Netmaker
Open SourceAPINetmaker is an open source WireGuard-based mesh networking platform for creating fast, secure virtual networks between s
www.netmaker.ioLast updated: April 2026
Netmaker is an open source WireGuard-based mesh networking platform for creating fast, secure virtual networks between servers, containers, and clients.
About
Netmaker is an open source networking platform that uses WireGuard to create fast, automated mesh virtual networks between servers, VMs, containers, edge devices, and client machines. By automating the WireGuard configuration and key exchange that would otherwise require manual setup for each peer connection, Netmaker makes it practical to create complex, multi-node mesh networks without deep WireGuard expertise.
The automation of WireGuard configuration is Netmaker's primary value proposition. WireGuard is an excellent VPN protocol but configuring a mesh network with many peers requires managing public keys, allowed IPs, and endpoint addresses for every node manually. As the network grows, this configuration burden becomes significant. Netmaker automates this entirely through a centralized server that manages the network configuration and pushes updates to all nodes automatically when the network topology changes.
The Netmaker Server is the control plane that maintains the state of all networks, handles node authentication and authorization, manages DNS, and distributes configuration updates to connected nodes. The server exposes a REST API and a web dashboard for network management. For high availability and security, the server can be deployed on any internet-accessible host with TLS.
The Netclient agent runs on each node that should be part of a Netmaker network. The agent connects to the Netmaker server, receives its WireGuard configuration, and sets up the WireGuard interface and peer connections automatically. When nodes join or leave the network, or when their endpoint addresses change, all other nodes in the network are updated automatically.
Access control in Netmaker is managed at the network, node, and user levels. Multiple networks can be created within a single Netmaker server, with separate ACLs for each network. Node ACLs control which nodes can communicate with which other nodes within a network, enabling segmentation of the flat mesh into a more controlled topology.
Relay and egress nodes enable advanced network architectures. Relay nodes forward traffic between nodes that cannot communicate directly, handling NAT traversal failures. Egress nodes allow network traffic to exit through a specific node, enabling internet access through a central gateway or routing traffic through an office network.
Netmaker also supports remote access clients that allow user devices to connect to a Netmaker network as VPN clients.
Positioning
Netmaker is an open source platform for creating and managing WireGuard-based virtual networks. It automates the complex configuration of WireGuard mesh networks, enabling organizations to connect servers, containers, IoT devices, and remote users across any environment with a few clicks through an intuitive admin dashboard.
While WireGuard provides exceptional VPN performance, configuring mesh networks manually becomes exponentially complex as nodes increase. Netmaker solves this by automating peer configuration, key management, and network topology while preserving WireGuard’s kernel-level performance. It supports multiple network topologies including full mesh, hub-and-spoke, and site-to-site, making it versatile enough for everything from homelab setups to enterprise multi-cloud networking.
What You Get
- Automated WireGuard Mesh
Automatically configures and maintains WireGuard tunnels between all nodes, handling key exchange, peer discovery, and configuration updates - Remote Access Gateway
Built-in gateway functionality for remote users to access the mesh network via WireGuard clients without installing the full Netmaker agent - Egress and Ingress Gateways
Route traffic to external networks and expose internal services securely through configurable gateway nodes - Access Control Lists
Fine-grained control over which nodes can communicate with each other within the mesh, enabling micro-segmentation - Multi-Network Support
Create and manage multiple isolated virtual networks from a single Netmaker server with independent configurations
Core Areas
WireGuard Automation
Eliminates manual WireGuard configuration by automating peer management, key rotation, and tunnel establishment across all network nodes
Network Topology Management
Supports full mesh, hub-and-spoke, and site-to-site topologies with dynamic reconfiguration as nodes join or leave the network
Multi-Cloud Connectivity
Connects resources across AWS, GCP, Azure, on-premises data centers, and edge locations through a unified WireGuard overlay
Why It Matters
WireGuard is widely recognized as the fastest and most secure VPN protocol, but managing WireGuard configurations at scale is a significant operational challenge. Every new node requires updating configurations on all existing peers, and key management becomes unwieldy beyond a handful of hosts. Netmaker transforms WireGuard from a manual configuration task into a managed platform.
For teams that want the performance benefits of kernel-level WireGuard without the operational overhead, Netmaker provides the automation layer that makes it practical. Being open source and self-hostable means organizations maintain full control over their networking infrastructure while benefiting from community-driven development and transparent security.
Reviews
No reviews yet.
Log in to write a review
Related
NetFoundry
NetFoundry is a zero-trust networking platform using OpenZiti to embed application-specific networking in software without VPNs or open firewall ports.
Nebula
Nebula is an open source mesh networking tool by Slack for creating fast, secure overlay networks between distributed hosts using WireGuard-inspired design.
OpenZiti
OpenZiti is an open source zero-trust overlay network for embedding zero-trust security directly into applications with SDK-based connectivity.