# gravitl/netmaker **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/gravitl-netmaker).** 11,418 stars · 633 forks · Go · other ## Links - GitHub: https://github.com/gravitl/netmaker - Homepage: https://netmaker.io - awesome-repositories: https://awesome-repositories.com/repository/gravitl-netmaker.md ## Topics `cloud` `devsecops` `ipv6-support` `k8s` `kubernetes` `mesh` `mesh-network` `overlay-network` `secure-remote-access` `security` `self-hosted` `site-to-site` `virtual-networking` `vpn` `vpn-server` `wg-quick` `wireguard` `wireguard-ui` `wireguard-vpn` `zero-trust` ## Description Netmaker is a platform for automating and managing virtual mesh networks built on WireGuard. It functions as a centralized control plane that orchestrates encrypted, peer-to-peer tunnels across distributed infrastructure, including cloud environments, on-premise data centers, and containerized clusters. By automating the configuration of routing tables and access policies, the system enables secure, private connectivity between diverse devices and services without requiring manual network administration. The platform distinguishes itself through its focus on zero-trust network access and software-defined perimeters, which hide network resources from the public internet while enforcing granular, identity-based security policies. It supports complex network topologies by providing dynamic relay-based routing for firewall-traversal and gateway-based bridging for isolated subnets. These capabilities allow for the creation of scalable, high-performance overlays that maintain consistent connectivity even when direct peer-to-peer paths are unavailable. Beyond core connectivity, the project provides a comprehensive suite of management tools, including automated node provisioning, private service discovery via integrated DNS, and multi-tenant infrastructure support. It also offers robust observability features, such as administrative audit logging and network health monitoring, to ensure operational visibility. The entire networking stack can be self-hosted to maintain data sovereignty, and the platform integrates with external identity providers to streamline authentication and device onboarding. ## Tags ### Networking & Communication - [WireGuard Management](https://awesome-repositories.com/f/networking-communication/vpn-infrastructure/wireguard-management.md) — Provides a comprehensive platform for setting up and managing WireGuard-based peer-to-peer tunnels. - [Cloud Application Connectivity](https://awesome-repositories.com/f/networking-communication/cloud-application-connectivity.md) — Links disparate on-premise data centers and public cloud environments into a unified, seamless private network. - [DNS Resolution](https://awesome-repositories.com/f/networking-communication/dns-resolution.md) — Provides internal hostname resolution to simplify service discovery by mapping hostnames to private IP addresses. ([source](https://netmaker.io/case-studies)) - [Encrypted Relaying](https://awesome-repositories.com/f/networking-communication/network-infrastructure-routing/network-routing-traffic-management/network-traffic-management/encrypted-relaying.md) — Redirects traffic through intermediary nodes to maintain connectivity when direct peer-to-peer paths are blocked by firewalls. - [Management Dashboards](https://awesome-repositories.com/f/networking-communication/private-networks/peer-identity-managers/management-dashboards.md) — Provides a centralized interface for configuring, monitoring, and scaling secure tunnels and gateway connections. - [DNS-Based Discovery](https://awesome-repositories.com/f/networking-communication/distributed-systems-p2p/distributed-systems-coordination/cluster-discovery-mechanisms/dns-based-discovery.md) — Automates internal hostname resolution by mapping network addresses to human-readable names across distributed infrastructure. - [Gateway Configuration](https://awesome-repositories.com/f/networking-communication/gateway-configuration.md) — Configures network appliances and routers to act as entry points, bridging remote traffic into local infrastructure. ([source](https://netmaker.io/download)) - [High Availability Routing](https://awesome-repositories.com/f/networking-communication/high-availability-routing.md) — Detects node failures and dynamically reroutes traffic to maintain continuous connectivity. ([source](https://netmaker.io/features/mesh)) - [Multi-Cluster Service Connectivity](https://awesome-repositories.com/f/networking-communication/multi-cluster-service-connectivity.md) — Automates network configurations across distributed Kubernetes clusters to enable seamless cross-environment service communication. ([source](https://netmaker.io/resource-category/devops)) - [Service Discovery](https://awesome-repositories.com/f/networking-communication/service-discovery.md) — Automates internal hostname resolution and DNS management to simplify service discovery across distributed networks. - [Subnet Gateways](https://awesome-repositories.com/f/networking-communication/subnet-gateways.md) — Deploys specialized gateway nodes to bridge isolated private subnets and external resources into the virtual mesh. - [Static IP Enforcement](https://awesome-repositories.com/f/networking-communication/ip-address-management-systems/static-ip-enforcement.md) — Assigns persistent network identifiers to remote devices to ensure consistent access control and simplify resource whitelisting across the network. ([source](https://netmaker.io/resource-category/devops)) - [Address Conflict Resolution](https://awesome-repositories.com/f/networking-communication/network-addressing/address-conflict-resolution.md) — Maps virtual IP addresses to destination networks to allow communication between environments with overlapping address spaces. ([source](https://netmaker.io/features/egress)) - [Tunnel Agents](https://awesome-repositories.com/f/networking-communication/peer-to-peer-networking/tunnel-agents.md) — Deploys background agents to automate the creation and maintenance of secure peer-to-peer network tunnels. ([source](https://netmaker.io/download)) - [Service Exposure](https://awesome-repositories.com/f/networking-communication/service-exposure.md) — Enables secure access to internal cluster services via private IP or DNS addresses. ([source](https://netmaker.io/resources/enhancing-cluster-connectivity-with-the-netmaker-kubernetes-operator)) - [Relay Selection Optimization](https://awesome-repositories.com/f/networking-communication/remote-access-control/relay-server-management/relay-selection-optimization.md) — Monitors latency to dynamically assign the fastest available relay server for traffic. ([source](https://netmaker.io/features/failover)) ### Security & Cryptography - [Encrypted Tunneling Protocols](https://awesome-repositories.com/f/security-cryptography/encrypted-tunneling-protocols.md) — Uses high-performance kernel-level cryptographic primitives to establish secure, point-to-point encrypted tunnels. - [Software-Defined Perimeters](https://awesome-repositories.com/f/security-cryptography/software-defined-perimeters.md) — Hides network resources from the public internet to enforce a software-defined perimeter. - [Zero Trust Networking](https://awesome-repositories.com/f/security-cryptography/zero-trust-networking.md) — Enforces granular, identity-based security policies to restrict communication and ensure zero-trust access. - [Automated Node Provisioning](https://awesome-repositories.com/f/security-cryptography/automated-node-provisioning.md) — Simplifies large-scale infrastructure deployment by automatically registering new devices using pre-authentication keys. ([source](https://netmaker.io/solutions/device-as-a-service-providers)) - [Identity-Aware Infrastructure](https://awesome-repositories.com/f/security-cryptography/identity-aware-infrastructure.md) — Integrates external identity providers to enforce granular, role-based access policies across distributed device fleets. - [Network Access Control](https://awesome-repositories.com/f/security-cryptography/network-access-control.md) — Defines granular rules to control traffic flow and restrict communication between connected nodes. ([source](https://netmaker.io/resources/taming-openclaw-navigating-the-hazards-of-the-autonomous-ai-assistant)) - [Network Segmentation](https://awesome-repositories.com/f/security-cryptography/network-segmentation.md) — Creates isolated, encrypted network overlays to enforce security boundaries between departments, environments, or workloads without requiring separate physical infrastructure. ([source](https://netmaker.io/features)) - [Centralized Identity Management](https://awesome-repositories.com/f/security-cryptography/centralized-identity-management.md) — Provides a unified interface to oversee connectivity status, device configurations, and domain name assignments. ([source](https://netmaker.io/solutions/netmaker-embedded)) - [Identity Provider Integrations](https://awesome-repositories.com/f/security-cryptography/identity-provider-integrations.md) — Integrates with external identity providers to manage user logins, automate device registration, and enforce multi-factor authentication. ([source](https://netmaker.io/solutions/it-operations)) - [Just-in-Time Access](https://awesome-repositories.com/f/security-cryptography/just-in-time-access.md) — Provides temporary, time-bound network permissions to reduce the attack surface. ([source](https://netmaker.io/blog)) - [Device Identity Management](https://awesome-repositories.com/f/security-cryptography/device-identity-management.md) — Streamlines the registration of new devices using secure enrollment keys and supports token regeneration to maintain high security standards. ([source](https://netmaker.io/resources/announcing-netmaker-v1-6-0-wireguard-with-site-to-site-app-routing-and-siem-integration)) - [Access Policy Automation](https://awesome-repositories.com/f/security-cryptography/policy-based-access-control/access-policy-automation.md) — Manages network access rules programmatically to integrate security configurations into deployment workflows. ([source](https://netmaker.io/resources/netmaker-acls)) - [OAuth Authentication](https://awesome-repositories.com/f/security-cryptography/oauth-authentication.md) — Integrates external identity providers to manage user logins and enforce multi-factor authentication for network access. ([source](https://netmaker.io/pricing)) - [Embedded Secure Connectivity](https://awesome-repositories.com/f/security-cryptography/secure-network-connectivity-modules/embedded-secure-connectivity.md) — Integrates networking libraries directly into software to establish zero-trust communication channels. ([source](https://netmaker.io/solutions/netmaker-embedded)) ### System Administration & Monitoring - [Mesh Overlays](https://awesome-repositories.com/f/system-administration-monitoring/administrative-operations/linux-system-administration/networking/peer-to-peer/mesh-overlays.md) — Maintains a dynamic, decentralized mesh topology where nodes establish direct connections to minimize latency. - [VPN Clients](https://awesome-repositories.com/f/system-administration-monitoring/client-management/vpn-clients.md) — Provides a client interface for users to authenticate, manage their connection status, and tunnel internet traffic through secure network infrastructure. ([source](https://netmaker.io/resources/set-up-a-static-ip-user-vpn-for-whitelisting-with-wireguard-and-netmaker)) - [Administrative Change Auditing](https://awesome-repositories.com/f/system-administration-monitoring/audit-logging/administrative-change-auditing.md) — Maintains a verifiable history of all administrative configuration updates and management actions. ([source](https://netmaker.io/features/metrics)) - [Network Monitoring Systems](https://awesome-repositories.com/f/system-administration-monitoring/network-monitoring-systems.md) — Tracks performance metrics and connectivity status across the network to ensure reliable operation. ([source](https://netmaker.io/self-hosted-updates)) - [Audit Log Exports](https://awesome-repositories.com/f/system-administration-monitoring/audit-log-exports.md) — Forwards platform events and administrative actions to external security systems for centralized monitoring. ([source](https://netmaker.io/resources/announcing-netmaker-v1-6-0-wireguard-with-site-to-site-app-routing-and-siem-integration)) - [Network Access](https://awesome-repositories.com/f/system-administration-monitoring/session-tracking/network-access.md) — Logs individual user sessions and accessed resources to ensure visibility into internal network activity. ([source](https://netmaker.io/features/metrics)) ### DevOps & Infrastructure - [Networking and Connectivity](https://awesome-repositories.com/f/devops-infrastructure/cloud-infrastructure/networking-connectivity.md) — Automates secure device connectivity across complex network environments without requiring manual port forwarding. ([source](https://netmaker.io/solutions/netmaker-embedded)) - [Mesh Networking](https://awesome-repositories.com/f/devops-infrastructure/mesh-networking.md) — Connects distributed devices directly using encrypted tunnels to create high-performance virtual private networks. ([source](https://netmaker.io/features)) - [Self-Hosted Infrastructure](https://awesome-repositories.com/f/devops-infrastructure/self-hosted-infrastructure.md) — Allows running the entire networking stack within private environments to maintain full data sovereignty. ([source](https://netmaker.io/solutions/netmaker-embedded)) - [Container Networking Tools](https://awesome-repositories.com/f/devops-infrastructure/container-networking-tools.md) — Extends secure virtual networking directly into containerized clusters to enable private service access. - [Multi-Tenancy](https://awesome-repositories.com/f/devops-infrastructure/multi-tenancy.md) — Provisions and maintains isolated network environments for multiple customers through a centralized interface. ([source](https://netmaker.io/netmaker-partner-program)) - [Endpoint Integrations](https://awesome-repositories.com/f/devops-infrastructure/cloud-infrastructure/networking-connectivity/endpoint-integrations.md) — Connects diverse client types and legacy devices to ensure consistent communication across network infrastructure. ([source](https://netmaker.io/solutions/it-operations)) ### Software Engineering & Architecture - [Control Planes](https://awesome-repositories.com/f/software-engineering-architecture/control-planes.md) — Coordinates distributed network state and configuration across edge nodes from a centralized management server. - [Tag-Based Policies](https://awesome-repositories.com/f/software-engineering-architecture/access-rule-management/access-policy-managers/tag-based-policies.md) — Groups network nodes using metadata labels to apply consistent access policies across dynamic infrastructure without manual configuration. ([source](https://netmaker.io/resources/netmaker-acls))