Netmaker 1.5: Just in Time Access, Support for Overlapping Networks

Netmaker 1.5 introduces a new key feature to our enterprise version: Just in Time Access, which gives administrators a workflow to temporarily approve access to users for a limited time.

Additionally, Netmaker 1.5 introduces support for traffic forwarding into multiple remote networks that use the same or overlapping local IP ranges via virtual NAT'ing.

Netmaker 1.5 adds a several other improvements and fixes, including automated failover for Desktop and Mobile users. See the full list below. 

🔓 Just-In-Time Access (Enterprise)

Suppose you have contractors who need temporary access to your network. Sure, you could manually track these users, add them, and then delete them when they should no longer have access. However, this is not implicitly secure.

JIT access is a new Enterprise Edition feature that gives administrators a workflow to receive and manage access requests from users, and set a defined duration for authorization. This inherently secure workflow functions as follows:

1. User clicks “request access” from their local Netmaker app.
2. User can provide notes to send along with their request.
3. Administrators receive notification of the request.
4. Admin reviews the request and notes.
5. Admin approves or denies the request, and sets a grant duration.
6. The user is granted immediate access to the network.
7. The user’s access is automatically revoked at the end of the grant duration, after which they may submit another access request.

🔁 Overlapping Egress Ranges (Business, Enterprise)

Imagine you are setting up remote access to multiple sites, or doing site-to-site between networks. Often, you may encounter local sites that use the same addressing (e.x. 192.168.1.0/24). This makes setting up remote access either difficult or impossible.

Netmaker’s new Virtual NAT mode removes this headache by providing a virtual address range for these networks, which maps to the local site, enabling administrators to deploy access to multiple sites that use the same address ranges. Here's how it works:

1. Deploy the Netclient at sites with overlapping local address ranges (e.x. Two offices with a local network of 192.168.1.0/24).
2. Go to the Egress page and create Egress routes for each site.
   
   1. While creating Egress, choose Virtual NAT.
   2. Enter the remote destination's IP range (e.g. 192.168.1.0/24.
3. After creating Egress for each site, you will see two new virtual IP ranges (e.x. 10.10.10.0/24 and 10.10.11.0/24), which been generated for each site from an available address pool.
4. These new VIPs can be used by users to access each site, and can be additionally integrated into Netmaker's DNS system for simplified access.

Other Updates

• Gateway Monitoring: Desktop App connections automatically fail over to healthy gateway hubs when the primary becomes unavailable.‍
• DNS: Use Global Nameservers only if no match-all nameservers are configured, added fallback nameserver configuration.‍
• GeoLocation: Consolidated IP location API usage with fallbacks.

Ready to upgrade? 

Be sure to read the full release notes here. Our SaaS will be rolling out the new version over the next two weeks. To upgrade your on-prem server, update your docker image tag to v1.5.

‍