Introducing Internet Gateways

Posted by
Alex Feiszli
February 29, 2024

Today, Netmaker is introducing a new feature to its VPN platform, internet gateways. This feature is available as part of Netmaker Pro in our on-prem solution, and will be available on SaaS starting next week.

If you’re familiar with commercial VPN providers like NordVPN, ExpressVPN, SurfShark, ProtonVPN, an Internet Gateway is what their platforms provide by default: a server that acts as an exit for all of your internet traffic.

Netmaker is typically used to configure remote access and site-to-site connections for internal IT resources like cloud VPC’s, data centers, office networks, and edge servers. In these cases, the standard VPN approach isn’t desirable. You just want to configure direct access to internal servers and networks, not the internet.

This is called a “split tunnel” VPN, the default Netmaker configuration. Your devices’ internet traffic continues to go out over the normal internet connection by default. Only access to specific resources goes out over the VPN connection. This is more in line with providers like Tailscale, ZeroTier, and OpenVPN.

Now, you can create full tunnel VPNs with Netmaker as well. Consider, for instance, you have configured firewalls, monitoring, and whitelisting for web traffic coming out of your office network. You’d like  to utilize this setup for your remote users and servers. These devices and users are outside of the office, but you would like their web traffic to be handled as if they are on the office network. With Internet Gateways, you can simply set a device in the office network as the exit point for these remote devices, and they will route their internet traffic via this server.

Since Netmaker uses WireGuard as its underlying protocol, these connections are very fast, efficient, and secure.

The additional power of the Internet Gateway feature is, it allows you to select the specific devices which will route their internet traffic via the gateway. So, some devices can continue to use their normal internet connection (split tunnel) while others use the gateway (full tunnel). You can even create multiple gateways for different devices! As always, Netmaker aims to provide you with complete control and flexibility over how you design your networks.

On the Netmaker SaaS, you get an extra super power. On sign up, you select a region to deploy a Managed Endpoint, which can be set as an Internet Gateway. This way, there’s no server for you to manage, and you can provide a full tunnel VPN for your users and devices immediately.

Get started with Netmaker on-prem or SaaS, and create the network you’re looking for, without all the hassle. Check out the docs to learn more.

More posts


A WireGuard® VPN that connects machines securely, wherever they are.
Star us on GitHub
By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.