.svg){kind=icon}
Why You Might Not Want a Mesh VPN
Disclaimer: I’m a creator of Netmaker, a mesh VPN platform.
Mesh VPN’s are really cool. Think about a VPC in Amazon, a subnet in a data center, or your local LAN. These are groups of co-located devices that all talk to each other directly and securely.
Mesh VPN’s are a lot like the LAN or VPC, but the devices can live anywhere. Imagine creating a private network of computers, servers, phones, and IoT devices scattered across the globe.
That’s why a lot of people choose Netmaker as their virtual networking platform: it creates mesh virtual networks using WireGuard, which is blazing fast compared to older stuff like OpenVPN or ZeroTier.
We’ve been working on Netmaker for about a year now, and in recent months we’ve gotten some queries from users who wanted less connectivity.
These users were setting up stuff like internet gateways or remote access to servers. In such scenarios, they had a bunch of devices that needed access to an endpoint, but didn’t want them all to access each other.
Hmmmm, we thought…yeah maybe that makes sense…they don’t want a hundred other devices to know how to reach their laptop while accessing a remote server. That does make sense.
Luckily, WireGuard is very flexible, and we were able to add in a new feature called “Point to Site” networks with relative ease. So what’s the difference? Think of a star topology, minus the relaying:
Every node in the network gets a single peer, the “hub.” In a star topology, this hub typically acts as a relay, and forwards traffic around the network. We already have a feature for that in Netmaker (it’s called…a relay).
Instead, in the point-to-site network, that’s it. This becomes ideal for scenarios where you need to provide secure access to…
- a single machine from a bunch of other machines.
- a subnet in a remote location from a bunch of other machines.
- a bunch of devices from one “bastion” machine
- the internet from a bunch of devices
All of these can be achieved with a mesh network as well, and we’ve been performing these types of patterns for a while. The difference is, with the point-to-site network, you don’t get all those extra, unnecessary connections in the process.
This can also be combined with an egress gateway (another Netmaker original) to provide access to a full remote network. So if you’ve got a server in AWS, it can act as a gateway into your VPC for a bunch of remote machines.
So, in short, a mesh network is cool, really flexible, and gives you the access you need. However, you may get more access than you need with the mesh. In such cases, you might wanna go with something a little more…limited.
Enhancing Network Flexibility and Security with Netmaker
Netmaker provides a robust solution for managing virtual networks by leveraging the power and speed of WireGuard. One of its standout features is the ability to create both mesh and point-to-site networks, which is ideal for users who require varying levels of connectivity. For scenarios where devices need access to specific endpoints without broader network exposure, Netmaker's point-to-site capabilities allow for precise control, ensuring that your devices can connect securely to necessary resources without unnecessary peer connections. This flexibility addresses the need for secure, compartmentalized access, enhancing overall network security and efficiency.
Netmaker simplifies the deployment process by offering various installation options, including containerized setups using Docker or Kubernetes, ensuring compatibility with different system architectures. The platform is designed to be lightweight, requiring minimal resources while maintaining high performance, thanks to its use of WireGuard. With features like automated network monitoring and management through an intuitive UI, Netmaker empowers users to efficiently manage their networks from a central location. To start optimizing your network infrastructure with Netmaker, you can sign up at Netmaker Signup.
.svg)