Merge pull request #164 from gravitl/feature_v0.5_integration

Feature v0.5 integration

README.md

@@ -24,7 +24,7 @@ Netmaker is a platform for creating and managing networks that are:
 - Zero-Trust
 - WireGuard-based
 
-Netmaker manages networks between computers that span data centers, clouds, and edge devices. Networking between environments can be a challenge, so Netmaker is designed to allow developers, DevOps engineers, SRE's, and more to manage virtual networks with as little pain as possible. You create a network with a few clicks, and add machines to that network with a single command.
+Netmaker manages networks between computers that span data centers, clouds, and edge devices. Networking between environments can be a challenge, so Netmaker is designed to allow developers, DevOps engineers, SRE's, and others to manage virtual networks with as little pain as possible. You create a network with a few clicks, and add machines to that network with a single command.
 
 ## Why Netmaker?
  1. Create a flat, secure network between multiple/hybrid cloud environments

config/environments/dev.yaml

@@ -16,3 +16,13 @@ mongoconn:
   host: "" # defaults to 127.0.0.1 or MONGO_HOST (if set)
   port: "" # defaults to 27017 or MONGO_PORT (if set)
   opts: '' # defaults to '/?authSource=admin' or MONGO_OPTS (if set)
+wg:
+  keyrequired: "" # defaults to "". If set to "yes", a key is required for signing up for the comms network 
+  grpcwg: "" # defaults to "on" or SERVER_GRPC_WIREGUARD if set
+  grpciface: "" # defaults to nm-grpc-wg or SERVER_GRPC_WG_INTERFACE if set
+  grpcaddr: "" # defaults to 10.101.0.1 or SERVER_GRPC_WG_ADDRESS if set
+  grpcaddrrange: "" # defaults to 10.101.0.0/16 or SERVER_GRPC_WG_ADDRESS_RANGE if set
+  grpcendpoint: "" # defaults to SERVER_HOST if unset
+  grpcport: "" # defaults to 50555 or SERVER_GRPC_WG_PORT if set
+  pubkey: "" # defaults to generated value or SERVER_GRPC_WG_PUBKEY if set
+  privkey: "" # defaults to generated value or SERVER_GRPC_WG_PRIVKEY if set

controllers/intClientHttpController.go

@@ -142,8 +142,9 @@ func RegisterIntClient(client models.IntClient) (models.IntClient, error) {
 	if err != nil {
 		return client, err
 	}
-	client.ServerEndpoint = server.ServerEndpoint
-	client.ServerAPIEndpoint = servercfg.GetAPIHost() + ":" + servercfg.GetAPIPort()
+  gcfg := servercfg.GetConfig()
+  client.ServerWGEndpoint = server.ServerWGEndpoint
+  client.ServerAPIEndpoint = gcfg.APIHost + ":" + gcfg.APIPort
 	client.ServerAddress = server.ServerAddress
 	client.ServerPort = server.ServerPort
 	client.ServerKey = server.ServerKey

controllers/nodeGrpcController.go

@@ -87,7 +87,7 @@ func (s *NodeServiceServer) GetConn(ctx context.Context, data *nodepb.Client) (*
                 PrivateKey:           data.GetPrivatekey(),
                 ServerPort:          data.GetServerport(),
                 ServerKey:          data.GetServerkey(),
-                ServerEndpoint:          data.GetServerendpoint(),
+                ServerWGEndpoint:          data.GetServerwgendpoint(),
         }
 
         //Check to see if key is valid
@@ -117,7 +117,7 @@ func (s *NodeServiceServer) GetConn(ctx context.Context, data *nodepb.Client) (*
                         Accesskey:         client.AccessKey,
                         Address:      client.Address,
                         Address6:     client.Address6,
-                        Serverendpoint:     client.ServerEndpoint,
+                        Serverwgendpoint:     client.ServerWGEndpoint,
                         Serverport:     client.ServerPort,
                         Serverkey:    client.ServerKey,
         }

controllers/serverHttpController.go

@@ -28,28 +28,29 @@ func securityCheckServer(next http.Handler) http.HandlerFunc {
 
 		bearerToken := r.Header.Get("Authorization")
 
-		var hasBearer = true
 		var tokenSplit = strings.Split(bearerToken, " ")
 		var  authToken = ""
-
 		if len(tokenSplit) < 2 {
-			hasBearer = false
-		} else {
+                      errorResponse = models.ErrorResponse{
+                                Code: http.StatusUnauthorized, Message: "W1R3: You are unauthorized to access this endpoint.",
+                      }
+                      returnErrorResponse(w, r, errorResponse)
+			return 
+	        } else {
 			authToken = tokenSplit[1]
 		}
 		//all endpoints here require master so not as complicated
 		//still might not be a good  way of doing this
-                _, isadmin, err := functions.VerifyUserToken(authToken)
-                if err != nil || !isadmin {
-			if (!hasBearer || !authenticateMasterServer(authToken)) && !isadmin {
+                _, isadmin, _ := functions.VerifyUserToken(authToken)
+
+		if !isadmin && !authenticateMasterServer(authToken) {
 				errorResponse = models.ErrorResponse{
 					Code: http.StatusUnauthorized, Message: "W1R3: You are unauthorized to access this endpoint.",
 				}
 				returnErrorResponse(w, r, errorResponse)
-			} else {
-				next.ServeHTTP(w, r)
-			}
+				return
 		}
+		next.ServeHTTP(w, r)
 	}
 }
 //Consider a more secure way of setting master key
@@ -78,13 +79,12 @@ func removeNetwork(w http.ResponseWriter, r *http.Request) {
 }
 
 func getConfig(w http.ResponseWriter, r *http.Request) {
-        // Set header
+	// Set header
         w.Header().Set("Content-Type", "application/json")
 
         // get params
 
         scfg := servercfg.GetConfig()
-
         w.WriteHeader(http.StatusOK)
         json.NewEncoder(w).Encode(scfg)
 }

docs/_build/html/.buildinfo

@@ -1,4 +1,4 @@
 # Sphinx build info version 1
 # This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done.
-config: 38df69f28cc0347431e93f7d2904bfd3
+config: ef1c483d6ecb673b2f9ea9eedb1cedaa
 tags: 645f666f9bcd5a90fca523b33c5a78b7

docs/_build/html/_sources/architecture.rst.txt

@@ -2,7 +2,7 @@
 Architecture
 ===============
 
-.. image:: images/nm-diagram.jpg
+.. image:: images/nm-diagram-2.jpg
    :width: 45%
    :alt: Netmaker Architecture Diagram
    :align: center
@@ -38,7 +38,7 @@ A full `mesh network <https://www.bbc.co.uk/bitesize/guides/zr3yb82/revision/2>`
 
 This is in contrast to a hub-and-spoke network, where each machine must first pass its traffic through a relay server before it can reach other machines.
 
-In certain situations you may either want or need a *partial mesh* network, where only some devices can reach each other directly, and other devices must route their traffic through a relay/gateway. Netmaker can use this model in some use cases where it makes sense.
+In certain situations you may either want or need a *partial mesh* network, where only some devices can reach each other directly, and other devices must route their traffic through a relay/gateway. Netmaker can use this model in some use cases where it makes sense. In the diagram at the top of this page, the setup is a partial mesh, because the servers (nodes A-D) are meshed, but then external clients come in via a gateway, and are not meshed.
 
 Mesh networks are generally faster than other topologies, but are also more complicated to set up. WireGuard on its own gives you the means to create encrypted tunnels between devices, but it does not provide a method for setting up a full network. This is where Netmaker comes in.
 

docs/_build/html/_sources/quick-start.rst.txt

@@ -7,7 +7,7 @@ Introduction
 
 This is a guide to getting up and running with Netmaker as quickly as possible. 
 
-By default, Netmaker ships with DNS Mode and Client Mode enabled. However, these features require special permissions and are not necessary for a simple setup, so we are going to deploy without them. To learn more about enabling these features, check out the :doc:`installation docs <./server-installation>`.
+By default, Netmaker ships with DNS Mode, Client Mode, and Secure GRPC enabled. However, these features require special permissions and are not necessary for a simple setup, so we are going to deploy without them. To learn more about enabling these features, check out the :doc:`installation docs <./server-installation>`.
 
 Prerequisites
 ==================
@@ -77,7 +77,7 @@ Deploy Nodes
   * ``which wg`` (should show wg binary present)
   * ``pidof systemd && echo "systemd found" || echo "systemd not found"``
 
-4. Run the install command, Ex: ``curl -sfL https://raw.githubusercontent.com/gravitl/netmaker/v0.3/scripts/netclient-install.sh | KEY=vm3ow4thatogiwnsla3thsl3894ths sh -``
+4. Run the install command, Ex: ``curl -sfL https://raw.githubusercontent.com/gravitl/netmaker/v0.5/scripts/netclient-install.sh | KEY=vm3ow4thatogiwnsla3thsl3894ths sh -``
 
 You should get output similar to the below. The netclient retrieves local settings, submits them to the server for processing, and retrieves updated settings. Then it sets the local network configuration. For more information about this process, see the :doc:`client installation <./client-installation>` documentation. If this process failed and you do not see your node in the console (see below), then reference the :doc:`troubleshooting <./troubleshoot>` documentation.
 
@@ -127,7 +127,7 @@ Nodes can be added/removed/modified on the network at any time. Nodes can also b
 Uninstalling the netclient
 =============================
 
-1. To remove your nodes from the default network, run the following on each node: ``sudo netclient -c remove -n default``
+1. To remove your nodes from the default network, run the following on each node: ``sudo netclient leave -n default``
 2. To remove the netclient entirely from each node, run ``sudo rm -rf /etc/netclient`` (after running the first step)
 
 Uninstralling Netmaker

docs/_build/html/_sources/server-installation.rst.txt

@@ -15,6 +15,10 @@ Client Mode requires many additional privileges on the host machine, since Netma
 
 **DNS Mode:** DNS Mode enables Netmaker to write configuration files for CoreDNS, which can be set as a DNS Server for nodes. DNS Mode, paired with a CoreDNS deployment, requires use of port 53. On many linux systems (such as Ubuntu), port 53 is already in use to support local DNS, via systemd-resolved. Running in DNS Mode may require making modifications on the host machine.
 
+**Secure GRPC**: Secure GRPC ensures all communications between nodes and the server are encrypted. Netmaker sets up a default "comms" network that exists only for nodes to connect to the server. It acts as a hub-and-spoke WireGuard network. In the below installation instructions, when port 50555 needs to be open, this is referring to the WireGuard port for Netmaker's GRPC comms. When it is port 50051, secure comms is not enabled. 
+
+When Secure GRPC is enabled, before any nodes can join a Netmaker network, they request to join the comms network, and are given the appropriate WireGuard configs to connect to the server. Then they are able to make requests against the private netmaker endpoint specified for the comms network (10.101.0.1 by default). If switched off, communications are not secure between the hub and nodes over GRPC (it is like http vs https), and likewise, certificates must be added to gain secure communications.
+
 **Agent Backend:** The Agent Backend is the GRPC server (by default running on port 50051). This port is not needed for the admin server. If your use case requires special access configuration, you can run two Netmaker instances, one for the admin server, and one for node access.
 
 **REST Backend:** Similar to the above, the REST backend runs by default on port 8081, and is used for admin API and UI access. By enabling the REST backend while disabling the Agent backend, you can separate the two functions for more restricted environments.
@@ -23,20 +27,22 @@ Client Mode requires many additional privileges on the host machine, since Netma
 System Compatibility
 ====================
 
-Whether or not you run Netmaker in **Client Mode** is the main determination of system compatibility.
+Both **Client Mode** and **Secure GRPC** require WireGuard to be installed on the host system, and will require elevated privileges to perform network operations..
 
-With Client Mode **disabled**, Netmaker can be run on any system that supports Docker. This includes Windows, Mac, Linux, mainframes, and most Unix-based systems. It also requires no special privileges. Netmaker will only need ports for GRPC (50051 by default), the API (8081 by default), and CoreDNS (53, if enabled).
+When both of these features are **disabled**, Netmaker can be run on any system that supports Docker, including Windows, Mac, and Linux, and other systems. With these features disabled, no special privileges are required. Netmaker will only need ports for GRPC (50051 by default), the API (8081 by default), and CoreDNS (53, if enabled).
 
-With Client Mode **enabled** (the default), Netmaker has the same limitations as the :doc:`netclient <./client-installation>` (client networking agent), because client mode just means that the Netmaker server is also running a netclient. 
+With Client Mode and/or Secure GRPC **enabled** (the default), Netmaker has the same limitations as the :doc:`netclient <./client-installation>` (client networking agent), because client mode just means that the Netmaker server is also running a netclient. 
 
-This requires privileged (root) access to the host machine and multiple host directory mounts. It also requires WireGuard to be installed, and Linux with systemd installed (see :doc:`compatible systems <./architecture>` for more details).
+These modes require privileged (root) access to the host machine. In addition, Client Mode requires multiple host directory mounts. WireGuard must be installed, the system must be systemd Linux (see :doc:`compatible systems <./architecture>` for more details).
 
-To run a non-docker installation, you are running the Netmaker binary, CoreDNS binary, MongoDB, and a web server directly on your host. This requires all the requirements for those individual components. Our guided install assumes systemd-based linux, but there are many other ways to install Netmaker's individual components onto machines that do not support Docker. 
+To run a non-docker installation, you must run the Netmaker binary, CoreDNS binary, MongoDB, and a web server directly on the host. This requires all the requirements for those individual components. Our guided install assumes systemd-based linux, but there are many other ways to install Netmaker's individual components onto machines that do not support Docker. 
 
 DNS Mode Prereqisite Setup
 ====================================
 
-If you plan on running the server in DNS Mode, you will be deploying a CoreDNS server. We recommend binding CoreDNS to port 53 of the host system (which it will do by default). On some systems, this will conflift with existing processes. Specifically on linux systems running systemd-resolved, there may be a service consuming port 53. The below steps will disable systemd-resolved, and replace it with a generic (e.g. Google) nameserver. The following was tested on Ubuntu 20.04. This may have consequences for existing private DNS so proceed with caution:
+If you plan on running the server in DNS Mode, know that a `CoreDNS Server <https://coredns.io/manual/toc/>`_ will be installed. CoreDNS is a light-weight, fast, and easy-to-configure DNS server. It is recommended to bind CoreDNS to port 53 of the host system, and it will do so by default. The clients will expect the nameserver to be on port 53, and many systems have issues resolving a different port.
+
+However, on your host system (for Netmaker), this may conflict with an existing process. On linux systems running systemd-resolved, there is likely a service consuming port 53. The below steps will disable systemd-resolved, and replace it with a generic (e.g. Google) nameserver. Be warned that this may have consequences for any existing private DNS configuration. The following was tested on Ubuntu 20.04 and should be run prior to deploying the docker containers.
 
 1. ``systemctl stop systemd-resolved`` 
 2. ``systemctl disable systemd-resolved`` 
@@ -52,8 +58,8 @@ Docker Compose Install
 
 The most simple (and recommended) way of installing Netmaker is to use one of the provided `Docker Compose files <https://github.com/gravitl/netmaker/tree/feature_v0.3.5_docs/compose>`_. Below are instructions for several different options to install Netmaker via Docker Compose, followed by an annotated reference Docker Compose in case your use case requires additional customization.
 
-Slim Install - No DNS and No Client Mode
---------------------------------------------
+Slim Install - No DNS, No Client Mode, No Secure GRPC
+--------------------------------------------------------
 
 This is the same docker compose covered in the :doc:`quick start <./quick-start>`. It requires no special privileges and can run on any system with Docker and Docker Compose. However, it also does not have the full feature set, and lacks Client Mode and DNS Mode.
 
@@ -71,8 +77,8 @@ Assuming you have Docker and Docker Compose installed, you can just run the foll
 #. ``sed -i ‘s/HOST_IP/< Insert your-host IP Address Here >/g’ docker-compose.yml``
 #. ``docker-compose up -d``
 
-Full Install - DNS and Client Mode Enabled
---------------------------------------------
+Full Install - DNS, Client Mode, and Secure GRPC Enabled
+----------------------------------------------------------
 
 This installation gives you the fully-featured product with Client Mode and DNS Mode. 
 
@@ -81,8 +87,8 @@ This installation gives you the fully-featured product with Client Mode and DNS
   * sudo privileges
   * DNS Mode Prerequisite Setup (see above)
   * WireGuard installed
-  * ports 80, 8081, 53, and 50051 are not blocked by firewall
-  * ports 80, 8081, 53, 50051, and 27017 are not in use
+  * ports 80, 8081, 53, and 50555 are not blocked by firewall
+  * ports 80, 8081, 53, 50555, and 27017 are not in use
 
 **Notes:** 
   * You can change the port mappings in the Docker Compose if the listed ports are already in use.
@@ -123,8 +129,8 @@ DNS Mode is currently limited to clients that can run resolvectl (systemd-resolv
   * systemd linux (Debian or Ubuntu reccommended)
   * sudo privileges
   * WireGuard installed
-  * ports 80, 8081, and 50051 are not blocked by firewall
-  * ports 80, 8081, 50051, and 27017 are not in use
+  * ports 80, 8081, and 50555 are not blocked by firewall
+  * ports 80, 8081, 50555, and 27017 are not in use
 
 **Notes:** 
   * You can change the port mappings in the Docker Compose if the listed ports are already in use.
@@ -307,6 +313,47 @@ MONGO_OPTS:
 
     **Description:** Opts to enable admin login for Mongo.
 
+SERVER_GRPC_WIREGUARD: 
+    **Default:** "on"
+
+    **Description:** Whether to run GRPC over a WireGuard network. On by default. Secures the server comms. Switch to "off" to turn off. If off and running in production, make sure to have certificates installed to secure GRPC communications. 
+
+SERVER_GRPC_WG_INTERFACE: 
+    **Default:** "nm-grpc-wg"
+
+    **Description:** Interface to use for GRPC WireGuard network if enabled
+
+SERVER_GRPC_WG_ADDRESS:
+    **Default:** "10.101.0.1"
+
+    **Description:** Private Address to use for GRPC WireGuard network if enabled
+
+SERVER_GRPC_WG_ADDRESS_RANGE:
+    **Default:** "10.101.0.0/16"
+
+    **Description:** Private Address range to use for GRPC WireGard clients if enabled. Gives 65,534 total addresses for all of netmaker. If running a larger network, will need to configure addresses differently, for instance using ipv6, or use certificates instead.
+
+SERVER_GRPC_WG_PORT:
+    **Default:** 50555
+
+    **Description:** Port to use for GRPC WireGuard if enabled
+
+SERVER_GRPC_WG_PUBKEY:
+    **Default:** < generated at startup >
+
+    **Description:** PublicKey for GRPC WireGuard interface. Generated if left blank.
+
+SERVER_GRPC_WG_PRIVKEY:
+    **Default:** < generated at startup >
+
+    **Description:** PrivateKey for GRPC WireGuard interface. Generated if left blank.
+
+SERVER_GRPC_WG_KEYREQUIRED
+    **Default:** ""
+
+    **Description:** Determines if an Access Key is required to join the Comms network. Blank (meaning 'no') by default. Set to "yes" to turn on.
+
+
 Config File Reference
 ----------------------
 A config file may be placed under config/environments/<env-name>.yml. To read this file at runtime, provide the environment variable ENV at runtime. For instance, dev.yml paired with ENV=dev. Netmaker will load the specified Config file. This allows you to store and manage configurations for different environments. Below is a reference Config File you may use.

docs/_build/html/_static/basic.css

@@ -130,7 +130,7 @@ ul.search li a {
     font-weight: bold;
 }
 
-ul.search li p.context {
+ul.search li div.context {
     color: #888;
     margin: 2px 0 0 30px;
     text-align: left;
@@ -508,63 +508,6 @@ table.hlist td {
     vertical-align: top;
 }
 
-/* -- object description styles --------------------------------------------- */
-
-.sig {
-	font-family: 'Consolas', 'Menlo', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', monospace;
-}
-
-.sig-name, code.descname {
-    background-color: transparent;
-    font-weight: bold;
-}
-
-.sig-name {
-	font-size: 1.1em;
-}
-
-code.descname {
-    font-size: 1.2em;
-}
-
-.sig-prename, code.descclassname {
-    background-color: transparent;
-}
-
-.optional {
-    font-size: 1.3em;
-}
-
-.sig-paren {
-    font-size: larger;
-}
-
-.sig-param.n {
-	font-style: italic;
-}
-
-/* C++ specific styling */
-
-.sig-inline.c-texpr,
-.sig-inline.cpp-texpr {
-	font-family: unset;
-}
-
-.sig.c   .k, .sig.c   .kt,
-.sig.cpp .k, .sig.cpp .kt {
-	color: #0033B3;
-}
-
-.sig.c   .m,
-.sig.cpp .m {
-	color: #1750EB;
-}
-
-.sig.c   .s, .sig.c   .sc,
-.sig.cpp .s, .sig.cpp .sc {
-	color: #067D17;
-}
-
 
 /* -- other body styles ----------------------------------------------------- */
 
@@ -691,6 +634,14 @@ dl.glossary dt {
     font-size: 1.1em;
 }
 
+.optional {
+    font-size: 1.3em;
+}
+
+.sig-paren {
+    font-size: larger;
+}
+
 .versionmodified {
     font-style: italic;
 }
@@ -820,11 +771,7 @@ div.code-block-caption code {
 table.highlighttable td.linenos,
 span.linenos,
 div.doctest > div.highlight span.gp {  /* gp: Generic.Prompt */
-  user-select: none;
-  -webkit-user-select: text; /* Safari fallback only */
-  -webkit-user-select: none; /* Chrome/Safari */
-  -moz-user-select: none; /* Firefox */
-  -ms-user-select: none; /* IE10+ */
+    user-select: none;
 }
 
 div.code-block-caption span.caption-number {
@@ -839,6 +786,16 @@ div.literal-block-wrapper {
     margin: 1em 0;
 }
 
+code.descname {
+    background-color: transparent;
+    font-weight: bold;
+    font-size: 1.2em;
+}
+
+code.descclassname {
+    background-color: transparent;
+}
+
 code.xref, a code {
     background-color: transparent;
     font-weight: bold;

docs/_build/html/_static/pygments.css

@@ -1,5 +1,10 @@
+pre { line-height: 125%; }
+td.linenos .normal { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
+span.linenos { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
+td.linenos .special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
+span.linenos.special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
 .highlight .hll { background-color: #ffffcc }
-.highlight  { background: #f8f8f8; }
+.highlight { background: #f8f8f8; }
 .highlight .c { color: #008800; font-style: italic } /* Comment */
 .highlight .err { border: 1px solid #FF0000 } /* Error */
 .highlight .k { color: #AA22FF; font-weight: bold } /* Keyword */

docs/_build/html/_static/searchtools.js

@@ -509,7 +509,7 @@ var Search = {
     var excerpt = ((start > 0) ? '...' : '') +
       $.trim(text.substr(start, 240)) +
       ((start + 240 - text.length) ? '...' : '');
-    var rv = $('<p class="context"></p>').text(excerpt);
+    var rv = $('<div class="context"></div>').text(excerpt);
     $.each(hlwords, function() {
       rv = rv.highlightText(this, 'highlighted');
     });

docs/_build/html/about.html

@@ -47,9 +47,9 @@
   
   
     <title>About &#8212; Netmaker 0.3.5 documentation</title>
-    <link rel="stylesheet" type="text/css" href="_static/pygments.css" />
-    <link rel="stylesheet" type="text/css" href="_static/material.css" />
-    <script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>
+    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
+    <link rel="stylesheet" href="_static/material.css" type="text/css" />
+    <script id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
     <script src="_static/jquery.js"></script>
     <script src="_static/underscore.js"></script>
     <script src="_static/doctools.js"></script>
@@ -423,7 +423,14 @@
     <li class="md-nav__item">
     
     
-      <a href="client-installation.html#system-compatibility" class="md-nav__link">System Compatibility</a>
+      <a href="client-installation.html#introduction-to-netclient" class="md-nav__link">Introduction to Netclient</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="client-installation.html#modes-and-system-compatibility" class="md-nav__link">Modes and System Compatibility</a>
       
     
     </li>
@@ -454,11 +461,18 @@
       <a href="client-installation.html#managing-netclient" class="md-nav__link">Managing Netclient</a>
       
     
+    </li></ul>
+    
     </li>
     <li class="md-nav__item">
     
     
-      <a href="client-installation.html#unmanaged-external-clients" class="md-nav__link">Unmanaged (External) Clients</a>
+      <a href="external-clients.html" class="md-nav__link">External Clients</a>
+      <ul class="md-nav__list"> 
+    <li class="md-nav__item">
+    
+    
+      <a href="external-clients.html#introduction" class="md-nav__link">Introduction</a>
       
     
     </li></ul>
@@ -821,7 +835,7 @@ If you’re familiar with AWS, it’s like a VPC but made up of arbitrary comput
               
           </div>
             Created using
-            <a href="http://www.sphinx-doc.org/">Sphinx</a> 4.0.2.
+            <a href="http://www.sphinx-doc.org/">Sphinx</a> 3.5.4.
              and
             <a href="https://github.com/bashtage/sphinx-material/">Material for
               Sphinx</a>

docs/_build/html/api.html

@@ -47,9 +47,9 @@
   
   
     <title>API Reference &#8212; Netmaker 0.3.5 documentation</title>
-    <link rel="stylesheet" type="text/css" href="_static/pygments.css" />
-    <link rel="stylesheet" type="text/css" href="_static/material.css" />
-    <script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>
+    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
+    <link rel="stylesheet" href="_static/material.css" type="text/css" />
+    <script id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
     <script src="_static/jquery.js"></script>
     <script src="_static/underscore.js"></script>
     <script src="_static/doctools.js"></script>
@@ -403,7 +403,14 @@
     <li class="md-nav__item">
     
     
-      <a href="client-installation.html#system-compatibility" class="md-nav__link">System Compatibility</a>
+      <a href="client-installation.html#introduction-to-netclient" class="md-nav__link">Introduction to Netclient</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="client-installation.html#modes-and-system-compatibility" class="md-nav__link">Modes and System Compatibility</a>
       
     
     </li>
@@ -434,11 +441,18 @@
       <a href="client-installation.html#managing-netclient" class="md-nav__link">Managing Netclient</a>
       
     
+    </li></ul>
+    
     </li>
     <li class="md-nav__item">
     
     
-      <a href="client-installation.html#unmanaged-external-clients" class="md-nav__link">Unmanaged (External) Clients</a>
+      <a href="external-clients.html" class="md-nav__link">External Clients</a>
+      <ul class="md-nav__list"> 
+    <li class="md-nav__item">
+    
+    
+      <a href="external-clients.html#introduction" class="md-nav__link">Introduction</a>
       
     
     </li></ul>
@@ -942,7 +956,7 @@
               
           </div>
             Created using
-            <a href="http://www.sphinx-doc.org/">Sphinx</a> 4.0.2.
+            <a href="http://www.sphinx-doc.org/">Sphinx</a> 3.5.4.
              and
             <a href="https://github.com/bashtage/sphinx-material/">Material for
               Sphinx</a>

docs/_build/html/architecture.html

@@ -47,9 +47,9 @@
   
   
     <title>Architecture &#8212; Netmaker 0.3.5 documentation</title>
-    <link rel="stylesheet" type="text/css" href="_static/pygments.css" />
-    <link rel="stylesheet" type="text/css" href="_static/material.css" />
-    <script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>
+    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
+    <link rel="stylesheet" href="_static/material.css" type="text/css" />
+    <script id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
     <script src="_static/jquery.js"></script>
     <script src="_static/underscore.js"></script>
     <script src="_static/doctools.js"></script>
@@ -451,7 +451,14 @@
     <li class="md-nav__item">
     
     
-      <a href="client-installation.html#system-compatibility" class="md-nav__link">System Compatibility</a>
+      <a href="client-installation.html#introduction-to-netclient" class="md-nav__link">Introduction to Netclient</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="client-installation.html#modes-and-system-compatibility" class="md-nav__link">Modes and System Compatibility</a>
       
     
     </li>
@@ -482,11 +489,18 @@
       <a href="client-installation.html#managing-netclient" class="md-nav__link">Managing Netclient</a>
       
     
+    </li></ul>
+    
     </li>
     <li class="md-nav__item">
     
     
-      <a href="client-installation.html#unmanaged-external-clients" class="md-nav__link">Unmanaged (External) Clients</a>
+      <a href="external-clients.html" class="md-nav__link">External Clients</a>
+      <ul class="md-nav__list"> 
+    <li class="md-nav__item">
+    
+    
+      <a href="external-clients.html#introduction" class="md-nav__link">Introduction</a>
       
     
     </li></ul>
@@ -793,7 +807,7 @@
             
   
 <h1 id="architecture--page-root">Architecture<a class="headerlink" href="#architecture--page-root" title="Permalink to this headline">¶</a></h1>
-<a class="reference internal image-reference" href="_images/nm-diagram.jpg"><img alt="Netmaker Architecture Diagram" class="align-center" src="_images/nm-diagram.jpg" style="width: 45%;"/></a>
+<a class="reference internal image-reference" href="_images/nm-diagram-2.jpg"><img alt="Netmaker Architecture Diagram" class="align-center" src="_images/nm-diagram-2.jpg" style="width: 45%;"/></a>
 <p><em>Pictured Above: A diagram of Netmaker’s Architecture.</em></p>
 
 <h2 id="core-concepts">Core Concepts<a class="headerlink" href="#core-concepts" title="Permalink to this headline">¶</a></h2>
@@ -809,7 +823,7 @@
 <a class="reference internal image-reference" href="_images/mesh.png"><img alt="Full Mesh Network Diagram" class="align-center" src="_images/mesh.png" style="width: 33%;"/></a>
 <p>A full <a class="reference external" href="https://www.bbc.co.uk/bitesize/guides/zr3yb82/revision/2">mesh network</a> exists where each machine is able to directly talk to every other machine on the network. For example, on your home network, behind your router, all the computers are likely given private addresses and can reach each other directly.</p>
 <p>This is in contrast to a hub-and-spoke network, where each machine must first pass its traffic through a relay server before it can reach other machines.</p>
-<p>In certain situations you may either want or need a <em>partial mesh</em> network, where only some devices can reach each other directly, and other devices must route their traffic through a relay/gateway. Netmaker can use this model in some use cases where it makes sense.</p>
+<p>In certain situations you may either want or need a <em>partial mesh</em> network, where only some devices can reach each other directly, and other devices must route their traffic through a relay/gateway. Netmaker can use this model in some use cases where it makes sense. In the diagram at the top of this page, the setup is a partial mesh, because the servers (nodes A-D) are meshed, but then external clients come in via a gateway, and are not meshed.</p>
 <p>Mesh networks are generally faster than other topologies, but are also more complicated to set up. WireGuard on its own gives you the means to create encrypted tunnels between devices, but it does not provide a method for setting up a full network. This is where Netmaker comes in.</p>
 
 
@@ -969,7 +983,7 @@
               
           </div>
             Created using
-            <a href="http://www.sphinx-doc.org/">Sphinx</a> 4.0.2.
+            <a href="http://www.sphinx-doc.org/">Sphinx</a> 3.5.4.
              and
             <a href="https://github.com/bashtage/sphinx-material/">Material for
               Sphinx</a>

docs/_build/html/client-installation.html

@@ -47,16 +47,16 @@
   
   
     <title>Client Installation &#8212; Netmaker 0.3.5 documentation</title>
-    <link rel="stylesheet" type="text/css" href="_static/pygments.css" />
-    <link rel="stylesheet" type="text/css" href="_static/material.css" />
-    <script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>
+    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
+    <link rel="stylesheet" href="_static/material.css" type="text/css" />
+    <script id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
     <script src="_static/jquery.js"></script>
     <script src="_static/underscore.js"></script>
     <script src="_static/doctools.js"></script>
     <link rel="author" title="About these documents" href="about.html" />
     <link rel="index" title="Index" href="genindex.html" />
     <link rel="search" title="Search" href="search.html" />
-    <link rel="next" title="Using Netmaker" href="usage.html" />
+    <link rel="next" title="External Clients" href="external-clients.html" />
     <link rel="prev" title="Server Installation" href="server-installation.html" />
   
    
@@ -505,6 +505,20 @@
       <a href="#managing-netclient" class="md-nav__link">Managing Netclient</a>
       
     
+    </li></ul>
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="external-clients.html" class="md-nav__link">External Clients</a>
+      <ul class="md-nav__list"> 
+    <li class="md-nav__item">
+    
+    
+      <a href="external-clients.html#introduction" class="md-nav__link">Introduction</a>
+      
+    
     </li></ul>
     
     </li>
@@ -933,12 +947,12 @@
             </a>
           
           
-            <a href="usage.html" title="Using Netmaker"
+            <a href="external-clients.html" title="External Clients"
                class="md-flex md-footer-nav__link md-footer-nav__link--next"
                rel="next">
             <div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title"><span
                 class="md-flex__ellipsis"> <span
-                class="md-footer-nav__direction"> Next </span> Using Netmaker </span>
+                class="md-footer-nav__direction"> Next </span> External Clients </span>
             </div>
             <div class="md-flex__cell md-flex__cell--shrink"><i
                 class="md-icon md-icon--arrow-forward md-footer-nav__button"></i>
@@ -956,7 +970,7 @@
               
           </div>
             Created using
-            <a href="http://www.sphinx-doc.org/">Sphinx</a> 4.0.2.
+            <a href="http://www.sphinx-doc.org/">Sphinx</a> 3.5.4.
              and
             <a href="https://github.com/bashtage/sphinx-material/">Material for
               Sphinx</a>

docs/_build/html/conduct.html

@@ -47,9 +47,9 @@
   
   
     <title>Code of Conduct &#8212; Netmaker 0.3.5 documentation</title>
-    <link rel="stylesheet" type="text/css" href="_static/pygments.css" />
-    <link rel="stylesheet" type="text/css" href="_static/material.css" />
-    <script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>
+    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
+    <link rel="stylesheet" href="_static/material.css" type="text/css" />
+    <script id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
     <script src="_static/jquery.js"></script>
     <script src="_static/underscore.js"></script>
     <script src="_static/doctools.js"></script>
@@ -403,7 +403,14 @@
     <li class="md-nav__item">
     
     
-      <a href="client-installation.html#system-compatibility" class="md-nav__link">System Compatibility</a>
+      <a href="client-installation.html#introduction-to-netclient" class="md-nav__link">Introduction to Netclient</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="client-installation.html#modes-and-system-compatibility" class="md-nav__link">Modes and System Compatibility</a>
       
     
     </li>
@@ -434,11 +441,18 @@
       <a href="client-installation.html#managing-netclient" class="md-nav__link">Managing Netclient</a>
       
     
+    </li></ul>
+    
     </li>
     <li class="md-nav__item">
     
     
-      <a href="client-installation.html#unmanaged-external-clients" class="md-nav__link">Unmanaged (External) Clients</a>
+      <a href="external-clients.html" class="md-nav__link">External Clients</a>
+      <ul class="md-nav__list"> 
+    <li class="md-nav__item">
+    
+    
+      <a href="external-clients.html#introduction" class="md-nav__link">Introduction</a>
       
     
     </li></ul>
@@ -864,7 +878,7 @@ available <a class="reference external" href="https://contributor-covenant.org/v
               
           </div>
             Created using
-            <a href="http://www.sphinx-doc.org/">Sphinx</a> 4.0.2.
+            <a href="http://www.sphinx-doc.org/">Sphinx</a> 3.5.4.
              and
             <a href="https://github.com/bashtage/sphinx-material/">Material for
               Sphinx</a>

docs/_build/html/contribute.html

@@ -47,9 +47,9 @@
   
   
     <title>Contribute &#8212; Netmaker 0.3.5 documentation</title>
-    <link rel="stylesheet" type="text/css" href="_static/pygments.css" />
-    <link rel="stylesheet" type="text/css" href="_static/material.css" />
-    <script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>
+    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
+    <link rel="stylesheet" href="_static/material.css" type="text/css" />
+    <script id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
     <script src="_static/jquery.js"></script>
     <script src="_static/underscore.js"></script>
     <script src="_static/doctools.js"></script>
@@ -403,7 +403,14 @@
     <li class="md-nav__item">
     
     
-      <a href="client-installation.html#system-compatibility" class="md-nav__link">System Compatibility</a>
+      <a href="client-installation.html#introduction-to-netclient" class="md-nav__link">Introduction to Netclient</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="client-installation.html#modes-and-system-compatibility" class="md-nav__link">Modes and System Compatibility</a>
       
     
     </li>
@@ -434,11 +441,18 @@
       <a href="client-installation.html#managing-netclient" class="md-nav__link">Managing Netclient</a>
       
     
+    </li></ul>
+    
     </li>
     <li class="md-nav__item">
     
     
-      <a href="client-installation.html#unmanaged-external-clients" class="md-nav__link">Unmanaged (External) Clients</a>
+      <a href="external-clients.html" class="md-nav__link">External Clients</a>
+      <ul class="md-nav__list"> 
+    <li class="md-nav__item">
+    
+    
+      <a href="external-clients.html#introduction" class="md-nav__link">Introduction</a>
       
     
     </li></ul>
@@ -827,7 +841,7 @@
               
           </div>
             Created using
-            <a href="http://www.sphinx-doc.org/">Sphinx</a> 4.0.2.
+            <a href="http://www.sphinx-doc.org/">Sphinx</a> 3.5.4.
              and
             <a href="https://github.com/bashtage/sphinx-material/">Material for
               Sphinx</a>

docs/_build/html/external-clients.html

@@ -47,9 +47,9 @@
   
   
     <title>External Clients &#8212; Netmaker 0.3.5 documentation</title>
-    <link rel="stylesheet" type="text/css" href="_static/pygments.css" />
-    <link rel="stylesheet" type="text/css" href="_static/material.css" />
-    <script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>
+    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
+    <link rel="stylesheet" href="_static/material.css" type="text/css" />
+    <script id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
     <script src="_static/jquery.js"></script>
     <script src="_static/underscore.js"></script>
     <script src="_static/doctools.js"></script>
@@ -807,7 +807,7 @@
               
           </div>
             Created using
-            <a href="http://www.sphinx-doc.org/">Sphinx</a> 4.0.2.
+            <a href="http://www.sphinx-doc.org/">Sphinx</a> 3.5.4.
              and
             <a href="https://github.com/bashtage/sphinx-material/">Material for
               Sphinx</a>

docs/_build/html/genindex.html

@@ -47,9 +47,9 @@
   
   
     <title>Index &#8212; Netmaker 0.3.5 documentation</title>
-    <link rel="stylesheet" type="text/css" href="_static/pygments.css" />
-    <link rel="stylesheet" type="text/css" href="_static/material.css" />
-    <script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>
+    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
+    <link rel="stylesheet" href="_static/material.css" type="text/css" />
+    <script id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
     <script src="_static/jquery.js"></script>
     <script src="_static/underscore.js"></script>
     <script src="_static/doctools.js"></script>
@@ -746,7 +746,7 @@
               
           </div>
             Created using
-            <a href="http://www.sphinx-doc.org/">Sphinx</a> 4.0.2.
+            <a href="http://www.sphinx-doc.org/">Sphinx</a> 3.5.4.
              and
             <a href="https://github.com/bashtage/sphinx-material/">Material for
               Sphinx</a>

docs/_build/html/index.html

@@ -47,9 +47,9 @@
   
   
     <title>Welcome to the Netmaker Documentation &#8212; Netmaker 0.3.5 documentation</title>
-    <link rel="stylesheet" type="text/css" href="_static/pygments.css" />
-    <link rel="stylesheet" type="text/css" href="_static/material.css" />
-    <script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>
+    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
+    <link rel="stylesheet" href="_static/material.css" type="text/css" />
+    <script id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
     <script src="_static/jquery.js"></script>
     <script src="_static/underscore.js"></script>
     <script src="_static/doctools.js"></script>
@@ -989,7 +989,7 @@
               
           </div>
             Created using
-            <a href="http://www.sphinx-doc.org/">Sphinx</a> 4.0.2.
+            <a href="http://www.sphinx-doc.org/">Sphinx</a> 3.5.4.
              and
             <a href="https://github.com/bashtage/sphinx-material/">Material for
               Sphinx</a>

docs/_build/html/license.html

@@ -47,9 +47,9 @@
   
   
     <title>License &#8212; Netmaker 0.3.5 documentation</title>
-    <link rel="stylesheet" type="text/css" href="_static/pygments.css" />
-    <link rel="stylesheet" type="text/css" href="_static/material.css" />
-    <script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>
+    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
+    <link rel="stylesheet" href="_static/material.css" type="text/css" />
+    <script id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
     <script src="_static/jquery.js"></script>
     <script src="_static/underscore.js"></script>
     <script src="_static/doctools.js"></script>
@@ -402,7 +402,14 @@
     <li class="md-nav__item">
     
     
-      <a href="client-installation.html#system-compatibility" class="md-nav__link">System Compatibility</a>
+      <a href="client-installation.html#introduction-to-netclient" class="md-nav__link">Introduction to Netclient</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="client-installation.html#modes-and-system-compatibility" class="md-nav__link">Modes and System Compatibility</a>
       
     
     </li>
@@ -433,11 +440,18 @@
       <a href="client-installation.html#managing-netclient" class="md-nav__link">Managing Netclient</a>
       
     
+    </li></ul>
+    
     </li>
     <li class="md-nav__item">
     
     
-      <a href="client-installation.html#unmanaged-external-clients" class="md-nav__link">Unmanaged (External) Clients</a>
+      <a href="external-clients.html" class="md-nav__link">External Clients</a>
+      <ul class="md-nav__list"> 
+    <li class="md-nav__item">
+    
+    
+      <a href="external-clients.html#introduction" class="md-nav__link">Introduction</a>
       
     
     </li></ul>
@@ -753,7 +767,7 @@
               
           </div>
             Created using
-            <a href="http://www.sphinx-doc.org/">Sphinx</a> 4.0.2.
+            <a href="http://www.sphinx-doc.org/">Sphinx</a> 3.5.4.
              and
             <a href="https://github.com/bashtage/sphinx-material/">Material for
               Sphinx</a>

docs/_build/html/quick-start.html

@@ -47,9 +47,9 @@
   
   
     <title>Quick Start &#8212; Netmaker 0.3.5 documentation</title>
-    <link rel="stylesheet" type="text/css" href="_static/pygments.css" />
-    <link rel="stylesheet" type="text/css" href="_static/material.css" />
-    <script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>
+    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
+    <link rel="stylesheet" href="_static/material.css" type="text/css" />
+    <script id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
     <script src="_static/jquery.js"></script>
     <script src="_static/underscore.js"></script>
     <script src="_static/doctools.js"></script>
@@ -437,7 +437,14 @@
     <li class="md-nav__item">
     
     
-      <a href="client-installation.html#system-compatibility" class="md-nav__link">System Compatibility</a>
+      <a href="client-installation.html#introduction-to-netclient" class="md-nav__link">Introduction to Netclient</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="client-installation.html#modes-and-system-compatibility" class="md-nav__link">Modes and System Compatibility</a>
       
     
     </li>
@@ -468,11 +475,18 @@
       <a href="client-installation.html#managing-netclient" class="md-nav__link">Managing Netclient</a>
       
     
+    </li></ul>
+    
     </li>
     <li class="md-nav__item">
     
     
-      <a href="client-installation.html#unmanaged-external-clients" class="md-nav__link">Unmanaged (External) Clients</a>
+      <a href="external-clients.html" class="md-nav__link">External Clients</a>
+      <ul class="md-nav__list"> 
+    <li class="md-nav__item">
+    
+    
+      <a href="external-clients.html#introduction" class="md-nav__link">Introduction</a>
       
     
     </li></ul>
@@ -768,7 +782,7 @@
 
 <h2 id="introduction">Introduction<a class="headerlink" href="#introduction" title="Permalink to this headline">¶</a></h2>
 <p>This is a guide to getting up and running with Netmaker as quickly as possible.</p>
-<p>By default, Netmaker ships with DNS Mode and Client Mode enabled. However, these features require special permissions and are not necessary for a simple setup, so we are going to deploy without them. To learn more about enabling these features, check out the <a class="reference internal" href="server-installation.html"><span class="doc">installation docs</span></a>.</p>
+<p>By default, Netmaker ships with DNS Mode, Client Mode, and Secure GRPC enabled. However, these features require special permissions and are not necessary for a simple setup, so we are going to deploy without them. To learn more about enabling these features, check out the <a class="reference internal" href="server-installation.html"><span class="doc">installation docs</span></a>.</p>
 
 
 <h2 id="prerequisites">Prerequisites<a class="headerlink" href="#prerequisites" title="Permalink to this headline">¶</a></h2>
@@ -834,7 +848,7 @@
 </ul>
 </div></blockquote>
 <ol class="arabic simple" start="4">
-<li><p>Run the install command, Ex: <code class="docutils literal notranslate"><span class="pre">curl</span> <span class="pre">-sfL</span> <span class="pre">https://raw.githubusercontent.com/gravitl/netmaker/v0.3/scripts/netclient-install.sh</span> <span class="pre">|</span> <span class="pre">KEY=vm3ow4thatogiwnsla3thsl3894ths</span> <span class="pre">sh</span> <span class="pre">-</span></code></p></li>
+<li><p>Run the install command, Ex: <code class="docutils literal notranslate"><span class="pre">curl</span> <span class="pre">-sfL</span> <span class="pre">https://raw.githubusercontent.com/gravitl/netmaker/v0.5/scripts/netclient-install.sh</span> <span class="pre">|</span> <span class="pre">KEY=vm3ow4thatogiwnsla3thsl3894ths</span> <span class="pre">sh</span> <span class="pre">-</span></code></p></li>
 </ol>
 <p>You should get output similar to the below. The netclient retrieves local settings, submits them to the server for processing, and retrieves updated settings. Then it sets the local network configuration. For more information about this process, see the <a class="reference internal" href="client-installation.html"><span class="doc">client installation</span></a> documentation. If this process failed and you do not see your node in the console (see below), then reference the <a class="reference internal" href="troubleshoot.html"><span class="doc">troubleshooting</span></a> documentation.</p>
 <a class="reference internal image-reference" href="_images/nc-install-output.png"><img alt="Output from Netclient Install" class="align-center" src="_images/nc-install-output.png" style="width: 80%;"/></a>
@@ -854,7 +868,7 @@
 
 <h2 id="uninstalling-the-netclient">Uninstalling the netclient<a class="headerlink" href="#uninstalling-the-netclient" title="Permalink to this headline">¶</a></h2>
 <ol class="arabic simple">
-<li><p>To remove your nodes from the default network, run the following on each node: <code class="docutils literal notranslate"><span class="pre">sudo</span> <span class="pre">netclient</span> <span class="pre">-c</span> <span class="pre">remove</span> <span class="pre">-n</span> <span class="pre">default</span></code></p></li>
+<li><p>To remove your nodes from the default network, run the following on each node: <code class="docutils literal notranslate"><span class="pre">sudo</span> <span class="pre">netclient</span> <span class="pre">leave</span> <span class="pre">-n</span> <span class="pre">default</span></code></p></li>
 <li><p>To remove the netclient entirely from each node, run <code class="docutils literal notranslate"><span class="pre">sudo</span> <span class="pre">rm</span> <span class="pre">-rf</span> <span class="pre">/etc/netclient</span></code> (after running the first step)</p></li>
 </ol>
 
@@ -911,7 +925,7 @@
               
           </div>
             Created using
-            <a href="http://www.sphinx-doc.org/">Sphinx</a> 4.0.2.
+            <a href="http://www.sphinx-doc.org/">Sphinx</a> 3.5.4.
              and
             <a href="https://github.com/bashtage/sphinx-material/">Material for
               Sphinx</a>

docs/_build/html/search.html

@@ -47,10 +47,10 @@
   
   
     <title>Search &#8212; Netmaker 0.3.5 documentation</title>
-    <link rel="stylesheet" type="text/css" href="_static/pygments.css" />
-    <link rel="stylesheet" type="text/css" href="_static/material.css" />
+    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
+    <link rel="stylesheet" href="_static/material.css" type="text/css" />
     
-    <script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>
+    <script id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
     <script src="_static/jquery.js"></script>
     <script src="_static/underscore.js"></script>
     <script src="_static/doctools.js"></script>
@@ -757,7 +757,7 @@
               
           </div>
             Created using
-            <a href="http://www.sphinx-doc.org/">Sphinx</a> 4.0.2.
+            <a href="http://www.sphinx-doc.org/">Sphinx</a> 3.5.4.
              and
             <a href="https://github.com/bashtage/sphinx-material/">Material for
               Sphinx</a>

docs/_build/html/server-installation.html

@@ -47,9 +47,9 @@
   
   
     <title>Server Installation &#8212; Netmaker 0.3.5 documentation</title>
-    <link rel="stylesheet" type="text/css" href="_static/pygments.css" />
-    <link rel="stylesheet" type="text/css" href="_static/material.css" />
-    <script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>
+    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
+    <link rel="stylesheet" href="_static/material.css" type="text/css" />
+    <script id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
     <script src="_static/jquery.js"></script>
     <script src="_static/underscore.js"></script>
     <script src="_static/doctools.js"></script>
@@ -361,9 +361,9 @@
         </li>
         <li class="md-nav__item"><a href="#docker-compose-install" class="md-nav__link">Docker Compose Install</a><nav class="md-nav">
               <ul class="md-nav__list">
-        <li class="md-nav__item"><a href="#slim-install-no-dns-and-no-client-mode" class="md-nav__link">Slim Install - No DNS and No Client Mode</a>
+        <li class="md-nav__item"><a href="#slim-install-no-dns-no-client-mode-no-secure-grpc" class="md-nav__link">Slim Install - No DNS, No Client Mode, No Secure GRPC</a>
         </li>
-        <li class="md-nav__item"><a href="#full-install-dns-and-client-mode-enabled" class="md-nav__link">Full Install - DNS and Client Mode Enabled</a>
+        <li class="md-nav__item"><a href="#full-install-dns-client-mode-and-secure-grpc-enabled" class="md-nav__link">Full Install - DNS, Client Mode, and Secure GRPC Enabled</a>
         </li>
         <li class="md-nav__item"><a href="#server-only-install-ui-dns-client-disabled" class="md-nav__link">Server Only Install - UI, DNS, Client Disabled</a>
         </li>
@@ -461,7 +461,14 @@
     <li class="md-nav__item">
     
     
-      <a href="client-installation.html#system-compatibility" class="md-nav__link">System Compatibility</a>
+      <a href="client-installation.html#introduction-to-netclient" class="md-nav__link">Introduction to Netclient</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="client-installation.html#modes-and-system-compatibility" class="md-nav__link">Modes and System Compatibility</a>
       
     
     </li>
@@ -492,11 +499,18 @@
       <a href="client-installation.html#managing-netclient" class="md-nav__link">Managing Netclient</a>
       
     
+    </li></ul>
+    
     </li>
     <li class="md-nav__item">
     
     
-      <a href="client-installation.html#unmanaged-external-clients" class="md-nav__link">Unmanaged (External) Clients</a>
+      <a href="external-clients.html" class="md-nav__link">External Clients</a>
+      <ul class="md-nav__list"> 
+    <li class="md-nav__item">
+    
+    
+      <a href="external-clients.html#introduction" class="md-nav__link">Introduction</a>
       
     
     </li></ul>
@@ -764,9 +778,9 @@
         </li>
         <li class="md-nav__item"><a href="#docker-compose-install" class="md-nav__link">Docker Compose Install</a><nav class="md-nav">
               <ul class="md-nav__list">
-        <li class="md-nav__item"><a href="#slim-install-no-dns-and-no-client-mode" class="md-nav__link">Slim Install - No DNS and No Client Mode</a>
+        <li class="md-nav__item"><a href="#slim-install-no-dns-no-client-mode-no-secure-grpc" class="md-nav__link">Slim Install - No DNS, No Client Mode, No Secure GRPC</a>
         </li>
-        <li class="md-nav__item"><a href="#full-install-dns-and-client-mode-enabled" class="md-nav__link">Full Install - DNS and Client Mode Enabled</a>
+        <li class="md-nav__item"><a href="#full-install-dns-client-mode-and-secure-grpc-enabled" class="md-nav__link">Full Install - DNS, Client Mode, and Secure GRPC Enabled</a>
         </li>
         <li class="md-nav__item"><a href="#server-only-install-ui-dns-client-disabled" class="md-nav__link">Server Only Install - UI, DNS, Client Disabled</a>
         </li>
@@ -820,20 +834,23 @@
 <p><strong>Client Mode:</strong> Client Mode enables Netmaker to control the underlying host server’s Network. This can make management a bit easier, because Netmaker can be added into networks via a button click in the UI. This is especially useful for things like Gateways, and will open up additional options in future versions, for instance, allowing Netmaker to easily become a relay server.</p>
 <p>Client Mode requires many additional privileges on the host machine, since Netmaker needs to control kernel WireGuard. Because of this, if running in Client Mode, you must run with root privileges and mount many system directories to the Netmaker container. Running without Client Mode allows you to install without privilege escalation and increases the number of compatible systems substantially.</p>
 <p><strong>DNS Mode:</strong> DNS Mode enables Netmaker to write configuration files for CoreDNS, which can be set as a DNS Server for nodes. DNS Mode, paired with a CoreDNS deployment, requires use of port 53. On many linux systems (such as Ubuntu), port 53 is already in use to support local DNS, via systemd-resolved. Running in DNS Mode may require making modifications on the host machine.</p>
+<p><strong>Secure GRPC</strong>: Secure GRPC ensures all communications between nodes and the server are encrypted. Netmaker sets up a default “comms” network that exists only for nodes to connect to the server. It acts as a hub-and-spoke WireGuard network. In the below installation instructions, when port 50555 needs to be open, this is referring to the WireGuard port for Netmaker’s GRPC comms. When it is port 50051, secure comms is not enabled.</p>
+<p>When Secure GRPC is enabled, before any nodes can join a Netmaker network, they request to join the comms network, and are given the appropriate WireGuard configs to connect to the server. Then they are able to make requests against the private netmaker endpoint specified for the comms network (10.101.0.1 by default). If switched off, communications are not secure between the hub and nodes over GRPC (it is like http vs https), and likewise, certificates must be added to gain secure communications.</p>
 <p><strong>Agent Backend:</strong> The Agent Backend is the GRPC server (by default running on port 50051). This port is not needed for the admin server. If your use case requires special access configuration, you can run two Netmaker instances, one for the admin server, and one for node access.</p>
 <p><strong>REST Backend:</strong> Similar to the above, the REST backend runs by default on port 8081, and is used for admin API and UI access. By enabling the REST backend while disabling the Agent backend, you can separate the two functions for more restricted environments.</p>
 
 
 <h2 id="system-compatibility">System Compatibility<a class="headerlink" href="#system-compatibility" title="Permalink to this headline">¶</a></h2>
-<p>Whether or not you run Netmaker in <strong>Client Mode</strong> is the main determination of system compatibility.</p>
-<p>With Client Mode <strong>disabled</strong>, Netmaker can be run on any system that supports Docker. This includes Windows, Mac, Linux, mainframes, and most Unix-based systems. It also requires no special privileges. Netmaker will only need ports for GRPC (50051 by default), the API (8081 by default), and CoreDNS (53, if enabled).</p>
-<p>With Client Mode <strong>enabled</strong> (the default), Netmaker has the same limitations as the <a class="reference internal" href="client-installation.html"><span class="doc">netclient</span></a> (client networking agent), because client mode just means that the Netmaker server is also running a netclient.</p>
-<p>This requires privileged (root) access to the host machine and multiple host directory mounts. It also requires WireGuard to be installed, and Linux with systemd installed (see <a class="reference internal" href="architecture.html"><span class="doc">compatible systems</span></a> for more details).</p>
-<p>To run a non-docker installation, you are running the Netmaker binary, CoreDNS binary, MongoDB, and a web server directly on your host. This requires all the requirements for those individual components. Our guided install assumes systemd-based linux, but there are many other ways to install Netmaker’s individual components onto machines that do not support Docker.</p>
+<p>Both <strong>Client Mode</strong> and <strong>Secure GRPC</strong> require WireGuard to be installed on the host system, and will require elevated privileges to perform network operations..</p>
+<p>When both of these features are <strong>disabled</strong>, Netmaker can be run on any system that supports Docker, including Windows, Mac, and Linux, and other systems. With these features disabled, no special privileges are required. Netmaker will only need ports for GRPC (50051 by default), the API (8081 by default), and CoreDNS (53, if enabled).</p>
+<p>With Client Mode and/or Secure GRPC <strong>enabled</strong> (the default), Netmaker has the same limitations as the <a class="reference internal" href="client-installation.html"><span class="doc">netclient</span></a> (client networking agent), because client mode just means that the Netmaker server is also running a netclient.</p>
+<p>These modes require privileged (root) access to the host machine. In addition, Client Mode requires multiple host directory mounts. WireGuard must be installed, the system must be systemd Linux (see <a class="reference internal" href="architecture.html"><span class="doc">compatible systems</span></a> for more details).</p>
+<p>To run a non-docker installation, you must run the Netmaker binary, CoreDNS binary, MongoDB, and a web server directly on the host. This requires all the requirements for those individual components. Our guided install assumes systemd-based linux, but there are many other ways to install Netmaker’s individual components onto machines that do not support Docker.</p>
 
 
 <h2 id="dns-mode-prereqisite-setup">DNS Mode Prereqisite Setup<a class="headerlink" href="#dns-mode-prereqisite-setup" title="Permalink to this headline">¶</a></h2>
-<p>If you plan on running the server in DNS Mode, you will be deploying a CoreDNS server. We recommend binding CoreDNS to port 53 of the host system (which it will do by default). On some systems, this will conflift with existing processes. Specifically on linux systems running systemd-resolved, there may be a service consuming port 53. The below steps will disable systemd-resolved, and replace it with a generic (e.g. Google) nameserver. The following was tested on Ubuntu 20.04. This may have consequences for existing private DNS so proceed with caution:</p>
+<p>If you plan on running the server in DNS Mode, know that a <a class="reference external" href="https://coredns.io/manual/toc/">CoreDNS Server</a> will be installed. CoreDNS is a light-weight, fast, and easy-to-configure DNS server. It is recommended to bind CoreDNS to port 53 of the host system, and it will do so by default. The clients will expect the nameserver to be on port 53, and many systems have issues resolving a different port.</p>
+<p>However, on your host system (for Netmaker), this may conflict with an existing process. On linux systems running systemd-resolved, there is likely a service consuming port 53. The below steps will disable systemd-resolved, and replace it with a generic (e.g. Google) nameserver. Be warned that this may have consequences for any existing private DNS configuration. The following was tested on Ubuntu 20.04 and should be run prior to deploying the docker containers.</p>
 <ol class="arabic simple">
 <li><p><code class="docutils literal notranslate"><span class="pre">systemctl</span> <span class="pre">stop</span> <span class="pre">systemd-resolved</span></code></p></li>
 <li><p><code class="docutils literal notranslate"><span class="pre">systemctl</span> <span class="pre">disable</span> <span class="pre">systemd-resolved</span></code></p></li>
@@ -853,7 +870,7 @@
 <h2 id="docker-compose-install">Docker Compose Install<a class="headerlink" href="#docker-compose-install" title="Permalink to this headline">¶</a></h2>
 <p>The most simple (and recommended) way of installing Netmaker is to use one of the provided <a class="reference external" href="https://github.com/gravitl/netmaker/tree/feature_v0.3.5_docs/compose">Docker Compose files</a>. Below are instructions for several different options to install Netmaker via Docker Compose, followed by an annotated reference Docker Compose in case your use case requires additional customization.</p>
 
-<h3 id="slim-install-no-dns-and-no-client-mode">Slim Install - No DNS and No Client Mode<a class="headerlink" href="#slim-install-no-dns-and-no-client-mode" title="Permalink to this headline">¶</a></h3>
+<h3 id="slim-install-no-dns-no-client-mode-no-secure-grpc">Slim Install - No DNS, No Client Mode, No Secure GRPC<a class="headerlink" href="#slim-install-no-dns-no-client-mode-no-secure-grpc" title="Permalink to this headline">¶</a></h3>
 <p>This is the same docker compose covered in the <a class="reference internal" href="quick-start.html"><span class="doc">quick start</span></a>. It requires no special privileges and can run on any system with Docker and Docker Compose. However, it also does not have the full feature set, and lacks Client Mode and DNS Mode.</p>
 <dl class="simple">
 <dt><strong>Prerequisites:</strong></dt><dd><ul class="simple">
@@ -875,7 +892,7 @@
 </ol>
 
 
-<h3 id="full-install-dns-and-client-mode-enabled">Full Install - DNS and Client Mode Enabled<a class="headerlink" href="#full-install-dns-and-client-mode-enabled" title="Permalink to this headline">¶</a></h3>
+<h3 id="full-install-dns-client-mode-and-secure-grpc-enabled">Full Install - DNS, Client Mode, and Secure GRPC Enabled<a class="headerlink" href="#full-install-dns-client-mode-and-secure-grpc-enabled" title="Permalink to this headline">¶</a></h3>
 <p>This installation gives you the fully-featured product with Client Mode and DNS Mode.</p>
 <dl class="simple">
 <dt><strong>Prerequisites:</strong></dt><dd><ul class="simple">
@@ -883,8 +900,8 @@
 <li><p>sudo privileges</p></li>
 <li><p>DNS Mode Prerequisite Setup (see above)</p></li>
 <li><p>WireGuard installed</p></li>
-<li><p>ports 80, 8081, 53, and 50051 are not blocked by firewall</p></li>
-<li><p>ports 80, 8081, 53, 50051, and 27017 are not in use</p></li>
+<li><p>ports 80, 8081, 53, and 50555 are not blocked by firewall</p></li>
+<li><p>ports 80, 8081, 53, 50555, and 27017 are not in use</p></li>
 </ul>
 </dd>
 <dt><strong>Notes:</strong></dt><dd><ul class="simple">
@@ -930,8 +947,8 @@
 <li><p>systemd linux (Debian or Ubuntu reccommended)</p></li>
 <li><p>sudo privileges</p></li>
 <li><p>WireGuard installed</p></li>
-<li><p>ports 80, 8081, and 50051 are not blocked by firewall</p></li>
-<li><p>ports 80, 8081, 50051, and 27017 are not in use</p></li>
+<li><p>ports 80, 8081, and 50555 are not blocked by firewall</p></li>
+<li><p>ports 80, 8081, 50555, and 27017 are not in use</p></li>
 </ul>
 </dd>
 <dt><strong>Notes:</strong></dt><dd><ul class="simple">
@@ -1025,6 +1042,13 @@
       <span class="nt">MONGO_HOST</span><span class="p">:</span> <span class="s">"127.0.0.1"</span> <span class="c1"># Address of MongoDB. Change if necessary.</span>
       <span class="nt">MONGO_PORT</span><span class="p">:</span> <span class="s">"27017"</span> <span class="c1"># Port of MongoDB. Change if necessary.</span>
       <span class="nt">MONGO_OPTS</span><span class="p">:</span> <span class="s">"/?authSource=admin"</span> <span class="c1"># Opts to enable admin login for Mongo.</span>
+      <span class="nt">SERVER_GRPC_WIREGUARD</span><span class="p">:</span> <span class="s">"on"</span> <span class="c1"># Whether to run GRPC over a WireGuard network. On by default. Secures server comms. Switch to "off" to turn off.</span>
+      <span class="nt">SERVER_GRPC_WG_INTERFACE</span><span class="p">:</span> <span class="s">"nm-grpc-wg"</span> <span class="c1"># Interface to use for GRPC WireGuard network if enabled</span>
+      <span class="nt">SERVER_GRPC_WG_ADDRESS</span><span class="p">:</span> <span class="s">"10.101.0.1"</span> <span class="c1"># Private Address to use for GRPC WireGuard network if enabled</span>
+      <span class="nt">SERVER_GRPC_WG_ADDRESS_RANGE</span><span class="p">:</span> <span class="s">"10.101.0.0/16"</span> <span class="c1"># Private Address range to use for GRPC WireGard clients if enabled</span>
+      <span class="nt">SERVER_GRPC_WG_PORT</span><span class="p">:</span> <span class="s">"50555"</span> <span class="c1"># Port to use for GRPC WireGuard if enabled</span>
+      <span class="nt">SERVER_GRPC_WG_PUBKEY</span><span class="p">:</span> <span class="s">"SERVER_GRPC_WG_PUBKEY"</span> <span class="c1"># PublicKey for GRPC WireGuard interface. Generated if blank.</span>
+      <span class="nt">SERVER_GRPC_WG_PRIVKEY</span><span class="p">:</span> <span class="s">"SERVER_GRPC_WG_PRIVKEY"</span> <span class="c1"># PrivateKey for GRPC WireGuard interface. Generated if blank.</span>
   <span class="nt">netmaker-ui</span><span class="p">:</span> <span class="c1"># The Netmaker UI Component</span>
     <span class="nt">container_name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">netmaker-ui</span>
     <span class="nt">depends_on</span><span class="p">:</span>
@@ -1170,6 +1194,30 @@
 <dt>MONGO_OPTS:</dt><dd><p><strong>Default:</strong> “/?authSource=admin”</p>
 <p><strong>Description:</strong> Opts to enable admin login for Mongo.</p>
 </dd>
+<dt>SERVER_GRPC_WIREGUARD:</dt><dd><p><strong>Default:</strong> “on”</p>
+<p><strong>Description:</strong> Whether to run GRPC over a WireGuard network. On by default. Secures the server comms. Switch to “off” to turn off. If off and running in production, make sure to have certificates installed to secure GRPC communications.</p>
+</dd>
+<dt>SERVER_GRPC_WG_INTERFACE:</dt><dd><p><strong>Default:</strong> “nm-grpc-wg”</p>
+<p><strong>Description:</strong> Interface to use for GRPC WireGuard network if enabled</p>
+</dd>
+<dt>SERVER_GRPC_WG_ADDRESS:</dt><dd><p><strong>Default:</strong> “10.101.0.1”</p>
+<p><strong>Description:</strong> Private Address to use for GRPC WireGuard network if enabled</p>
+</dd>
+<dt>SERVER_GRPC_WG_ADDRESS_RANGE:</dt><dd><p><strong>Default:</strong> “10.101.0.0/16”</p>
+<p><strong>Description:</strong> Private Address range to use for GRPC WireGard clients if enabled. Gives 65,534 total addresses for all of netmaker. If running a larger network, will need to configure addresses differently, for instance using ipv6, or use certificates instead.</p>
+</dd>
+<dt>SERVER_GRPC_WG_PORT:</dt><dd><p><strong>Default:</strong> 50555</p>
+<p><strong>Description:</strong> Port to use for GRPC WireGuard if enabled</p>
+</dd>
+<dt>SERVER_GRPC_WG_PUBKEY:</dt><dd><p><strong>Default:</strong> &lt; generated at startup &gt;</p>
+<p><strong>Description:</strong> PublicKey for GRPC WireGuard interface. Generated if left blank.</p>
+</dd>
+<dt>SERVER_GRPC_WG_PRIVKEY:</dt><dd><p><strong>Default:</strong> &lt; generated at startup &gt;</p>
+<p><strong>Description:</strong> PrivateKey for GRPC WireGuard interface. Generated if left blank.</p>
+</dd>
+<dt>SERVER_GRPC_WG_KEYREQUIRED</dt><dd><p><strong>Default:</strong> “”</p>
+<p><strong>Description:</strong> Determines if an Access Key is required to join the Comms network. Blank (meaning ‘no’) by default. Set to “yes” to turn on.</p>
+</dd>
 </dl>
 
 
@@ -1193,6 +1241,16 @@
   <span class="nt">host</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># defaults to 127.0.0.1 or MONGO_HOST (if set)</span>
   <span class="nt">port</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># defaults to 27017 or MONGO_PORT (if set)</span>
   <span class="nt">opts</span><span class="p">:</span> <span class="s">''</span> <span class="c1"># defaults to '/?authSource=admin' or MONGO_OPTS (if set)</span>
+<span class="nt">wg</span><span class="p">:</span>
+  <span class="nt">keyrequired</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># defaults to "". If set to "yes", a key is required for signing up for the comms network </span>
+  <span class="nt">grpcwg</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># defaults to "on" or SERVER_GRPC_WIREGUARD if set</span>
+  <span class="nt">grpciface</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># defaults to nm-grpc-wg or SERVER_GRPC_WG_INTERFACE if set</span>
+  <span class="nt">grpcaddr</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># defaults to 10.101.0.1 or SERVER_GRPC_WG_ADDRESS if set</span>
+  <span class="nt">grpcaddrrange</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># defaults to 10.101.0.0/16 or SERVER_GRPC_WG_ADDRESS_RANGE if set</span>
+  <span class="nt">grpcendpoint</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># defaults to SERVER_HOST if unset</span>
+  <span class="nt">grpcport</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># defaults to 50555 or SERVER_GRPC_WG_PORT if set</span>
+  <span class="nt">pubkey</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># defaults to generated value or SERVER_GRPC_WG_PUBKEY if set</span>
+  <span class="nt">privkey</span><span class="p">:</span> <span class="s">""</span> <span class="c1"># defaults to generated value or SERVER_GRPC_WG_PRIVKEY if set</span>
 </pre></div>
 </div>
 
@@ -1246,7 +1304,7 @@
               
           </div>
             Created using
-            <a href="http://www.sphinx-doc.org/">Sphinx</a> 4.0.2.
+            <a href="http://www.sphinx-doc.org/">Sphinx</a> 3.5.4.
              and
             <a href="https://github.com/bashtage/sphinx-material/">Material for
               Sphinx</a>

docs/_build/html/support.html

@@ -47,9 +47,9 @@
   
   
     <title>Support &#8212; Netmaker 0.3.5 documentation</title>
-    <link rel="stylesheet" type="text/css" href="_static/pygments.css" />
-    <link rel="stylesheet" type="text/css" href="_static/material.css" />
-    <script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>
+    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
+    <link rel="stylesheet" href="_static/material.css" type="text/css" />
+    <script id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
     <script src="_static/jquery.js"></script>
     <script src="_static/underscore.js"></script>
     <script src="_static/doctools.js"></script>
@@ -403,7 +403,14 @@
     <li class="md-nav__item">
     
     
-      <a href="client-installation.html#system-compatibility" class="md-nav__link">System Compatibility</a>
+      <a href="client-installation.html#introduction-to-netclient" class="md-nav__link">Introduction to Netclient</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="client-installation.html#modes-and-system-compatibility" class="md-nav__link">Modes and System Compatibility</a>
       
     
     </li>
@@ -434,11 +441,18 @@
       <a href="client-installation.html#managing-netclient" class="md-nav__link">Managing Netclient</a>
       
     
+    </li></ul>
+    
     </li>
     <li class="md-nav__item">
     
     
-      <a href="client-installation.html#unmanaged-external-clients" class="md-nav__link">Unmanaged (External) Clients</a>
+      <a href="external-clients.html" class="md-nav__link">External Clients</a>
+      <ul class="md-nav__list"> 
+    <li class="md-nav__item">
+    
+    
+      <a href="external-clients.html#introduction" class="md-nav__link">Introduction</a>
       
     
     </li></ul>
@@ -872,7 +886,7 @@
               
           </div>
             Created using
-            <a href="http://www.sphinx-doc.org/">Sphinx</a> 4.0.2.
+            <a href="http://www.sphinx-doc.org/">Sphinx</a> 3.5.4.
              and
             <a href="https://github.com/bashtage/sphinx-material/">Material for
               Sphinx</a>

docs/_build/html/troubleshoot.html

@@ -47,9 +47,9 @@
   
   
     <title>Troubleshooting &#8212; Netmaker 0.3.5 documentation</title>
-    <link rel="stylesheet" type="text/css" href="_static/pygments.css" />
-    <link rel="stylesheet" type="text/css" href="_static/material.css" />
-    <script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>
+    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
+    <link rel="stylesheet" href="_static/material.css" type="text/css" />
+    <script id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
     <script src="_static/jquery.js"></script>
     <script src="_static/underscore.js"></script>
     <script src="_static/doctools.js"></script>
@@ -403,7 +403,14 @@
     <li class="md-nav__item">
     
     
-      <a href="client-installation.html#system-compatibility" class="md-nav__link">System Compatibility</a>
+      <a href="client-installation.html#introduction-to-netclient" class="md-nav__link">Introduction to Netclient</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="client-installation.html#modes-and-system-compatibility" class="md-nav__link">Modes and System Compatibility</a>
       
     
     </li>
@@ -434,11 +441,18 @@
       <a href="client-installation.html#managing-netclient" class="md-nav__link">Managing Netclient</a>
       
     
+    </li></ul>
+    
     </li>
     <li class="md-nav__item">
     
     
-      <a href="client-installation.html#unmanaged-external-clients" class="md-nav__link">Unmanaged (External) Clients</a>
+      <a href="external-clients.html" class="md-nav__link">External Clients</a>
+      <ul class="md-nav__list"> 
+    <li class="md-nav__item">
+    
+    
+      <a href="external-clients.html#introduction" class="md-nav__link">Introduction</a>
       
     
     </li></ul>
@@ -809,7 +823,7 @@
               
           </div>
             Created using
-            <a href="http://www.sphinx-doc.org/">Sphinx</a> 4.0.2.
+            <a href="http://www.sphinx-doc.org/">Sphinx</a> 3.5.4.
              and
             <a href="https://github.com/bashtage/sphinx-material/">Material for
               Sphinx</a>

docs/_build/html/usage.html

@@ -47,9 +47,9 @@
   
   
     <title>Using Netmaker &#8212; Netmaker 0.3.5 documentation</title>
-    <link rel="stylesheet" type="text/css" href="_static/pygments.css" />
-    <link rel="stylesheet" type="text/css" href="_static/material.css" />
-    <script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>
+    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
+    <link rel="stylesheet" href="_static/material.css" type="text/css" />
+    <script id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
     <script src="_static/jquery.js"></script>
     <script src="_static/underscore.js"></script>
     <script src="_static/doctools.js"></script>
@@ -57,7 +57,7 @@
     <link rel="index" title="Index" href="genindex.html" />
     <link rel="search" title="Search" href="search.html" />
     <link rel="next" title="API Reference" href="api.html" />
-    <link rel="prev" title="Client Installation" href="client-installation.html" />
+    <link rel="prev" title="External Clients" href="external-clients.html" />
   
    
 
@@ -403,7 +403,14 @@
     <li class="md-nav__item">
     
     
-      <a href="client-installation.html#system-compatibility" class="md-nav__link">System Compatibility</a>
+      <a href="client-installation.html#introduction-to-netclient" class="md-nav__link">Introduction to Netclient</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="client-installation.html#modes-and-system-compatibility" class="md-nav__link">Modes and System Compatibility</a>
       
     
     </li>
@@ -434,11 +441,18 @@
       <a href="client-installation.html#managing-netclient" class="md-nav__link">Managing Netclient</a>
       
     
+    </li></ul>
+    
     </li>
     <li class="md-nav__item">
     
     
-      <a href="client-installation.html#unmanaged-external-clients" class="md-nav__link">Unmanaged (External) Clients</a>
+      <a href="external-clients.html" class="md-nav__link">External Clients</a>
+      <ul class="md-nav__list"> 
+    <li class="md-nav__item">
+    
+    
+      <a href="external-clients.html#introduction" class="md-nav__link">Introduction</a>
       
     
     </li></ul>
@@ -808,7 +822,7 @@
     <div class="md-footer-nav">
       <nav class="md-footer-nav__inner md-grid">
           
-            <a href="client-installation.html" title="Client Installation"
+            <a href="external-clients.html" title="External Clients"
                class="md-flex md-footer-nav__link md-footer-nav__link--prev"
                rel="prev">
               <div class="md-flex__cell md-flex__cell--shrink">
@@ -817,7 +831,7 @@
               <div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
                 <span class="md-flex__ellipsis">
                   <span
-                      class="md-footer-nav__direction"> Previous </span> Client Installation </span>
+                      class="md-footer-nav__direction"> Previous </span> External Clients </span>
               </div>
             </a>
           
@@ -845,7 +859,7 @@
               
           </div>
             Created using
-            <a href="http://www.sphinx-doc.org/">Sphinx</a> 4.0.2.
+            <a href="http://www.sphinx-doc.org/">Sphinx</a> 3.5.4.
              and
             <a href="https://github.com/bashtage/sphinx-material/">Material for
               Sphinx</a>

docs/architecture.rst

@@ -2,7 +2,7 @@
 Architecture
 ===============
 
-.. image:: images/nm-diagram.jpg
+.. image:: images/nm-diagram-2.jpg
    :width: 45%
    :alt: Netmaker Architecture Diagram
    :align: center
@@ -38,7 +38,7 @@ A full `mesh network <https://www.bbc.co.uk/bitesize/guides/zr3yb82/revision/2>`
 
 This is in contrast to a hub-and-spoke network, where each machine must first pass its traffic through a relay server before it can reach other machines.
 
-In certain situations you may either want or need a *partial mesh* network, where only some devices can reach each other directly, and other devices must route their traffic through a relay/gateway. Netmaker can use this model in some use cases where it makes sense.
+In certain situations you may either want or need a *partial mesh* network, where only some devices can reach each other directly, and other devices must route their traffic through a relay/gateway. Netmaker can use this model in some use cases where it makes sense. In the diagram at the top of this page, the setup is a partial mesh, because the servers (nodes A-D) are meshed, but then external clients come in via a gateway, and are not meshed.
 
 Mesh networks are generally faster than other topologies, but are also more complicated to set up. WireGuard on its own gives you the means to create encrypted tunnels between devices, but it does not provide a method for setting up a full network. This is where Netmaker comes in.
 

docs/quick-start.rst

@@ -7,7 +7,7 @@ Introduction
 
 This is a guide to getting up and running with Netmaker as quickly as possible. 
 
-By default, Netmaker ships with DNS Mode and Client Mode enabled. However, these features require special permissions and are not necessary for a simple setup, so we are going to deploy without them. To learn more about enabling these features, check out the :doc:`installation docs <./server-installation>`.
+By default, Netmaker ships with DNS Mode, Client Mode, and Secure GRPC enabled. However, these features require special permissions and are not necessary for a simple setup, so we are going to deploy without them. To learn more about enabling these features, check out the :doc:`installation docs <./server-installation>`.
 
 Prerequisites
 ==================
@@ -77,7 +77,7 @@ Deploy Nodes
   * ``which wg`` (should show wg binary present)
   * ``pidof systemd && echo "systemd found" || echo "systemd not found"``
 
-4. Run the install command, Ex: ``curl -sfL https://raw.githubusercontent.com/gravitl/netmaker/v0.3/scripts/netclient-install.sh | KEY=vm3ow4thatogiwnsla3thsl3894ths sh -``
+4. Run the install command, Ex: ``curl -sfL https://raw.githubusercontent.com/gravitl/netmaker/v0.5/scripts/netclient-install.sh | KEY=vm3ow4thatogiwnsla3thsl3894ths sh -``
 
 You should get output similar to the below. The netclient retrieves local settings, submits them to the server for processing, and retrieves updated settings. Then it sets the local network configuration. For more information about this process, see the :doc:`client installation <./client-installation>` documentation. If this process failed and you do not see your node in the console (see below), then reference the :doc:`troubleshooting <./troubleshoot>` documentation.
 
@@ -127,7 +127,7 @@ Nodes can be added/removed/modified on the network at any time. Nodes can also b
 Uninstalling the netclient
 =============================
 
-1. To remove your nodes from the default network, run the following on each node: ``sudo netclient -c remove -n default``
+1. To remove your nodes from the default network, run the following on each node: ``sudo netclient leave -n default``
 2. To remove the netclient entirely from each node, run ``sudo rm -rf /etc/netclient`` (after running the first step)
 
 Uninstralling Netmaker

docs/server-installation.rst

@@ -15,6 +15,10 @@ Client Mode requires many additional privileges on the host machine, since Netma
 
 **DNS Mode:** DNS Mode enables Netmaker to write configuration files for CoreDNS, which can be set as a DNS Server for nodes. DNS Mode, paired with a CoreDNS deployment, requires use of port 53. On many linux systems (such as Ubuntu), port 53 is already in use to support local DNS, via systemd-resolved. Running in DNS Mode may require making modifications on the host machine.
 
+**Secure GRPC**: Secure GRPC ensures all communications between nodes and the server are encrypted. Netmaker sets up a default "comms" network that exists only for nodes to connect to the server. It acts as a hub-and-spoke WireGuard network. In the below installation instructions, when port 50555 needs to be open, this is referring to the WireGuard port for Netmaker's GRPC comms. When it is port 50051, secure comms is not enabled. 
+
+When Secure GRPC is enabled, before any nodes can join a Netmaker network, they request to join the comms network, and are given the appropriate WireGuard configs to connect to the server. Then they are able to make requests against the private netmaker endpoint specified for the comms network (10.101.0.1 by default). If switched off, communications are not secure between the hub and nodes over GRPC (it is like http vs https), and likewise, certificates must be added to gain secure communications.
+
 **Agent Backend:** The Agent Backend is the GRPC server (by default running on port 50051). This port is not needed for the admin server. If your use case requires special access configuration, you can run two Netmaker instances, one for the admin server, and one for node access.
 
 **REST Backend:** Similar to the above, the REST backend runs by default on port 8081, and is used for admin API and UI access. By enabling the REST backend while disabling the Agent backend, you can separate the two functions for more restricted environments.
@@ -23,20 +27,22 @@ Client Mode requires many additional privileges on the host machine, since Netma
 System Compatibility
 ====================
 
-Whether or not you run Netmaker in **Client Mode** is the main determination of system compatibility.
+Both **Client Mode** and **Secure GRPC** require WireGuard to be installed on the host system, and will require elevated privileges to perform network operations..
 
-With Client Mode **disabled**, Netmaker can be run on any system that supports Docker. This includes Windows, Mac, Linux, mainframes, and most Unix-based systems. It also requires no special privileges. Netmaker will only need ports for GRPC (50051 by default), the API (8081 by default), and CoreDNS (53, if enabled).
+When both of these features are **disabled**, Netmaker can be run on any system that supports Docker, including Windows, Mac, and Linux, and other systems. With these features disabled, no special privileges are required. Netmaker will only need ports for GRPC (50051 by default), the API (8081 by default), and CoreDNS (53, if enabled).
 
-With Client Mode **enabled** (the default), Netmaker has the same limitations as the :doc:`netclient <./client-installation>` (client networking agent), because client mode just means that the Netmaker server is also running a netclient. 
+With Client Mode and/or Secure GRPC **enabled** (the default), Netmaker has the same limitations as the :doc:`netclient <./client-installation>` (client networking agent), because client mode just means that the Netmaker server is also running a netclient. 
 
-This requires privileged (root) access to the host machine and multiple host directory mounts. It also requires WireGuard to be installed, and Linux with systemd installed (see :doc:`compatible systems <./architecture>` for more details).
+These modes require privileged (root) access to the host machine. In addition, Client Mode requires multiple host directory mounts. WireGuard must be installed, the system must be systemd Linux (see :doc:`compatible systems <./architecture>` for more details).
 
-To run a non-docker installation, you are running the Netmaker binary, CoreDNS binary, MongoDB, and a web server directly on your host. This requires all the requirements for those individual components. Our guided install assumes systemd-based linux, but there are many other ways to install Netmaker's individual components onto machines that do not support Docker. 
+To run a non-docker installation, you must run the Netmaker binary, CoreDNS binary, MongoDB, and a web server directly on the host. This requires all the requirements for those individual components. Our guided install assumes systemd-based linux, but there are many other ways to install Netmaker's individual components onto machines that do not support Docker. 
 
 DNS Mode Prereqisite Setup
 ====================================
 
-If you plan on running the server in DNS Mode, you will be deploying a CoreDNS server. We recommend binding CoreDNS to port 53 of the host system (which it will do by default). On some systems, this will conflift with existing processes. Specifically on linux systems running systemd-resolved, there may be a service consuming port 53. The below steps will disable systemd-resolved, and replace it with a generic (e.g. Google) nameserver. The following was tested on Ubuntu 20.04. This may have consequences for existing private DNS so proceed with caution:
+If you plan on running the server in DNS Mode, know that a `CoreDNS Server <https://coredns.io/manual/toc/>`_ will be installed. CoreDNS is a light-weight, fast, and easy-to-configure DNS server. It is recommended to bind CoreDNS to port 53 of the host system, and it will do so by default. The clients will expect the nameserver to be on port 53, and many systems have issues resolving a different port.
+
+However, on your host system (for Netmaker), this may conflict with an existing process. On linux systems running systemd-resolved, there is likely a service consuming port 53. The below steps will disable systemd-resolved, and replace it with a generic (e.g. Google) nameserver. Be warned that this may have consequences for any existing private DNS configuration. The following was tested on Ubuntu 20.04 and should be run prior to deploying the docker containers.
 
 1. ``systemctl stop systemd-resolved`` 
 2. ``systemctl disable systemd-resolved`` 
@@ -52,8 +58,8 @@ Docker Compose Install
 
 The most simple (and recommended) way of installing Netmaker is to use one of the provided `Docker Compose files <https://github.com/gravitl/netmaker/tree/feature_v0.3.5_docs/compose>`_. Below are instructions for several different options to install Netmaker via Docker Compose, followed by an annotated reference Docker Compose in case your use case requires additional customization.
 
-Slim Install - No DNS and No Client Mode
---------------------------------------------
+Slim Install - No DNS, No Client Mode, No Secure GRPC
+--------------------------------------------------------
 
 This is the same docker compose covered in the :doc:`quick start <./quick-start>`. It requires no special privileges and can run on any system with Docker and Docker Compose. However, it also does not have the full feature set, and lacks Client Mode and DNS Mode.
 
@@ -71,8 +77,8 @@ Assuming you have Docker and Docker Compose installed, you can just run the foll
 #. ``sed -i ‘s/HOST_IP/< Insert your-host IP Address Here >/g’ docker-compose.yml``
 #. ``docker-compose up -d``
 
-Full Install - DNS and Client Mode Enabled
---------------------------------------------
+Full Install - DNS, Client Mode, and Secure GRPC Enabled
+----------------------------------------------------------
 
 This installation gives you the fully-featured product with Client Mode and DNS Mode. 
 
@@ -81,8 +87,8 @@ This installation gives you the fully-featured product with Client Mode and DNS
   * sudo privileges
   * DNS Mode Prerequisite Setup (see above)
   * WireGuard installed
-  * ports 80, 8081, 53, and 50051 are not blocked by firewall
-  * ports 80, 8081, 53, 50051, and 27017 are not in use
+  * ports 80, 8081, 53, and 50555 are not blocked by firewall
+  * ports 80, 8081, 53, 50555, and 27017 are not in use
 
 **Notes:** 
   * You can change the port mappings in the Docker Compose if the listed ports are already in use.
@@ -123,8 +129,8 @@ DNS Mode is currently limited to clients that can run resolvectl (systemd-resolv
   * systemd linux (Debian or Ubuntu reccommended)
   * sudo privileges
   * WireGuard installed
-  * ports 80, 8081, and 50051 are not blocked by firewall
-  * ports 80, 8081, 50051, and 27017 are not in use
+  * ports 80, 8081, and 50555 are not blocked by firewall
+  * ports 80, 8081, 50555, and 27017 are not in use
 
 **Notes:** 
   * You can change the port mappings in the Docker Compose if the listed ports are already in use.
@@ -307,6 +313,47 @@ MONGO_OPTS:
 
     **Description:** Opts to enable admin login for Mongo.
 
+SERVER_GRPC_WIREGUARD: 
+    **Default:** "on"
+
+    **Description:** Whether to run GRPC over a WireGuard network. On by default. Secures the server comms. Switch to "off" to turn off. If off and running in production, make sure to have certificates installed to secure GRPC communications. 
+
+SERVER_GRPC_WG_INTERFACE: 
+    **Default:** "nm-grpc-wg"
+
+    **Description:** Interface to use for GRPC WireGuard network if enabled
+
+SERVER_GRPC_WG_ADDRESS:
+    **Default:** "10.101.0.1"
+
+    **Description:** Private Address to use for GRPC WireGuard network if enabled
+
+SERVER_GRPC_WG_ADDRESS_RANGE:
+    **Default:** "10.101.0.0/16"
+
+    **Description:** Private Address range to use for GRPC WireGard clients if enabled. Gives 65,534 total addresses for all of netmaker. If running a larger network, will need to configure addresses differently, for instance using ipv6, or use certificates instead.
+
+SERVER_GRPC_WG_PORT:
+    **Default:** 50555
+
+    **Description:** Port to use for GRPC WireGuard if enabled
+
+SERVER_GRPC_WG_PUBKEY:
+    **Default:** < generated at startup >
+
+    **Description:** PublicKey for GRPC WireGuard interface. Generated if left blank.
+
+SERVER_GRPC_WG_PRIVKEY:
+    **Default:** < generated at startup >
+
+    **Description:** PrivateKey for GRPC WireGuard interface. Generated if left blank.
+
+SERVER_GRPC_WG_KEYREQUIRED
+    **Default:** ""
+
+    **Description:** Determines if an Access Key is required to join the Comms network. Blank (meaning 'no') by default. Set to "yes" to turn on.
+
+
 Config File Reference
 ----------------------
 A config file may be placed under config/environments/<env-name>.yml. To read this file at runtime, provide the environment variable ENV at runtime. For instance, dev.yml paired with ENV=dev. Netmaker will load the specified Config file. This allows you to store and manage configurations for different environments. Below is a reference Config File you may use.

docs/support.rst

@@ -21,6 +21,12 @@ How do I install the Netclient on X?
 
 As per the above, there are many unsupported operating systems. You are still welcome to try, it is just an executable binary file after all. If the system is unix-based and has kernel WireGuard installed, netclient may very well mesh the device into the network. However, the service likely will encounter problems retrieving updates.
 
+Why MongoDB? SQL is better and smaller.
+----------------------------------------
+
+We are in a phase of rapid iteration. Every week the database schema changes. MongoDB makes our development process much more flexible. That said, we agree! SQL will be better for production, and indeed, we plan to switch over to SQL before v1.0, so please be patient with the resource consumption of MongoDB for the time being; it is helping to support a rapid pace of development. 
+
+
 Is Netmaker a VPN like NordNPN?
 --------------------------------
 

grpc/node.pb.go

@@ -668,7 +668,7 @@ type Client struct {
 	Accesskey            string   `protobuf:"bytes,3,opt,name=accesskey,proto3" json:"accesskey,omitempty"`
 	Address              string   `protobuf:"bytes,4,opt,name=address,proto3" json:"address,omitempty"`
 	Address6             string   `protobuf:"bytes,5,opt,name=address6,proto3" json:"address6,omitempty"`
-	Serverendpoint       string   `protobuf:"bytes,6,opt,name=serverendpoint,proto3" json:"serverendpoint,omitempty"`
+	Serverwgendpoint     string   `protobuf:"bytes,6,opt,name=serverwgendpoint,proto3" json:"serverwgendpoint,omitempty"`
 	Serverport           string   `protobuf:"bytes,7,opt,name=serverport,proto3" json:"serverport,omitempty"`
 	Serverkey            string   `protobuf:"bytes,8,opt,name=serverkey,proto3" json:"serverkey,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
@@ -736,9 +736,9 @@ func (m *Client) GetAddress6() string {
 	return ""
 }
 
-func (m *Client) GetServerendpoint() string {
+func (m *Client) GetServerwgendpoint() string {
 	if m != nil {
-		return m.Serverendpoint
+		return m.Serverwgendpoint
 	}
 	return ""
 }
@@ -1362,75 +1362,75 @@ func init() {
 func init() { proto.RegisterFile("grpc/node.proto", fileDescriptor_d13bd996b67da4ef) }
 
 var fileDescriptor_d13bd996b67da4ef = []byte{
-	// 1112 bytes of a gzipped FileDescriptorProto
+	// 1113 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x57, 0x4f, 0x6f, 0x23, 0x35,
-	0x14, 0x57, 0xd2, 0xa6, 0x49, 0x5f, 0x9a, 0xb6, 0xeb, 0xee, 0x16, 0x13, 0x96, 0x55, 0x15, 0xa1,
-	0x55, 0x17, 0xd1, 0xa6, 0x14, 0x69, 0x85, 0xc4, 0x01, 0x89, 0x2e, 0xaa, 0x40, 0xb0, 0x82, 0x41,
-	0x5c, 0xb8, 0xb9, 0x33, 0x2f, 0xb3, 0x56, 0xa6, 0xf6, 0x74, 0xec, 0x24, 0xdb, 0x1b, 0x17, 0x6e,
-	0x7c, 0x21, 0xbe, 0x0f, 0x57, 0xbe, 0x03, 0xf2, 0x9f, 0xc9, 0x78, 0xa6, 0xe9, 0x9f, 0x65, 0x6f,
-	0xdc, 0xc6, 0x3f, 0xbf, 0xbf, 0xbf, 0xe7, 0xf7, 0xec, 0x81, 0x9d, 0xb4, 0xc8, 0xe3, 0xb1, 0x90,
-	0x09, 0x1e, 0xe7, 0x85, 0xd4, 0x92, 0xac, 0x9b, 0xef, 0x51, 0x02, 0x5b, 0x3f, 0xc8, 0x94, 0x8b,
-	0x08, 0xaf, 0x66, 0xa8, 0x34, 0x79, 0x06, 0x70, 0xc9, 0x62, 0x96, 0x24, 0x05, 0x2a, 0x45, 0x5b,
-	0x07, 0xad, 0xc3, 0xcd, 0x28, 0x40, 0xc8, 0x10, 0x7a, 0x39, 0x53, 0x6a, 0x21, 0x8b, 0x84, 0xb6,
-	0xed, 0xee, 0x72, 0x4d, 0x28, 0x74, 0x05, 0xea, 0x85, 0x2c, 0xa6, 0x74, 0xcd, 0x6e, 0x95, 0xcb,
-	0xd1, 0xe7, 0x30, 0xf0, 0x5e, 0x54, 0x2e, 0x85, 0x42, 0x72, 0x00, 0x7d, 0x16, 0xc7, 0xa8, 0x94,
-	0x96, 0x53, 0x14, 0xde, 0x4f, 0x08, 0x8d, 0xfe, 0xec, 0xc2, 0xfa, 0x6b, 0x99, 0x20, 0xd9, 0x86,
-	0x36, 0x4f, 0xbc, 0x44, 0x9b, 0x27, 0x84, 0xc0, 0xba, 0x60, 0x97, 0xe8, 0xbd, 0xdb, 0x6f, 0xe3,
-	0xb9, 0x0c, 0xd9, 0x7b, 0x0e, 0xe2, 0xf5, 0x9f, 0x2f, 0xe9, 0xd0, 0xc5, 0x5b, 0xae, 0x4d, 0xae,
-	0x19, 0x57, 0x1a, 0x45, 0x2e, 0x0b, 0x4d, 0xd7, 0x0f, 0x5a, 0x87, 0x9d, 0x28, 0x40, 0xc8, 0x53,
-	0xd8, 0xcc, 0x67, 0x17, 0x19, 0x8f, 0xa7, 0x78, 0x4d, 0x3b, 0x56, 0xb9, 0x02, 0x8c, 0x65, 0x14,
-	0x49, 0x2e, 0xb9, 0xd0, 0x74, 0xc3, 0x59, 0x2e, 0xd7, 0x0d, 0x16, 0xbb, 0x77, 0xb2, 0xd8, 0x6b,
-	0xb0, 0x78, 0x00, 0x7d, 0x53, 0x99, 0x92, 0xc9, 0x4d, 0x47, 0x4d, 0x00, 0x99, 0xb8, 0xb8, 0xca,
-	0x51, 0x24, 0x5c, 0xa4, 0x14, 0x0e, 0x5a, 0x87, 0xbd, 0xa8, 0x02, 0xc8, 0x3e, 0x6c, 0xe4, 0x52,
-	0xe9, 0x59, 0x4e, 0xfb, 0x56, 0xd5, 0xaf, 0xac, 0x4f, 0xa9, 0x74, 0x22, 0x17, 0x82, 0x6e, 0x79,
-	0x9f, 0x7e, 0x6d, 0x2c, 0x4e, 0x11, 0x73, 0x96, 0xf1, 0x39, 0xd2, 0x81, 0x25, 0xa2, 0x02, 0x4c,
-	0x36, 0x8a, 0xcd, 0x31, 0x96, 0x62, 0xc2, 0x53, 0xba, 0x6d, 0x1d, 0x06, 0x88, 0xd1, 0x76, 0x95,
-	0x33, 0x3c, 0xed, 0x38, 0x9e, 0x96, 0x80, 0x8d, 0x56, 0x68, 0x2c, 0x26, 0x2c, 0x46, 0xba, 0xeb,
-	0x76, 0x97, 0x80, 0xc9, 0x36, 0x63, 0x4a, 0xc7, 0x6f, 0x30, 0x9e, 0x72, 0x41, 0x1f, 0xb9, 0x6c,
-	0x03, 0x88, 0x8c, 0x60, 0xcb, 0x2c, 0x2f, 0x65, 0xc2, 0x27, 0x1c, 0x13, 0x4a, 0xac, 0x48, 0x0d,
-	0x23, 0x87, 0xb0, 0xe3, 0xc5, 0xad, 0xe5, 0x39, 0xcb, 0xe8, 0x9e, 0xcd, 0xa2, 0x09, 0x5b, 0x6b,
-	0x32, 0x66, 0x59, 0x59, 0x9b, 0xc7, 0xde, 0x5a, 0x80, 0x99, 0x98, 0x0c, 0x33, 0xf1, 0x1b, 0x26,
-	0x52, 0x54, 0xf4, 0x89, 0x8b, 0x29, 0x80, 0x0c, 0x23, 0x2c, 0xcb, 0xe4, 0x02, 0x13, 0x9e, 0x2b,
-	0xba, 0xef, 0xea, 0x5b, 0x21, 0xe6, 0x3c, 0x72, 0x65, 0x6d, 0xd2, 0x0f, 0x2c, 0x5d, 0xe5, 0x92,
-	0x7c, 0x0a, 0xbb, 0x5c, 0x71, 0x91, 0x1a, 0x47, 0x29, 0xd3, 0xb8, 0x60, 0xd7, 0xf4, 0xa9, 0x15,
-	0xb9, 0x81, 0x93, 0x13, 0xd8, 0xab, 0x23, 0x85, 0xf1, 0x4e, 0x3f, 0xb6, 0xee, 0x56, 0x6d, 0x99,
-	0xc8, 0xb9, 0x4a, 0x66, 0x2c, 0x53, 0x9a, 0xc5, 0x53, 0xfa, 0x91, 0x35, 0x1c, 0x42, 0xe6, 0x74,
-	0x24, 0x42, 0xc9, 0xc9, 0x84, 0x52, 0xbb, 0xe9, 0x57, 0xb6, 0x17, 0x4c, 0x80, 0xce, 0xc5, 0x87,
-	0x2e, 0xa3, 0x0a, 0x19, 0xfd, 0xd1, 0x86, 0x9d, 0x33, 0xc3, 0xe5, 0x77, 0x55, 0x13, 0x53, 0xe8,
-	0xaa, 0x99, 0xad, 0xb3, 0x6d, 0xcf, 0x5e, 0x54, 0x2e, 0xc9, 0x73, 0xd8, 0x16, 0x88, 0x49, 0x8e,
-	0x58, 0xcc, 0xf2, 0x84, 0x69, 0xd7, 0xad, 0xbd, 0xa8, 0x81, 0x1a, 0x36, 0x0c, 0xe2, 0xce, 0x91,
-	0x97, 0x5c, 0x73, 0x6c, 0x34, 0xf1, 0xb2, 0x2f, 0x2e, 0x51, 0x29, 0x96, 0xa2, 0x6d, 0x57, 0xdf,
-	0x17, 0x1e, 0xaa, 0xf7, 0x45, 0xa7, 0xd9, 0x17, 0x9f, 0xc0, 0xc0, 0xd8, 0x9c, 0xe2, 0xb5, 0x77,
-	0xb4, 0x61, 0x25, 0xea, 0xa0, 0xe1, 0xc1, 0x00, 0x09, 0x66, 0xa8, 0xd1, 0x76, 0x6e, 0x2f, 0x0a,
-	0x90, 0xd1, 0x3f, 0x6d, 0x18, 0xfc, 0x84, 0x58, 0xa8, 0x25, 0x0b, 0x87, 0xb0, 0xc3, 0x15, 0xd6,
-	0x0a, 0xea, 0xd8, 0x68, 0xc2, 0xe4, 0x18, 0x08, 0xde, 0x2c, 0xa7, 0x9b, 0x63, 0x2b, 0x76, 0x6e,
-	0xab, 0xff, 0xe6, 0xed, 0xf5, 0xff, 0xef, 0x13, 0xeb, 0x61, 0x13, 0xb4, 0xf7, 0x8e, 0x13, 0xb4,
-	0xd9, 0x6d, 0xdd, 0x15, 0xdd, 0x76, 0xe7, 0xec, 0x19, 0xfd, 0xdd, 0x82, 0xdd, 0x6f, 0xdf, 0xea,
-	0x3a, 0xe5, 0xff, 0xbf, 0x34, 0x7f, 0x6f, 0xc3, 0xc6, 0x59, 0xc6, 0xd1, 0xdd, 0x1d, 0x79, 0xc1,
-	0xe7, 0x4c, 0xa3, 0xc9, 0xce, 0xdf, 0xc0, 0x15, 0x52, 0x4f, 0xbe, 0xdd, 0x4c, 0xbe, 0x36, 0x8b,
-	0xd7, 0x9a, 0xb3, 0x38, 0x48, 0x7f, 0xfd, 0xf6, 0xf4, 0x3b, 0x8d, 0xf4, 0x9f, 0xc3, 0xb6, 0xc2,
-	0x62, 0x8e, 0x45, 0x83, 0xd6, 0x06, 0x6a, 0xef, 0x09, 0x8b, 0x58, 0x9a, 0xfc, 0xad, 0x57, 0x21,
-	0x26, 0x36, 0xb7, 0x32, 0xb1, 0x39, 0x8e, 0x2b, 0x60, 0x34, 0x86, 0xc1, 0x59, 0x81, 0x4c, 0xa3,
-	0xb9, 0xf5, 0x23, 0xbc, 0x22, 0xcf, 0xc0, 0x3e, 0x51, 0x2c, 0x05, 0xfd, 0x53, 0x38, 0xb6, 0x6f,
-	0x17, 0xbb, 0xe9, 0x9e, 0x2e, 0x0d, 0x05, 0xf5, 0x10, 0x85, 0x5f, 0x6d, 0x97, 0xbf, 0x83, 0x87,
-	0x50, 0xe1, 0x7e, 0x0f, 0xe7, 0xd0, 0x8f, 0x90, 0x25, 0x95, 0xfd, 0xbb, 0x1f, 0x53, 0xc1, 0x83,
-	0xa9, 0x5d, 0x7f, 0x30, 0x1d, 0x85, 0x86, 0xee, 0xf7, 0xfb, 0x33, 0x0c, 0x5e, 0xd9, 0xf9, 0xf4,
-	0x50, 0xcf, 0x66, 0x98, 0x3a, 0x57, 0xaf, 0xab, 0xb7, 0x54, 0x08, 0x8d, 0x5e, 0xd4, 0x4d, 0xaa,
-	0xdb, 0xa7, 0xbd, 0xc9, 0xfa, 0x1c, 0xcb, 0x16, 0x7d, 0x9f, 0xac, 0xbf, 0x87, 0xed, 0x73, 0xd4,
-	0x55, 0xbb, 0xbf, 0x8f, 0xad, 0x2f, 0xc3, 0xa0, 0x14, 0x79, 0x01, 0x1d, 0x73, 0xef, 0x28, 0x4f,
-	0xe1, 0x9e, 0xa3, 0xb0, 0x36, 0x56, 0x22, 0x27, 0x31, 0x7a, 0xd5, 0x88, 0x42, 0x91, 0x53, 0xe8,
-	0xe1, 0x5b, 0x1d, 0xea, 0xef, 0x3b, 0xfd, 0xe6, 0x64, 0x8a, 0x96, 0x72, 0xa3, 0xcf, 0x00, 0x96,
-	0xf7, 0xe5, 0xfd, 0x27, 0xed, 0xc7, 0x40, 0x5a, 0x91, 0xaf, 0x97, 0xcf, 0x99, 0xc2, 0x1b, 0xf6,
-	0x8a, 0x4f, 0x9c, 0x62, 0xe3, 0x22, 0x8e, 0x9a, 0xd2, 0xa7, 0x7f, 0xad, 0x41, 0xdf, 0x58, 0xff,
-	0x05, 0x8b, 0x39, 0x8f, 0xcd, 0x4d, 0xd2, 0xb1, 0xef, 0x6f, 0x42, 0x9c, 0x81, 0xf0, 0xc9, 0x3f,
-	0xdc, 0xab, 0x61, 0x7e, 0xc4, 0xbe, 0x04, 0xa8, 0x9a, 0x8b, 0x78, 0x91, 0x5a, 0x7f, 0x0e, 0x57,
-	0x80, 0x8a, 0x9c, 0x40, 0xaf, 0x3c, 0xb8, 0xe4, 0x91, 0x13, 0x08, 0x3a, 0x62, 0x78, 0x03, 0x52,
-	0xc6, 0x53, 0xd5, 0x64, 0xa5, 0xa7, 0x5a, 0x9f, 0x0e, 0x57, 0x80, 0x56, 0xaf, 0x3a, 0xa0, 0xa5,
-	0x5e, 0xad, 0x0b, 0x86, 0x2b, 0x40, 0x5b, 0xcc, 0xf2, 0x60, 0x94, 0x11, 0x06, 0xa7, 0x77, 0x78,
-	0x03, 0x52, 0x27, 0x2d, 0xf2, 0x95, 0x3d, 0x4c, 0x65, 0xb5, 0xc9, 0xe3, 0xa5, 0x4c, 0x70, 0x56,
-	0x87, 0xab, 0x50, 0xa3, 0x7c, 0x04, 0x5d, 0x5f, 0x30, 0xb2, 0xdb, 0xa8, 0xdf, 0xd5, 0xb0, 0x89,
-	0xa8, 0x6f, 0xc6, 0xbf, 0x1d, 0xa5, 0x52, 0xa6, 0x19, 0x1e, 0xa7, 0x32, 0x63, 0x22, 0x3d, 0x96,
-	0x45, 0x3a, 0xb6, 0xbf, 0x6c, 0x17, 0xb3, 0xc9, 0x58, 0x5f, 0xe7, 0xa8, 0xc6, 0x53, 0x21, 0x17,
-	0xc2, 0xfe, 0xcc, 0xe5, 0x17, 0x17, 0x1b, 0x76, 0xf3, 0x8b, 0x7f, 0x03, 0x00, 0x00, 0xff, 0xff,
-	0xf3, 0x46, 0x2a, 0x24, 0xe2, 0x0d, 0x00, 0x00,
+	0x14, 0x57, 0xd2, 0xa6, 0x49, 0x5f, 0x9a, 0xb6, 0xeb, 0xee, 0x16, 0x13, 0x96, 0x55, 0x15, 0x21,
+	0xd4, 0x5d, 0xd1, 0xa6, 0x14, 0x69, 0x85, 0xc4, 0x01, 0x89, 0x2e, 0xaa, 0x40, 0xb0, 0x82, 0x41,
+	0x5c, 0xb8, 0xb9, 0x33, 0x2f, 0xb3, 0x56, 0xa6, 0xf6, 0x74, 0xec, 0x24, 0xdb, 0x3b, 0xdc, 0xf8,
+	0x42, 0x7c, 0x1f, 0xae, 0x7c, 0x07, 0xe4, 0x3f, 0x93, 0xf1, 0x4c, 0xd3, 0x3f, 0xcb, 0xde, 0xb8,
+	0x8d, 0x7f, 0x7e, 0x7f, 0x7f, 0xcf, 0xef, 0xd9, 0x03, 0x3b, 0x69, 0x91, 0xc7, 0x63, 0x21, 0x13,
+	0x3c, 0xce, 0x0b, 0xa9, 0x25, 0x59, 0x37, 0xdf, 0xa3, 0x04, 0xb6, 0x7e, 0x90, 0x29, 0x17, 0x11,
+	0x5e, 0xcd, 0x50, 0x69, 0xf2, 0x0c, 0xe0, 0x92, 0xc5, 0x2c, 0x49, 0x0a, 0x54, 0x8a, 0xb6, 0x0e,
+	0x5a, 0x87, 0x9b, 0x51, 0x80, 0x90, 0x21, 0xf4, 0x72, 0xa6, 0xd4, 0x42, 0x16, 0x09, 0x6d, 0xdb,
+	0xdd, 0xe5, 0x9a, 0x50, 0xe8, 0x0a, 0xd4, 0x0b, 0x59, 0x4c, 0xe9, 0x9a, 0xdd, 0x2a, 0x97, 0xa3,
+	0xcf, 0x61, 0xe0, 0xbd, 0xa8, 0x5c, 0x0a, 0x85, 0xe4, 0x00, 0xfa, 0x2c, 0x8e, 0x51, 0x29, 0x2d,
+	0xa7, 0x28, 0xbc, 0x9f, 0x10, 0x1a, 0xfd, 0xd9, 0x85, 0xf5, 0xd7, 0x32, 0x41, 0xb2, 0x0d, 0x6d,
+	0x9e, 0x78, 0x89, 0x36, 0x4f, 0x08, 0x81, 0x75, 0xc1, 0x2e, 0xd1, 0x7b, 0xb7, 0xdf, 0xc6, 0x73,
+	0x19, 0xb2, 0xf7, 0x1c, 0xc4, 0xeb, 0x3f, 0x5f, 0xd2, 0xa1, 0x8b, 0xb7, 0x5c, 0x9b, 0x5c, 0x33,
+	0xae, 0x34, 0x8a, 0x5c, 0x16, 0x9a, 0xae, 0x1f, 0xb4, 0x0e, 0x3b, 0x51, 0x80, 0x90, 0xa7, 0xb0,
+	0x99, 0xcf, 0x2e, 0x32, 0x1e, 0x4f, 0xf1, 0x9a, 0x76, 0xac, 0x72, 0x05, 0x18, 0xcb, 0x28, 0x92,
+	0x5c, 0x72, 0xa1, 0xe9, 0x86, 0xb3, 0x5c, 0xae, 0x1b, 0x2c, 0x76, 0xef, 0x64, 0xb1, 0xd7, 0x60,
+	0xf1, 0x00, 0xfa, 0xa6, 0x32, 0x25, 0x93, 0x9b, 0x8e, 0x9a, 0x00, 0x32, 0x71, 0x71, 0x95, 0xa3,
+	0x48, 0xb8, 0x48, 0x29, 0x1c, 0xb4, 0x0e, 0x7b, 0x51, 0x05, 0x90, 0x7d, 0xd8, 0xc8, 0xa5, 0xd2,
+	0xb3, 0x9c, 0xf6, 0xad, 0xaa, 0x5f, 0x59, 0x9f, 0x52, 0xe9, 0x44, 0x2e, 0x04, 0xdd, 0xf2, 0x3e,
+	0xfd, 0xda, 0x58, 0x9c, 0x22, 0xe6, 0x2c, 0xe3, 0x73, 0xa4, 0x03, 0x4b, 0x44, 0x05, 0x98, 0x6c,
+	0x14, 0x9b, 0x63, 0x2c, 0xc5, 0x84, 0xa7, 0x74, 0xdb, 0x3a, 0x0c, 0x10, 0xa3, 0xed, 0x2a, 0x67,
+	0x78, 0xda, 0x71, 0x3c, 0x2d, 0x01, 0x1b, 0xad, 0xd0, 0x58, 0x4c, 0x58, 0x8c, 0x74, 0xd7, 0xed,
+	0x2e, 0x01, 0x93, 0x6d, 0xc6, 0x94, 0x8e, 0xdf, 0x60, 0x3c, 0xe5, 0x82, 0x3e, 0x72, 0xd9, 0x06,
+	0x10, 0x19, 0xc1, 0x96, 0x59, 0x5e, 0xca, 0x84, 0x4f, 0x38, 0x26, 0x94, 0x58, 0x91, 0x1a, 0x46,
+	0x0e, 0x61, 0xc7, 0x8b, 0x5b, 0xcb, 0x73, 0x96, 0xd1, 0x3d, 0x9b, 0x45, 0x13, 0xb6, 0xd6, 0x64,
+	0xcc, 0xb2, 0xb2, 0x36, 0x8f, 0xbd, 0xb5, 0x00, 0x33, 0x31, 0x19, 0x66, 0xe2, 0x37, 0x4c, 0xa4,
+	0xa8, 0xe8, 0x13, 0x17, 0x53, 0x00, 0x19, 0x46, 0x58, 0x96, 0xc9, 0x05, 0x26, 0x3c, 0x57, 0x74,
+	0xdf, 0xd5, 0xb7, 0x42, 0xcc, 0x79, 0xe4, 0xca, 0xda, 0xa4, 0x1f, 0x58, 0xba, 0xca, 0x25, 0x79,
+	0x01, 0xbb, 0x5c, 0x71, 0x91, 0x1a, 0x47, 0x29, 0xd3, 0xb8, 0x60, 0xd7, 0xf4, 0xa9, 0x15, 0xb9,
+	0x81, 0x93, 0x13, 0xd8, 0xab, 0x23, 0x85, 0xf1, 0x4e, 0x3f, 0xb6, 0xee, 0x56, 0x6d, 0x99, 0xc8,
+	0xb9, 0x4a, 0x66, 0x2c, 0x53, 0x9a, 0xc5, 0x53, 0xfa, 0x91, 0x35, 0x1c, 0x42, 0xe6, 0x74, 0x24,
+	0x42, 0xc9, 0xc9, 0x84, 0x52, 0xbb, 0xe9, 0x57, 0xb6, 0x17, 0x4c, 0x80, 0xce, 0xc5, 0x87, 0x2e,
+	0xa3, 0x0a, 0x19, 0xfd, 0xd1, 0x86, 0x9d, 0x33, 0xc3, 0xe5, 0x77, 0x55, 0x13, 0x53, 0xe8, 0xaa,
+	0x99, 0xad, 0xb3, 0x6d, 0xcf, 0x5e, 0x54, 0x2e, 0xc9, 0xa7, 0xb0, 0x2d, 0x10, 0x93, 0x1c, 0xb1,
+	0x98, 0xe5, 0x09, 0xd3, 0xae, 0x5b, 0x7b, 0x51, 0x03, 0x35, 0x6c, 0x18, 0xc4, 0x9d, 0x23, 0x2f,
+	0xb9, 0xe6, 0xd8, 0x68, 0xe2, 0x65, 0x5f, 0x5c, 0xa2, 0x52, 0x2c, 0x45, 0xdb, 0xae, 0xbe, 0x2f,
+	0x3c, 0x54, 0xef, 0x8b, 0x4e, 0xb3, 0x2f, 0x3e, 0x81, 0x81, 0xb1, 0x39, 0xc5, 0x6b, 0xef, 0x68,
+	0xc3, 0x4a, 0xd4, 0x41, 0xc3, 0x83, 0x01, 0x12, 0xcc, 0x50, 0xa3, 0xed, 0xdc, 0x5e, 0x14, 0x20,
+	0xa3, 0x7f, 0xda, 0x30, 0xf8, 0x09, 0xb1, 0x50, 0x4b, 0x16, 0x0e, 0x61, 0x87, 0x2b, 0xac, 0x15,
+	0xd4, 0xb1, 0xd1, 0x84, 0xc9, 0x31, 0x10, 0xbc, 0x59, 0x4e, 0x37, 0xc7, 0x56, 0xec, 0xdc, 0x56,
+	0xff, 0xcd, 0xdb, 0xeb, 0xff, 0xdf, 0x27, 0xd6, 0xc3, 0x26, 0x68, 0xef, 0x1d, 0x27, 0x68, 0xb3,
+	0xdb, 0xba, 0x2b, 0xba, 0xed, 0xce, 0xd9, 0x33, 0xfa, 0xbb, 0x05, 0xbb, 0xdf, 0xbe, 0xd5, 0x75,
+	0xca, 0xff, 0x7f, 0x69, 0xfe, 0xde, 0x86, 0x8d, 0xb3, 0x8c, 0xa3, 0xbb, 0x3b, 0xf2, 0x82, 0xcf,
+	0x99, 0x46, 0x93, 0x9d, 0xbf, 0x81, 0x2b, 0xa4, 0x9e, 0x7c, 0xbb, 0x99, 0x7c, 0x6d, 0x16, 0xaf,
+	0x35, 0x67, 0x71, 0x90, 0xfe, 0xfa, 0xed, 0xe9, 0x77, 0x1a, 0xe9, 0xbf, 0x80, 0x5d, 0x85, 0xc5,
+	0x1c, 0x8b, 0x45, 0xda, 0x20, 0xf6, 0x06, 0x6e, 0xef, 0x0a, 0x8b, 0x59, 0xaa, 0xfc, 0xcd, 0x57,
+	0x21, 0x26, 0x3e, 0xb7, 0x32, 0xf1, 0x39, 0x9e, 0x2b, 0x60, 0x34, 0x86, 0xc1, 0x59, 0x81, 0x4c,
+	0xa3, 0xb9, 0xf9, 0x23, 0xbc, 0x22, 0xcf, 0xc0, 0x3e, 0x53, 0x2c, 0x0d, 0xfd, 0x53, 0x38, 0xb6,
+	0xef, 0x17, 0xbb, 0xe9, 0x9e, 0x2f, 0x0d, 0x05, 0xf5, 0x10, 0x85, 0x5f, 0x6d, 0xa7, 0xbf, 0x83,
+	0x87, 0x50, 0xe1, 0x7e, 0x0f, 0xe7, 0xd0, 0x8f, 0x90, 0x25, 0x95, 0xfd, 0xbb, 0x1f, 0x54, 0xc1,
+	0xa3, 0xa9, 0x5d, 0x7f, 0x34, 0x1d, 0x85, 0x86, 0xee, 0xf7, 0xfb, 0x33, 0x0c, 0x5e, 0xd9, 0x19,
+	0xf5, 0x50, 0xcf, 0x66, 0xa0, 0x3a, 0x57, 0xaf, 0xab, 0xf7, 0x54, 0x08, 0x8d, 0x9e, 0xd7, 0x4d,
+	0xaa, 0xdb, 0x27, 0xbe, 0xc9, 0xfa, 0x1c, 0xcb, 0x36, 0x7d, 0x9f, 0xac, 0xbf, 0x87, 0xed, 0x73,
+	0xd4, 0x55, 0xcb, 0xbf, 0x8f, 0xad, 0x2f, 0xc3, 0xa0, 0x14, 0x79, 0x0e, 0x1d, 0x73, 0xf7, 0x28,
+	0x4f, 0xe1, 0x9e, 0xa3, 0xb0, 0x36, 0x5a, 0x22, 0x27, 0x31, 0x7a, 0xd5, 0x88, 0x42, 0x91, 0x53,
+	0xe8, 0xe1, 0x5b, 0x1d, 0xea, 0xef, 0x3b, 0xfd, 0xe6, 0x74, 0x8a, 0x96, 0x72, 0xa3, 0xcf, 0x00,
+	0x96, 0x77, 0xe6, 0xfd, 0x27, 0xed, 0xc7, 0x40, 0x5a, 0x91, 0xaf, 0x97, 0x4f, 0x9a, 0xc2, 0x1b,
+	0xf6, 0x8a, 0x4f, 0x9c, 0x62, 0xe3, 0x32, 0x8e, 0x9a, 0xd2, 0xa7, 0x7f, 0xad, 0x41, 0xdf, 0x58,
+	0xff, 0x05, 0x8b, 0x39, 0x8f, 0xcd, 0x6d, 0xd2, 0xb1, 0x6f, 0x70, 0x42, 0x9c, 0x81, 0xf0, 0xd9,
+	0x3f, 0xdc, 0xab, 0x61, 0x7e, 0xcc, 0xbe, 0x04, 0xa8, 0x9a, 0x8b, 0x78, 0x91, 0x5a, 0x7f, 0x0e,
+	0x57, 0x80, 0x8a, 0x9c, 0x40, 0xaf, 0x3c, 0xb8, 0xe4, 0x91, 0x13, 0x08, 0x3a, 0x62, 0x78, 0x03,
+	0x52, 0xc6, 0x53, 0xd5, 0x64, 0xa5, 0xa7, 0x5a, 0x9f, 0x0e, 0x57, 0x80, 0x56, 0xaf, 0x3a, 0xa0,
+	0xa5, 0x5e, 0xad, 0x0b, 0x86, 0x2b, 0x40, 0x5b, 0xcc, 0xf2, 0x60, 0x94, 0x11, 0x06, 0xa7, 0x77,
+	0x78, 0x03, 0x52, 0x27, 0x2d, 0xf2, 0x95, 0x3d, 0x4c, 0x65, 0xb5, 0xc9, 0xe3, 0xa5, 0x4c, 0x70,
+	0x56, 0x87, 0xab, 0x50, 0xa3, 0x7c, 0x04, 0x5d, 0x5f, 0x30, 0xb2, 0xdb, 0xa8, 0xdf, 0xd5, 0xb0,
+	0x89, 0xa8, 0x6f, 0xc6, 0xbf, 0x1d, 0xa5, 0x52, 0xa6, 0x19, 0x1e, 0xa7, 0x32, 0x63, 0x22, 0x3d,
+	0x96, 0x45, 0x3a, 0xb6, 0xbf, 0x6d, 0x17, 0xb3, 0xc9, 0x58, 0x5f, 0xe7, 0xa8, 0xc6, 0x53, 0x21,
+	0x17, 0xc2, 0xfe, 0xd0, 0xe5, 0x17, 0x17, 0x1b, 0x76, 0xf3, 0x8b, 0x7f, 0x03, 0x00, 0x00, 0xff,
+	0xff, 0xf1, 0xb2, 0x6f, 0x12, 0xe6, 0x0d, 0x00, 0x00,
 }

grpc/node.proto

@@ -92,7 +92,7 @@ message Client {
     string accesskey = 3;
     string address = 4;
     string address6 = 5;
-    string serverendpoint = 6;
+    string serverwgendpoint = 6;
     string serverport = 7;
     string serverkey = 8;
 }

models/intclient.go

@@ -1,15 +1,15 @@
 package models
 
 type IntClient struct {
-  ClientID       string             `json:"clientid" bson:"clientid"`
+	ClientID       string             `json:"clientid" bson:"clientid"`
 	PrivateKey     string             `json:"privatekey" bson:"privatekey"`
 	PublicKey      string             `json:"publickey" bson:"publickey"`
 	AccessKey      string             `json:"accesskey" bson:"accesskey"`
 	Address        string             `json:"address" bson:"address"`
-	Address6        string            `json:"address6" bson:"address6"`
+	Address6       string             `json:"address6" bson:"address6"`
 	Network        string             `json:"network" bson:"network"`
-	ServerEndpoint  string            `json:"serverendpoint" bson:"serverendpoint"`
-  ServerAPIEndpoint  string         `json:"serverapiendpoint" bson:"serverapiendpoint"`
+	ServerWGEndpoint  string          `json:"serverwgendpoint" bson:"serverwgendpoint"`
+	ServerAPIEndpoint  string         `json:"serverapiendpoint" bson:"serverapiendpoint"`
 	ServerAddress  string             `json:"serveraddress" bson:"serveraddress"`
 	ServerPort     string             `json:"serverport" bson:"serverport"`
 	ServerKey      string             `json:"serverkey" bson:"serverkey"`

netclient/command/commands.go

@@ -28,29 +28,27 @@ func Join(cfg config.ClientConfig) error {
 
 	err := functions.JoinNetwork(cfg)
 	if err != nil {
-		 if !strings.Contains(err.Error(), "ALREADY_INSTALLED") {
-		 log.Println("Error installing: ", err)
-		 err = functions.LeaveNetwork(cfg.Network)
-		 if err != nil {
-			err = local.WipeLocal(cfg.Network)
+		if !strings.Contains(err.Error(), "ALREADY_INSTALLED") {
+			log.Println("Error installing: ", err)
+			err = functions.LeaveNetwork(cfg.Network)
 			if err != nil {
-				log.Println("Error removing artifacts: ", err)
+				err = local.WipeLocal(cfg.Network)
+				if err != nil {
+					log.Println("Error removing artifacts: ", err)
+				}
+			}
+			if cfg.Daemon != "off" {
+	                        err = local.RemoveSystemDServices(cfg.Network)
+	                        if err != nil {
+	                                log.Println("Error removing services: ", err)
+	                        }
 			}
-                        err = local.RemoveSystemDServices(cfg.Network)
-                        if err != nil {
-                                log.Println("Error removing services: ", err)
-                        }
-		}
-		os.Exit(1)
-		} else {
-			log.Println(err.Error())
-			os.Exit(1)
 		}
+		return err
 	}
         log.Println("joined " + cfg.Network)
 	if cfg.Daemon != "off" {
-		err = functions.Install(cfg)
-	        log.Println("installed daemon")
+		err = functions.InstallDaemon(cfg)
 	}
 	return err
 }

netclient/config/config.go

@@ -249,8 +249,8 @@ func ModGlobalConfig(cfg models.IntClient) error{
         if cfg.PrivateKey != ""{
                 modconfig.Client.PrivateKey = cfg.PrivateKey
         }
-        if cfg.ServerEndpoint != ""{
-                modconfig.Client.ServerEndpoint = cfg.ServerEndpoint
+        if cfg.ServerWGEndpoint != ""{
+                modconfig.Client.ServerWGEndpoint = cfg.ServerWGEndpoint
         }
         if cfg.ServerAddress != ""{
                 modconfig.Client.ServerAddress = cfg.ServerAddress
@@ -430,14 +430,20 @@ func GetCLIConfigRegister(c *cli.Context) (GlobalConfig, error){
                 token := string(tokenbytes)
                 tokenvals := strings.Split(token, "|")
                 cfg.Client.ServerAddress = tokenvals[0]
-                cfg.Client.ServerEndpoint = tokenvals[1]
-                cfg.Client.ServerKey = tokenvals[3]
+                cfg.Client.ServerAPIEndpoint = tokenvals[1]
+		servervals := strings.Split(tokenvals[1], ":")
+		wgvals := strings.Split(tokenvals[0], ":")
+		cfg.Client.ServerWGEndpoint = servervals[0]
+                cfg.Client.ServerAddress = wgvals[0]
+                cfg.Client.ServerPort = wgvals[1]
+
+		cfg.Client.ServerKey = tokenvals[3]
 
                 if c.String("grpcserver") != "" {
                         cfg.Client.ServerAddress = c.String("grpcserver")
                 }
                 if c.String("apiserver") != "" {
-                        cfg.Client.ServerEndpoint = c.String("apiserver")
+                        cfg.Client.ServerAPIEndpoint = c.String("apiserver")
                 }
                 if c.String("key") != "" {
                         cfg.Client.ServerKey = c.String("key")
@@ -447,7 +453,7 @@ func GetCLIConfigRegister(c *cli.Context) (GlobalConfig, error){
                 }
         } else {
                 cfg.Client.ServerAddress = c.String("grpcserver")
-                cfg.Client.ServerEndpoint = c.String("apiserver")
+                cfg.Client.ServerWGEndpoint = c.String("apiserver")
                 cfg.Client.ServerKey = c.String("key")
                 cfg.Client.Network = c.String("network")
         }

netclient/functions/common.go

@@ -319,7 +319,9 @@ func LeaveNetwork(network string) error {
 	if err != nil {
                 log.Printf("Unable to wipe local config: %v", err)
 	}
-	err =  local.RemoveSystemDServices(network)
+	if cfg.Daemon != "off" {
+		err =  local.RemoveSystemDServices(network)
+	}
 	return err
 }
 

netclient/functions/install.go

@@ -5,7 +5,7 @@ import (
         "github.com/gravitl/netmaker/netclient/local"
 )
 
-func Install(cfg config.ClientConfig) error {
+func InstallDaemon(cfg config.ClientConfig) error {
 
 	var err error
 	err = local.ConfigureSystemD(cfg.Network)

netclient/functions/join.go

@@ -186,8 +186,7 @@ func JoinNetwork(cfg config.ClientConfig) error {
 	if node.Ispending {
 		fmt.Println("Node is marked as PENDING.")
 		fmt.Println("Awaiting approval from Admin before configuring WireGuard.")
-	        if cfg.Daemon != "no" {
-			fmt.Println("Configuring Netmaker Service.")
+	        if cfg.Daemon != "off" {
 			err = local.ConfigureSystemD(cfg.Network)
 			return err
 		}
@@ -206,7 +205,7 @@ func JoinNetwork(cfg config.ClientConfig) error {
         if err != nil {
                 return err
         }
-	if cfg.Daemon == "off" {
+	if cfg.Daemon != "off" {
 		err = local.ConfigureSystemD(cfg.Network)
 	}
         if err != nil {

netclient/functions/register.go

@@ -34,6 +34,7 @@ func Register(cfg config.GlobalConfig) error {
 		Address6: cfg.Client.Address6,
 		Network: "comms",
 	}
+
 	jsonstring, err := json.Marshal(postclient)
         if err != nil {
                 return err
@@ -41,7 +42,7 @@ func Register(cfg config.GlobalConfig) error {
 	jsonbytes := []byte(jsonstring)
 	body := bytes.NewBuffer(jsonbytes)
 	log.Println("registering to http://"+cfg.Client.ServerAPIEndpoint+"/api/client/register")
-	res, err := http.Post("http://"+cfg.Client.ServerEndpoint+"/api/intclient/register","application/json",body)
+	res, err := http.Post("http://"+cfg.Client.ServerAPIEndpoint+"/api/intclient/register","application/json",body)
         if err != nil {
                 return err
         }
@@ -59,7 +60,10 @@ func Register(cfg config.GlobalConfig) error {
         if err != nil {
                 return err
         }
-
+	if wgclient.ServerWGEndpoint == "" {
+		wgclient.ServerWGEndpoint = cfg.Client.ServerWGEndpoint
+	}
+        spew.Dump(wgclient)
 	err = wireguard.InitGRPCWireguard(wgclient)
         if err != nil {
                 return err
@@ -71,22 +75,23 @@ func Register(cfg config.GlobalConfig) error {
 func Unregister(cfg config.GlobalConfig) error {
 	client := &http.Client{ Timeout: 7 * time.Second,}
 	req, err := http.NewRequest("DELETE", "http://"+cfg.Client.ServerAPIEndpoint+"/api/intclient/"+cfg.Client.ClientID, nil)
-        if err != nil {
-                return err
-        }
-	res, err := client.Do(req)
-        if res == nil {
-                return errors.New("server not reachable at " + "http://"+cfg.Client.ServerAPIEndpoint+"/api/intclient/"+cfg.Client.ClientID)
-
-	} else if res.StatusCode != http.StatusOK {
-                return errors.New("request to server failed: " + res.Status)
-                defer res.Body.Close()
-	} else {
-	        err = local.WipeGRPCClient()
-		if err == nil {
-			log.Println("successfully removed grpc client interface")
+	if err != nil {
+                log.Println(err)
+        } else {
+		res, err := client.Do(req)
+		if res == nil {
+	                err = errors.New("server not reachable at " + "http://"+cfg.Client.ServerAPIEndpoint+"/api/intclient/"+cfg.Client.ClientID)
+			log.Println(err)
+		} else if res.StatusCode != http.StatusOK {
+			err = errors.New("request to server failed: " + res.Status)
+	                log.Println(err)
+			defer res.Body.Close()
 		}
 	}
+	err = local.WipeGRPCClient()
+	if err == nil {
+		log.Println("successfully removed grpc client interface")
+	}
 	return err
 }
 

netclient/server/grpc.go

@@ -113,13 +113,10 @@ func RemoveNetwork(network string) error {
 	if err != nil {
                 log.Printf("Unable to wipe local config: %v", err)
 	}
-	err =  local.RemoveSystemDServices(network)
-        if err != nil {
-                return err
-                log.Printf("Unable to remove systemd services: %v", err)
-        }
-
-	return nil
+	if cfg.Daemon != "off" {
+		err =  local.RemoveSystemDServices(network)
+	}
+	return err
 }
 
 func GetPeers(macaddress string, network string, server string, dualstack bool, isIngressGateway bool) ([]wgtypes.PeerConfig, bool, []string, error) {

netclient/wireguard/kernel.go

@@ -1,6 +1,7 @@
 package wireguard
 
 import (
+"github.com/davecgh/go-spew/spew"
 	"fmt"
 	"strconv"
 	"errors"
@@ -91,11 +92,11 @@ func InitGRPCWireguard(client models.IntClient) error {
         }
 	var allowedips []net.IPNet
         allowedips = append(allowedips, peeraddr)
-
+	net.ParseIP(client.ServerWGEndpoint)
 	peer := wgtypes.PeerConfig{
                PublicKey: serverkey,
                Endpoint: &net.UDPAddr{
-                         IP:   net.ParseIP(client.ServerEndpoint),
+                         IP:   net.ParseIP(client.ServerWGEndpoint),
                          Port: serverport,
                },
                ReplaceAllowedIPs: true,
@@ -116,6 +117,7 @@ func InitGRPCWireguard(client models.IntClient) error {
                         return err
                 }
         }
+	spew.Dump(conf)
         err = wgclient.ConfigureDevice(ifacename, conf)
 
         if err != nil {

serverctl/wireguard.go

@@ -61,7 +61,7 @@ func InitServerWireGuard() error {
 	var client models.IntClient
 	client.PrivateKey = wgconfig.GRPCWGPrivKey
 	client.PublicKey = wgconfig.GRPCWGPubKey
-	client.ServerEndpoint = wgconfig.GRPCWGEndpoint
+	client.ServerWGEndpoint = wgconfig.GRPCWGEndpoint
 	client.ServerAddress = wgconfig.GRPCWGAddress
 	client.ServerPort = wgconfig.GRPCWGPort
 	client.Address = wgconfig.GRPCWGAddress