Posted 5 days ago by Vanessa

Netmaker is a powerful, modern VPN solution that creates secure mesh networks using WireGuard technology. Unlike traditional VPN setups, Netmaker automatically manages peer-to-peer connections, making it ideal for connecting multiple devices, offices, or cloud resources. In this comprehensive guide, we’ll walk through setting up Netmaker on a RamNode VPS running Ubuntu 24 or higher.

Why Choose Netmaker?

Netmaker offers several advantages over traditional VPN solutions:

  • WireGuard-based: Built on the fast, secure WireGuard protocol
  • Mesh networking: Devices connect directly to each other when possible
  • Easy management: Web-based UI for network administration
  • Scalable: Handles everything from small teams to enterprise networks
  • Cross-platform: Supports Linux, Windows, macOS, iOS, and Android

Prerequisites

Before we begin, ensure you have:

  • A RamNode VPS with Ubuntu 24.04 or higher
  • Root or sudo access to your VPS
  • A domain name (optional but recommended for SSL)
  • Basic familiarity with Linux command line

Prepare Your RamNode VPS

First, connect to your RamNode VPS via SSH and update the system:

sudo apt update && sudo apt upgrade -y

Install essential packages:

sudo apt install -y curl wget git ufw docker.io docker-compose

Enable and start Docker:

sudo systemctl enable docker
sudo systemctl start docker
sudo usermod -aG docker $USER

Log out and log back in for the Docker group changes to take effect.

Configure Firewall

Configure UFW to allow necessary ports:

sudo ufw allow ssh
sudo ufw allow 443/tcp    # HTTPS for web UI
sudo ufw allow 80/tcp     # HTTP (will redirect to HTTPS)
sudo ufw allow 51821/udp  # WireGuard default port
sudo ufw allow 8081/tcp   # Netmaker API
sudo ufw enable

Download and Configure Netmaker

Create a directory for Netmaker:

mkdir ~/netmaker && cd ~/netmaker

Download the Netmaker quick install script:

wget https://raw.githubusercontent.com/gravitl/netmaker/master/scripts/nm-quick.sh
chmod +x nm-quick.sh

Set Up Domain (Recommended)

If you have a domain name, point the following subdomains to your VPS IP:

  • netmaker.yourdomain.com (for the web UI)
  • api.netmaker.yourdomain.com (for the API)
  • broker.netmaker.yourdomain.com (for the message broker)

Update your DNS records with A records pointing to your RamNode VPS IP address.

Run the Netmaker Installation

Execute the installation script with your domain:

sudo ./nm-quick.sh -d netmaker.yourdomain.com

If you don’t have a domain, you can use the IP address:

sudo ./nm-quick.sh -i YOUR_VPS_IP_ADDRESS

The script will:

  • Download necessary Docker images
  • Generate SSL certificates (if using a domain)
  • Create Docker Compose configuration
  • Start all Netmaker services

Access the Netmaker Dashboard

Once installation completes, you’ll see output similar to:

Netmaker setup is complete!
Visit https://netmaker.yourdomain.com to access the dashboard
Default admin credentials:
Username: admin
Password: [generated-password]

Open your browser and navigate to your Netmaker URL. Accept the self-signed certificate if prompted (or wait for Let’s Encrypt if using a domain).

Initial Configuration

  1. Log in with the provided admin credentials
  2. Change the default password immediately
  3. Create your first network:
    • Click “Create Network”
    • Name: main-network
    • Address Range: 10.101.0.0/16 (or your preferred range)
    • Click “Create”

Configure Your First Client

For Linux/macOS Desktop:

Download the netclient:

curl -sL https://github.com/gravitl/netmaker/releases/latest/download/netclient | sudo bash

Join your network:

sudo netclient join -t YOUR_ENROLLMENT_TOKEN

For Windows:

  1. Download the Windows netclient from the Netmaker releases page
  2. Run as administrator
  3. Use the same join command in PowerShell

For Mobile Devices:

  1. In the Netmaker dashboard, click on your network
  2. Click “Create Gateway” and select your server node
  3. Generate a WireGuard configuration
  4. Import the configuration into the WireGuard mobile app

Advanced Configuration

Enable Gateway Access

To allow VPN clients to access the internet through your VPS:

  1. In the Netmaker dashboard, select your server node
  2. Click “Make Gateway”
  3. Select the network interface (usually eth0)
  4. Enable “Allow Internet Gateway”

Configure Access Control

Create access control lists to manage which devices can communicate:

  1. Go to “Access Control” in the dashboard
  2. Create rules based on your security requirements
  3. Apply rules to specific nodes or groups

Monitoring and Maintenance

Check Service Status

Verify all services are running:

cd ~/netmaker
sudo docker-compose ps

View Logs

Check logs if you encounter issues:

sudo docker-compose logs netmaker
sudo docker-compose logs netmaker-ui

Backup Configuration

Regularly backup your Netmaker data:

sudo docker-compose exec database pg_dump -U netmaker netmaker > netmaker-backup.sql

Troubleshooting Common Issues

SSL Certificate Issues

If Let’s Encrypt fails:

# Force certificate renewal
sudo docker-compose exec caddy caddy reload

Port Conflicts

Ensure no other services are using required ports:

sudo netstat -tulpn | grep -E ":(80|443|8081|51821)"

Client Connection Issues

  1. Verify firewall rules on both server and client
  2. Check if your ISP blocks UDP traffic
  3. Ensure system time is synchronized
  4. Try different WireGuard ports if needed

Security Best Practices

  1. Regular Updates: Keep Netmaker and your VPS updated
  2. Strong Passwords: Use complex passwords and consider 2FA
  3. Limited Access: Only expose necessary ports
  4. Regular Audits: Review connected devices and access logs
  5. Backup Strategy: Maintain regular configuration backups

Performance Optimization

For better performance on your RamNode VPS:

  1. Allocate sufficient resources: Ensure adequate RAM and CPU
  2. Monitor bandwidth: Use tools like iotop and iftop
  3. Optimize Docker: Configure Docker logging and resource limits
  4. Database tuning: Adjust PostgreSQL settings for your workload

Conclusion

You now have a fully functional Netmaker VPN running on your RamNode VPS! This setup provides a secure, scalable mesh network that can grow with your needs. The web-based interface makes it easy to manage users, monitor connections, and configure advanced features.

Netmaker’s mesh networking capabilities mean that once devices are connected, they can communicate directly with each other without always routing through your VPS, reducing latency and bandwidth usage.

Remember to regularly update your installation, monitor performance, and backup your configuration to ensure reliable operation of your VPN infrastructure.