Set up a Static IP User VPN for Whitelisting, with WireGuard and Netmaker

This guide is intended for IT administrators, who are looking to route user traffic through a static IP address, for whitelisting purposes.

Why might you need this? Consider these two common scenarios:

1. Your company provides support to business customers, and you need access to services running on-site. These companies have a firewall that blocks inbound traffic. Rather than setting up VPN access on-prem, you can instead give them a single IP to whitelist on their firewall, from which support staff traffic will come.

2. Conversely, consider that their firewall blocks outbound internet traffic. By installing the VPN client locally, you can give them a single outbound, whitelisted IP to reach.

Netmaker allows you to deploy an endpoint, and use that endpoint to route all internet-bound traffic, which can then be whitelisted on firewalls, in order to allow either inbound or outbound traffic via a particular IP. Let’s walk through the steps.

1. Log into your Netmaker dashboard

In your Netmaker dashboard, both on-prem and via our cloud version, you will see a Node already deployed. In our cloud version, you select a region for your endpoint. On-prem, the server acts as an endpoint.

You can use this endpoint to route the traffic, but if you already have a specific IP you would like to use, you can also deploy your own.

2. (optional) Deploy an endpoint

If you want to use a pre-existing IP, you can deploy the netclient on a device with that IP (note: must run Linux).

To do this, simply click the “+Add device” button, and follow the steps

3. Set as Gateway to Internet

Once the node is visible in your dashboard, you can set it as a Gateway, which will allow it to route traffic from other devices in your VPN to the internet.

To do this, navigate to the “Gateways” screen. Click “+ Create Gateway” and select the node.

Make sure to enable "Set as Internet Gateway" and set a "Default client DNS" resolver (if you don't know what to use, we recommend Google DNS 8.8.8.8).

4. Invite Users

The last step as an administrator is to invite users to use the VPN. Add their email addresses (or create usernames manually). Additionally, grant them access to the platform. Note: if using our Pro version, you can enabled IDP sync, so that your workspace will be able to join automatically.

When inviting users, select “Service Users”, which will only grant them access to use the VPN client.

Next, add them to the group which has access to the network, which will be “[network name] User Group”

Then, Click “Create User Invites”

5. User Access

Users will then need to download the VPN client, for which they can go to netmaker.io/download.

After installing the client, they will use their credentials (either username/password or oauth) to log in.

They will see the network, and simply click the toggle to connect and disconnect.

‍

While connected, all of this user's internet traffic will flow through the endpoint you have deployed.

7. That's It!

Use this endpoint’s public IP when whitelisting traffic, and your users will have access!

Got questions? Email help@netmaker.io to learn more.