Request: Netmaker Plugin

[DerekFroese]

Netmaker is a full-mesh wireguard overlay network that is an alternative to Zerotier or Tailscale. Netmaker uses kernel wireguard, so it is ~5x faster than either competitor. It is open-source without any node limits like zerotier has.

An author has posted in r/opnsensefirewall declaring compatibility with FreeBSD, so there might be interest in collaboration.

The plugin in OPNSense should be capable of operating as an:

• "Netmaker Server" so there is no dependency on a third-party (or subjection to future node-limits)
• "Ingress Gateway" allowing any generic wireguard client access to the overlay network,
• "Egress Gateway" allowing overlay network nodes access to other LANs

Posting rules:

• [✅ ] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
• [✅ ] I have searched the existing issues, open and closed, and I'm convinced that mine is new.
• [ N/A] When the request is meant for an existing plugin, I've added its name to the title.

[mimugmail]

I already invested couple of hours in it, but the full mesh was a bit clumsy in my testing. Die you test it by yourself on Linux or similar?

[afeiszli]

Hi, one of the authors of Netmaker here. Just wanted to +1 this. We maintain a FreeBSD client and would love to see an OPNSense plugin for it.

[projx]

+1 as well, I've been hoping for this for over a year

[kabaga]

Hi, one of the authors of Netmaker here. Just wanted to +1 this. We maintain a FreeBSD client and would love to see an OPNSense plugin for it.

Is there a guide on how to deploy this on OPNsense, especially for site-to-site WireGuard VPN?

[afeiszli]

We do not have a guide for deploying on OPNSense, just for freebsd in general: https://docs.netmaker.org/netclient.html#freebsd

[mimugmail]

But this is the client only, most of the users want to run the server on it

[DerekFroese]

But this is the client only, most of the users want to run the server on it

I would love to be able to run a netmaker server on Opnsense :)

[D3it7i]

+1 Definitely want to

[JPBeltman]

+1!

[martinkeat]

+1 million - Just discovered OPNSense and Netmaker (researching for special use case project), both blowing my mind and using one atop the other but not integrated. If I could configure netmaker (server and client) using OPNSense.......well let me put it this way, there would be a rubbish skip in the front of the office filled with equipment to go for recycling. So please for the love of god DOOOOOOOOOOO IT!

LOL

[mimugmail]

If anyone volunteers installing the netmaker Binary on it and starts testen I will build one

[schniggie]

any progress here? I have never done a plugin, however I would be in ;)

[Ponkhy]

I would love to see a client implementation as a plugin, especially the Egress Gateway function would be really helpful

[FreeMinded]

But this is the client only, most of the users want to run the server on it

I would be very happy with the client to start with.

[FreeMinded]

I'm trying to get Netmaker Client running on OPNsense. But the FreeBSD script fails. Tried to install manually but I fail (probably due to my lack of FreeBSD/OPNsense knowledge). Did anyone succeed to get the netmaker client running of OPNsense in any way? @afeiszli? I'm happy to invest some time in this if someone more knowledgeable can give me a hand.

[TheGrandWazoo]

As a big OPNsense user and having a need for the Netmaker server to run on the OPNsense platform, I am going to give it a shot. Reversing the Github build process it should be able to be done, but no guarantee because it is built on Linux. I created an SBC plugin for OPNsense using Asterisk so I should be able to build an OPNsense UI for it. Don't expect an overnight success with it. I'll take a look at the client too.

[schniggie]

As a big OPNsense user and having a need for the Netmaker server to run on the OPNsense platform, I am going to give it a shot. Reversing the Github build process it should be able to be done, but no guarantee because it is built on Linux. I created an SBC plugin for OPNsense using Asterisk so I should be able to build an OPNsense UI for it. Don't expect an overnight success with it. I'll take a look a the client too.

If you need some help ping me, as mentioned never done a plugin but some it skills.

[TheGrandWazoo]

Good day. Here is an initial FreeBSD package for Netmaker server that runs under FreeBSD and OPNsense. https://ksatechnologies.jfrog.io/artifactory/os-netmaker/ This is first attempt but it does install and run.

Everything is under /usr/local/[ etc/netmaker | sbin | var/log/netmaker | var/run/netmaker ]

rc.d script is also included so you can use service netmaker <cmd> This should get people started to manually configure it to run via the yaml file and a bit of "OPNsense" FW/NAT rules.

I will be added a os-netmaker repo to my GitHub with an initial netmaker skeleton plugin in the near future. Look for it on my GitHub repo https://github.com/TheGrandWazoo

Also, looks like people might need a 'client' version. Will work on a package for that.

[ic3cool]

Did you manage to get something running?

[TheGrandWazoo]

Yes, just yesterday. Not yet complete but installs in OPNsense and configures a config file and runs the service. Will be uploading the code to github and hopefully a OPNsense package to download and install. I might change the way it configures it because I was thinking a "Tenant" type scenario but trying to figure out how that works in Netmaker.

[ic3cool]

Yes, just yesterday. Not yet complete but installs in OPNsense and configures a config file and runs the service. Will be uploading the code to github and hopefully a OPNsense package to download and install. I might change the way it configures it because I was thinking a "Tenant" type scenario but trying to figure out how that works in Netmaker.

Cool! I'm about to test out netmaker next week or so. Will be able to help out with testing.

My idea is to get a "manager" on one network and then have this as an ingress node for clients and a site-to-site

[TheGrandWazoo]

Have not done any ingress or egress yet, but that is to come as I am reverse engineering the Netmaker and Netmaker UI for Database transactions to see what needs to be done from that aspect.

[JPBeltman]

@TheGrandWazoo I just found your personal (public) repo for the plugin, if you don't mind, I'd like to share the link here. Maybe it'll help others make progression, I'm going to try it myself today.

GrandWazoo OPN os-netmaker plugin repo.

Would you be able to share the steps you've taken (as comment of direct message)? Don't exactly know how to start building plugins yet (only did an ARM64 OPN build so far), but would like to make it easier for others (like me, we don't know what were doing but we like it).

edit: For anyone willing to help but who has no idea how the project structure fits together, OPN has a nice example to follow along OPN plugin guide

[TheGrandWazoo]

I am going to change from a top menu to a side menu so it is inline with the Netmaker product and other plugins. I have not done any ingress/egress yet. Please use the GitHub issues to create tickets for suggestions and ideas so I can get what the community is looking for.

[TheGrandWazoo]

Also going to get some Github Actions going so it will create a OPNsense package.

[OPNsense-bot]

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository, please read https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.

[DerekFroese]

@fichtner @AdSchellevis there's been movement on this initiative; can it remain open?

[OPNsense-bot]

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository, please read https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.

[fichtner]

Bot is angry, bad botty.

[Elf36]

I saw this - not sure I have time to work on it but I can test

[TheGrandWazoo]

I have a side menu working in the features/sidemenu branch Just trying to do a "connections" page like the netmaker-ui has. Once I have the basics then I will so some ingress and egress actions.

[TheGrandWazoo]

I possible, without revealing any sensitive information, can I have a few example configs that I can make sure the OPNsense UI and the backend templates work correctly? You can post them https://github.com/TheGrandWazoo/os-netmaker if you'd like.

[IgorKerstges]

FreeBSD 13.2-RELEASE Announcement Date: April 11, 2023

.... The kernel wg(4) WireGuard driver is now available. ....

https://www.freebsd.org/releases/13.2R/announce/

I'd LOVE to see this development continued!..

[IgorKerstges]

@TheGrandWazoo: I hope this work will still continue and -if confirmed- I'd be willing to prepare a test environment here that I can set up and tear down for repeated testing. Please let me know if you intend to continue work on this (it seems that last commits are some months old?)

I just discovered Netmaker and have now a cloud-init with some scripts to set it up easily on CentOS/RockyAlma 9. Would be great to get this plugin for OPNsense! I may need some support here-and-there as I'm really not a network expert! I'd define some regular use-cases that verify a good initial starting-point for anybody who wants to get going with this OPNsens <--> Netmaker setup

[FreeMinded]

Great to see progress on this topic @TheGrandWazoo! I'm in the urgent need to have netmaker netclient working with OPNsense. Has anyone here got that to work (in the CLI) or can hint me to some kind of documentation? I can connect OPNsense just fine as external client in Netmaker. Unfortunately it's not possible to route networks through external client.

[afeiszli]

Any update @TheGrandWazoo ?

[TheGrandWazoo]

Had to spin up a OPNsense instance a DO to do testing between myself and an external source. Still working on it but making some progress. I have NOT updated to the latest version so I am sure there will be some changes due to that.

At the moment I am working on a "Hosts" page for Status like on the Netmaker UI. Just figuring that portion out and then I'll release to people to try it out. Don't expect miracles at first but we will get through it.

[TheGrandWazoo]

Just uploaded the latest FreeBSD package for Netmaker 0.20.1 to https://ksatechnologies.jfrog.io/artifactory/os-netmaker/. Will be updating the OPNsense plugin to reflect the changes.

[iev4ry]

Just uploaded the latest FreeBSD package for Netmaker 0.20.1 to https://ksatechnologies.jfrog.io/artifactory/os-netmaker/. Will be updating the OPNsense plugin to reflect the changes.

Hi Grand, any update on this?

[OPNsense-bot]

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository, please read https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.

[DerekFroese]

@fichtner there's been movement on this initiative, can it remain open?

[TheGrandWazoo]

Still working on it...Slow but working on it. You can always use https://ksatechnologies.jfrog.io/artifactory/os-netmaker to submit bugs/requests or get status.

[TheGrandWazoo]

Also, I am not sure but Jfrog said they were terminating my account. I have not heard from them since I replied so not really sure what it happening. They want me to upgrade but I can't justify $150/mo for the small number of packages I distribute so if it does go away I will most likely have to do a custom repo somewhere.

[sunjam]

@TheGrandWazoo I recommend Disroot as they offer Gitea accounts, have been around for years and are funded by donations. Highly recommended, I'm sure they will be happy to assist you with repo hosting.

[issmirnov]

@TheGrandWazoo I'm happy to donate to fund the dsitribution page - I'm sure others would be on board as well.

Do you have a Kofi or Patreon?

[sunjam]

fyi, seems the current freebsd release is being deprecated as a part of the Netmaker project roadmap. Sharing here in case that is relevant. https://github.com/gravitl/netmaker/issues/2705

[abhishek9686]

For FreeBSD, you can still integrate it into the netmaker network as external clients, check out this doc on how to integrate OPNsense, pfSense into the netmaker network. https://docs.netmaker.io/integrating-non-native-devices.html