How to Automate your WireGuard Virtual Networks with NMCTL and Netmaker

Posted by
December 22, 2022

Netmaker recently released a new tool called nmctl, which makes automating virtual networks, and WireGuard, even easier!

Netmaker is a super powerful platform for automating virtual networks, however, up until now, you needed to use the UI to manage your networks. With NMCTL, all the power of the admin dashboard has been added to a simple command line utility.

If you’re familiar with kubectl, it shares some similarities, including how it authenticates with the server, and how you perform CRUD operations on different resource types.

You can download NMCTL from the assets in Netmaker releases:

Documentation can be found here:


Assuming you already have Netmaker set up, using NMCTL is relatively straightforward. First, I download and make the binary executable. I’m also adding it to my PATH for easy access:

wget && chmod +x nmctl && sudo mv nmctl /usr/local/bin/nmctl

I then test to make sure it’s available:

alex@zorg:~$ nmctl --helpCLI for interacting with Netmaker ServerUsage:  netmaker [command]Available Commands:  acl          Manage Access Control Lists (ACLs)  completion   Generate the autocompletion script for the specified shell  context      Manage various netmaker server configurations  dns          Manage DNS entries associated with a network  ext_client   Manage External Clients  help         Help about any command  keys         Manage access keys associated with a network  logs         Retrieve server logs  metrics      Fetch metrics of nodes/networks  network      Manage Netmaker Networks  network_user Manage Network Users  node         Manage nodes associated with a network  server       Get netmaker server information  user         Manage users and permissions  usergroup    Manage User GroupsFlags:  -h, --help     help for netmaker  -t, --toggle   Help message for toggleUse "netmaker [command] --help" for more information about a command.

Next, I login to my Netmaker server. You can use either your master key, or username/password:

alex@zorg:~$ nmctl context set default --endpoint= --username=admin --password=XXXXXXXalex@zorg:~$ nmctl context use default

I am then able to manage my networks with nmctl!

For instance, list nodes, networks, and users:

alex@zorg:~$ nmctl node list+------------+----------------+---------+----------+--------+---------+-------+--------------------------------------+|    NAME    |   ADDRESSES    | VERSION | NETWORK  | EGRESS | INGRESS | RELAY |                  ID                  |+------------+----------------+---------+----------+--------+---------+-------+--------------------------------------+| netmaker-1 | | v0.17.1 | netmaker | no     | yes     | no    | 88278135-7b7b-4b83-833b-1df52d158715 |+------------+----------------+---------+----------+--------+---------+-------+--------------------------------------+alex@zorg:~$ nmctl network list+----------+----------------------+----------------------+---------------------------+---------------------------+|  NETID   | ADDRESS RANGE (IPV4) | ADDRESS RANGE (IPV6) |   NETWORK LAST MODIFIED   |    NODES LAST MODIFIED    |+----------+----------------------+----------------------+---------------------------+---------------------------+| netmaker |        |                      | 2022-12-13T14:22:47-05:00 | 2022-12-13T14:23:36-05:00 |+----------+----------------------+----------------------+---------------------------+---------------------------+alex@zorg:~$ nmctl user list+-------+-------+----------+--------+| NAME  | ADMIN | NETWORKS | GROUPS |+-------+-------+----------+--------+| admin | true  |          | *      |+-------+-------+----------+--------+

Create Ingress Gateways and Ext Clients:

alex@zorg:~$ nmctl node create_ingress netmaker 88278135-7b7b-4b83-833b-1df52d158715alex@zorg:~$ nmctl ext_client create netmaker 88278135-7b7b-4b83-833b-1df52d158715alex@zorg:~$ nmctl ext_client list+-------------+----------+--------------+--------------+---------+-------------------------------+|  CLIENT ID  | NETWORK  | IPV4 ADDRESS | IPV6 ADDRESS | ENABLED |         LAST MODIFIED         |+-------------+----------+--------------+--------------+---------+-------------------------------+| idle-saturn | netmaker |   |              | true    | 2022-12-22 14:09:51 -0500 EST |+-------------+----------+--------------+--------------+---------+-------------------------------+

Delete Access Keys:

alex@zorg:~$ nmctl keys delete netmaker netmaker-keySuccess

And much more!

You can manage your ACL’s via a JSON file, retrieve node metrics, and pretty much everything you can do with the admin UI.

This tool is great for a few specific types of users:

  1. Users with large networks: The admin UI can become unwieldy once you have hundreds or thousands of machines in a network. NMCTL vastly simplifies management for these large networks.
  2. Users who need automation: Do you need to generate and distribute access keys to join networks on the fly? Do you need to delete nodes under certain conditions, or maybe modify access controls? NMCTL allows you to integrate your network management into scripts, CICD pipelines, and automation tools like Terraform and Ansible.
  3. Users who love the command line: And of course, some users, given the choice, simply prefer a CLI over a GUI.

If any of those apply to you, check out NMCTL!

More posts


A WireGuard¬ģ VPN that connects machines securely, wherever they are.
Star us on GitHub
By clicking ‚ÄúAccept‚ÄĚ, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.