Dec 7, 2022
A flexible configuration manager for Wireguard networks

Drago A flexible configuration manager for WireGuard networks Drago is a flexible configuration manager for WireGuard networks which is designed to ma

Seashell 996 Dec 2, 2022
Transfer 10Gbps http traffic over 1Gbps networks :)

httpteleport Teleports 10Gbps http traffic over 1Gbps networks. Built on top of fastrpc. Use cases httpteleport may significantly reduce inter-server

Aliaksandr Valialkin 447 Nov 30, 2022
A Lightweight VPN Built on top of Libp2p for Truly Distributed Networks.

Hyprspace A Lightweight VPN Built on top of Libp2p for Truly Distributed Networks. demo.mp4 Table of Contents A Bit of Backstory Use Cases A Digital N

Hyprspace 357 Nov 25, 2022
Data source provider for Terraform that interacts with the Solana networks

Terraform Solana Provider Registry Page Requirements Terraform >= 0.13.x Go 1.16.x (for building from source) Example Usage Full provider documentatio

Matthew Callens 8 Aug 6, 2022
Mount your podman container into WireGuard networks on spawn

wg-pod A tool to quickly join your podman container/pod into a WireGuard network. Explanation wg-pod wires up the tools ip,route,wg and podman. It cre

Maximilian Ehlers 13 Aug 14, 2022
Attach services to specified networks automatically

Docker swarm network attacher Description docker-swarm-network-attacher aims to solve the problem of sharing a network between unrelated services. Wit

Bruno Cascio 1 Nov 11, 2021
A memory-safe SSH server, focused on listening only on VPN networks such as Tailscale

Features Is tested to work with SCP Integrates well with systemd Quickstart Download binary for your architecture. We only support Linux. If you don't

function61.com 2 Jun 10, 2022
Overlay networks based on WebRTC.

weron Overlay networks based on WebRTC. ⚠️ weron has not yet been audited! While we try to make weron as secure as possible, it has not yet undergone

Felicitas Pojtinger 1.2k Dec 2, 2022
pb: a tool for managing protoc builds and dependencies

pb pb is a Protocol Buffers Build tool that manages dependencies and build confi

Dan Enman 3 Nov 20, 2022
LazySSH is an SSH server that acts as a jump host only, and dynamically starts temporary virtual machines.

LazySSH is an SSH server that acts as a jump host only, and dynamically starts temporary virtual machines. If you find yourself briefly starti

Stéphan Kochen 474 Nov 9, 2022
Seesaw v2 is a Linux Virtual Server (LVS) based load balancing platform.

Seesaw v2 Note: This is not an official Google product. About Seesaw v2 is a Linux Virtual Server (LVS) based load balancing platform. It is capable o

Google 5.5k Dec 2, 2022
A simple UDP server to make a virtual secure channel with the clients

udpsocket I made this package to make a virtual stateful connection between the client & server using the UDP protocol for a golang game server (as yo

TheRedRad 5 Jun 18, 2022
Vippy - A Virtual IP/BGP/IPVS Load-Balancer for Equinix Metal

Vippy - A Virtual IP/BGP/IPVS Load-Balancer for Equinix Metal If I figure out how to make it work.. How it works! The Vippy LB PoC uses BGP/IPVS and E

Daniel Finneran 5 Mar 10, 2022
apache dubbo gateway,L7 proxy,virtual host,k8s ingress controller.

apache dubbo gateway,L7 proxy,virtual host,k8s ingress controller.

null 0 Jul 22, 2022
A simple terminal UI for managing SSH sessions

sshman A simple terminal UI for managing SSH sessions sshman uses your unix current user and it creates an account for you. All account and session in

Berkay Akyazı 7 Apr 3, 2022
gproxy is a tiny service/library for creating lets-encrypt/acme secured gRPC and http reverse proxies

gproxy is a reverse proxy service AND library for creating flexible, expression-based, lets-encrypt/acme secured gRPC/http reverse proxies GProxy as a

null 16 Sep 11, 2022
This is a proof of concept (PoC) for creating a QR code system for proving that one has had a valid vaccination record

TestVac QR Core This is a proof of concept (PoC) for creating a QR code system for proving that one has had a valid vaccination record (FHIR, see http

Ministerie van Volksgezondheid, Welzijn en Sport 40 Nov 27, 2022