# Netmaker — Self-Hosted WireGuard Mesh VPN with Web Management > Netmaker automates the creation and management of WireGuard mesh networks with a web UI for connecting servers, containers, and IoT devices across any infrastructure. ## Install Save in your project root: # Netmaker — Self-Hosted WireGuard Mesh VPN with Web Management ## Quick Use ```bash curl -sfL https://raw.githubusercontent.com/gravitl/netmaker/master/scripts/nm-quick.sh | bash ``` ## Introduction Netmaker simplifies building WireGuard mesh networks by automating peer configuration, key exchange, and network topology management. It provides a web dashboard and API so you can manage your private network without editing WireGuard config files by hand. ## What Netmaker Does - Creates full-mesh or hub-and-spoke WireGuard networks across any infrastructure - Manages peer configuration, key rotation, and endpoint discovery automatically - Provides a web dashboard for visualizing network topology and managing nodes - Supports access control lists to restrict which nodes can communicate - Handles NAT traversal so nodes behind firewalls can still connect ## Architecture Overview Netmaker consists of a server component and lightweight client agents (netclient) installed on each node. The server stores network state in a database and publishes configuration updates via an MQTT broker. Clients receive updates, apply WireGuard configurations, and report status back to the server. ## Self-Hosting & Configuration - Install with the quick-start script or deploy via Docker Compose - Configure the server domain, ports, and MQTT broker in the environment file - Install the netclient agent on each machine you want to join the network - Set up DNS entries for the server dashboard and API endpoints - Define network address ranges and access control rules through the web UI ## Key Features - Automated WireGuard peer management with zero manual config editing - Web dashboard with real-time network topology visualization - Egress and ingress gateway support for routing external traffic - DNS management for resolving node names within the mesh network - Multi-network support for segmenting different environments ## Comparison with Similar Tools - **Tailscale** — managed service using WireGuard; Netmaker is fully self-hosted with no vendor dependency - **Headscale** — self-hosted Tailscale control server; Netmaker has its own architecture and web UI - **WireGuard (raw)** — requires manual config management; Netmaker automates everything - **ZeroTier** — peer-to-peer VPN with a hosted controller; Netmaker gives you full control of the control plane - **Nebula (Slack)** — overlay network with a certificate model; Netmaker uses WireGuard for transport ## FAQ **Q: Does Netmaker replace WireGuard?** A: No, Netmaker uses WireGuard as its transport layer. It automates the configuration and management that WireGuard leaves to the user. **Q: Can I connect nodes behind NAT?** A: Yes, Netmaker handles NAT traversal and supports relay nodes for situations where direct connections are not possible. **Q: What operating systems does the client support?** A: The netclient agent runs on Linux, macOS, Windows, and FreeBSD. **Q: Is there a limit on the number of nodes?** A: The community edition has no hard limit. Performance depends on your server resources and network size. ## Sources - https://github.com/gravitl/netmaker - https://netmaker.io --- Source: https://tokrepo.com/en/workflows/2c7518b5-3c2e-11f1-9bc6-00163e2b0d79 Author: AI Open Source