0.9.4 docs

docs/_build/html/_sources/client-installation.rst.txt

@@ -1,6 +1,6 @@
-====================
-Client Installation
-====================
+================================
+Advanced Client Installation
+================================
 
 This document tells you how to install the netclient on machines that will be a part of your Netmaker network, as well as non-compatible systems.
 

docs/_build/html/_sources/egress-gateway.rst.txt

@@ -5,68 +5,92 @@ Egress Gateway
 Introduction
 ===============
 
-Netmaker allows for "external clients" to reach into a network and access services via an Ingress Gateway. So what is an "external client"? An external client is any machine which cannot or should not be meshed. This can include:
-        - Phones
-        - Laptops
-        - Desktops
+.. image:: images/egress1.png
+   :width: 80%
+   :alt: Gateway
+   :align: center
 
-An external client is not "managed," meaning it does not automatically pull the latest network configuration, or push changes to its configuration. Instead, it uses a generated WireGuard config file to access the designated **Ingress Gateway**, which **is** a managed server (running netclient). This server then forwards traffic to the appropriate endpoint, acting as a middle-man/relay.
+Netmaker allows your clients to reach external networks via an Egress Gateway. The Egress Gateway is a netclient which has been deployed to a server or router with access to a given subnet.
 
-By using this method, you can hook any machine into a netmaker network that can run WireGuard.
+In the netmaker UI, that node is set as an "egress gateway." Range(s) are specified which this node has access to. Once created, all clients (and all new ext clients) in the network will be able to reach those ranges via the gateway.
 
-It is recommended to run the netclient where compatible, but for all other cases, a machine can be configured as an external client.
+Configuring an Egress Gateway
+==================================
 
-Important to note, an external client is not **reachable** by the network, meaning the client can establish connections to other machines, but those machines cannot independently establish a connection back. The External Client method should only be used in use cases where one wishes to access resource running on the virtual network, and **not** for use cases where one wishes to make a resource accessible on the network. For that, use netclient.
+Configuring an Egress Gateway is very straight forward. As a prerequisite, you must know what you are trying to access remotely. For instance:
 
-Configuring an Ingress Gateway
-==================================
+- a VPC
+- a Kubernetes network
+- a home network
+- an office network
+- a data center
+
+After you have determined this, you must next deploy a netclient in a compatible location where the network is accessible. For instance, a Linux server or router in the office, or a Kubernetes worker node. This machine should be stable and relatively static (not expected to change its IP frequently or shut down unexpectedly).
 
-External Clients must attach to an Ingress Gateway. By default, your network will not have an ingress gateway. To configure an ingress gateway, you can use any node in your network, but it should have a public IP address (not behind a NAT). Your Netmaker server can be an ingress gateway and makes for a good default choice if you are unsure of which node to select.
+Next, you must determine which interface to use in order to reach the internal network. As an example, lets say there is a machine in the network at 10.10.10.2, and you have deployed the netclient on a different machine. You can run 
 
-.. image:: images/exclient1.png
+.. code-block::
+
+   ip route get 10.10.10.2
+
+This should return the interface used to reach that address (e.x. "eth2")
+
+Finally, once you have determined the interface, the subnet, and deployed your netclient, you can go to your Netmaker UI and set the node as a gateway.
+
+.. image:: images/egress7.png
    :width: 80%
    :alt: Gateway
    :align: center
 
-Adding Clients to a Gateway
-=============================
-
-Once you have configured a node as a gateway, you can then add clients to that gateway. Clients will be able to access other nodes in the network just as the gateway node does.
+At this point simply insert the range(s) into the first field, and the interface name into the second field, and click "create".
 
-.. image:: images/exclient2.png
+.. image:: images/ui-6.jpg
    :width: 80%
    :alt: Gateway
    :align: center
 
-After creating a client, you can edit the name to something more logical.
+Netmaker will set iptables rules on the node, which will then implement these rules, allowing it to route traffic from the network to the specified range(s).
 
-.. image:: images/exclient3.png
+Use Cases
+============
+
+1) Remote Access
+-------------------
+
+A common scenario would be to combine this with an "Ingress Gateway" to create a simple method for accessing a home or office network. Such a setup would typically have only two nodes: the ingress and egress gateways. The Ingress Gateway should usually be globally accessible, which makes the Netmaker server itself a good candidate. This means you need only the netmaker server as the Ingress, and one additional machine (in the private network you wish to reach), as the Egress.
+
+.. image:: images/egress2.png
    :width: 80%
    :alt: Gateway
    :align: center
 
-Then, you can either download the configuration file directly, or scan the QR code from your phone (assuming you have the WireGuard app installed). It will accept the configuration just as it would accept a typical WireGuard configuration file.
+In some scenarios, a single node will act as both ingress and egress! For instance, you can enable acess to a VPC using your Netmaker server, deployed with a public IP. Traffic comes in over the public IP (encrypted of course) and then routes to the VPC subnet via the egress gateway.
 
-.. image:: images/exclient4.png
-   :width: 80%
+.. image:: images/egress3.png
+   :width: 50%
    :alt: Gateway
    :align: center
 
-Example config file: 
+2) VPN / NAT Gateway
+-----------------------
 
-.. literalinclude:: ./examplecode/myclient.conf
+Most people think of a VPN as a remote server that keeps your internet traffic secure while you browse the web, or as a tool for accessing internet services in another country,using a VPN server based in that country.
 
-Your client should now be able to access the network! A client can be invalidated at any time by simply deleting it from the UI.
+These are not typical use cases for Netmaker, but can be easily enabled.
 
-Configuring DNS for Ext Clients (OPTIONAL)
-============================================
+**The most important note is this: Do not use 0.0.0.0/0 as your egress gateway.** This is how you typically set up a "standard" VPN with WireGuard, however, it will not work with Netmaker. The Netclient specifically ignores gateways that overlap with local ranges (for efficiency ranges). 0.0.0.0 overlaps with everything, so it is always ignored.
 
-If you wish to have a DNS field on your ext clients conf, simply edit the network field as shown below to 1.1.1.1 or 8.8.8.8 for example.
-If you do not want DNS on your ext client conf files, simply leave it blank.
+Instead, use the following list of ranges:
 
-.. image:: images/extclient5.png
-   :width: 80%
+.. code-block::
+
+   0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/3,160.0.0.0/5,168.0.0.0/6,172.0.0.0/12,172.32.0.0/11,172.64.0.0/10,172.128.0.0/9,173.0.0.0/8,174.0.0.0/7,176.0.0.0/4,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4
+
+This list encompasses the standard "public" network ranges, and ignores the standard "private" network ranges.
+
+Simply paste this list into your "egress gateway ranges" and your clients should begin routing public-facing traffic over the gateway.
+
+.. image:: images/egress5.png
+   :width: 50%
    :alt: Gateway
    :align: center
-
-Important to note, your client automatically adds egress gateway ranges (if any on the same network) to it's allowed IPs.

docs/_build/html/_sources/external-clients.rst.txt

@@ -5,6 +5,11 @@ Ingress + External Clients
 Introduction
 ===============
 
+.. image:: images/ingress1.png
+   :width: 50%
+   :alt: Gateway
+   :align: center
+
 Netmaker allows for "external clients" to reach into a network and access services via an Ingress Gateway. So what is an "external client"? An external client is any machine which cannot or should not be meshed. This can include:
         - Phones
         - Laptops

docs/_build/html/_sources/index.rst.txt

@@ -25,114 +25,100 @@ This documentation covers Netmaker's :doc:`installation <./server-installation>`
 
 **For Kubernetes-specific guidance, please see the** `Netmaker Kubernetes Documentation. <https://nm-k8s.readthedocs.io>`_
 
-.. :raw-html:`<br />`
-
-.. .. raw:: html
-..   :file: youtube-1.html
-
 About
 --------
 
+High-level information about what Netmaker is and how it works.
+
 .. toctree::
    :maxdepth: 2
 
    about
-
-A quick overview of Netmaker, explaining what it is, how it works, and why you should be using it.
-
-Architecture
----------------
-
-A technical overview of Netmaker, including design decisions and limitations.
-
-.. toctree::
-   :maxdepth: 2
    
    architecture
 
-Install
+Getting Started
 ------------------------------------
 
-Choose the right install method for you.
+How to install Netmaker and set up your first network.
 
 .. toctree::
-   :maxdepth: 1
+   :maxdepth: 2
 
    install
 
-Quick Start
----------------
-
-A quick start guide to getting up and running with Netmaker and WireGuard as quickly as possible.
-
-.. toctree::
-   :maxdepth: 2
-
    quick-start
 
-.. toctree::
-   :maxdepth: 2
-
    getting-started
 
-Server Installation
---------------------
+Ingress, Egress, and Relays
+------------------------------
 
-A detailed guide to installing the Netmaker server (API, DB, UI, DNS), and configuration options.
+How to give machines outside of the Netmaker network access to network resources via an Ingress Gateway:
 
 .. toctree::
    :maxdepth: 2
    
-   server-installation
+   external-clients
 
-Oauth Configuration
---------------------
+How to give machines inside the Netmaker network access to external network resources via an Egress Gateway:
 
-A simple guide to configuring OAuth for Netmaker.
 
 .. toctree::
    :maxdepth: 2
    
-   oauth
+   egress-gateway
 
+How to make machines inside the network reachable if they are blocked by NAT/Firewall:
 
-Client Installation
---------------------
+.. toctree::
+   :maxdepth: 2
+   
+   relay-server
 
-A detailed guide to installing the Netmaker agent (netclient) on devices and configuration options.
+Kubernetes Documentation
+---------------------------
 
 .. toctree::
-   :maxdepth: 2
+
+   Kubernetes <https://nm-k8s.readthedocs.io>
    
-   client-installation
+`Netmaker Kubernetes Documentation <https://nm-k8s.readthedocs.io>`_
 
-Ingress, Egress, and Relays
-------------------------------
 
-**Ingress:** A guide on how to give machines outside of the Netmaker network access to network resources via an Ingress Gateway.
+Advanced Server Installation
+-------------------------------
+
+A detailed guide to installing the Netmaker server (API, DB, UI, DNS), and configuration options.
 
 .. toctree::
-   :maxdepth: 1
+   :maxdepth: 2
    
-   external-clients
+   server-installation
 
-**Egress:** A guide on how to give machines inside the Netmaker network access to external network resources via an Egress Gateway.
+Advanced Client Installation
+--------------------------------
 
+A detailed guide to installing the Netmaker agent (netclient) on devices and configuration options.
 
 .. toctree::
-   :maxdepth: 1
+   :maxdepth: 2
    
-   egress-gateway
+   client-installation
+
+
+Oauth Configuration
+--------------------
 
-**Relay:** A guide on how to make machines inside the network reachable if they are blocked by NAT/Firewall.
+A simple guide to configuring OAuth for Netmaker.
 
 .. toctree::
-   :maxdepth: 1
+   :maxdepth: 2
    
-   relay-server
+   oauth
 
 
-Guides
+External Guides
 ----------------
 
 A handful of guides for use cases including site-to-site, Kubernetes, private DNS, and more.
@@ -157,8 +143,6 @@ API Reference
 
 A reference document for the Netmaker Server API, and example API calls for various use cases.
 
-**Coming Soon:** Swagger Documentation
-
 .. toctree::
    :maxdepth: 1
 

docs/_build/html/_sources/relay-server.rst.txt

@@ -5,68 +5,32 @@ Relay Servers
 Introduction
 ===============
 
-Netmaker allows for "external clients" to reach into a network and access services via an Ingress Gateway. So what is an "external client"? An external client is any machine which cannot or should not be meshed. This can include:
-        - Phones
-        - Laptops
-        - Desktops
-
-An external client is not "managed," meaning it does not automatically pull the latest network configuration, or push changes to its configuration. Instead, it uses a generated WireGuard config file to access the designated **Ingress Gateway**, which **is** a managed server (running netclient). This server then forwards traffic to the appropriate endpoint, acting as a middle-man/relay.
-
-By using this method, you can hook any machine into a netmaker network that can run WireGuard.
-
-It is recommended to run the netclient where compatible, but for all other cases, a machine can be configured as an external client.
-
-Important to note, an external client is not **reachable** by the network, meaning the client can establish connections to other machines, but those machines cannot independently establish a connection back. The External Client method should only be used in use cases where one wishes to access resource running on the virtual network, and **not** for use cases where one wishes to make a resource accessible on the network. For that, use netclient.
-
-Configuring an Ingress Gateway
-==================================
-
-External Clients must attach to an Ingress Gateway. By default, your network will not have an ingress gateway. To configure an ingress gateway, you can use any node in your network, but it should have a public IP address (not behind a NAT). Your Netmaker server can be an ingress gateway and makes for a good default choice if you are unsure of which node to select.
-
-.. image:: images/exclient1.png
+.. image:: images/relay1.png
    :width: 80%
-   :alt: Gateway
+   :alt: Relay
    :align: center
 
-Adding Clients to a Gateway
-=============================
+Sometimes nodes are in hard-to-reach places. Typically this will be due to a CGNAT, Double NAT, or restrictive firewall. In such scenarios, a direct peer-to-peer connection with all other nodes might be impossible.
 
-Once you have configured a node as a gateway, you can then add clients to that gateway. Clients will be able to access other nodes in the network just as the gateway node does.
+For this reason, Netmaker has a Relay Server functionality. At any time you may designate a publicly reachable node (such as the Netmaker Server) as a Relay, and tell it which machines it should relay. Then, all traffic routing to and from that machine will go through the relay. This allows you to circumvent the above issues and ensure connectivity when direct measures do not work.
 
-.. image:: images/exclient2.png
-   :width: 80%
-   :alt: Gateway
-   :align: center
+Configuring a Relay
+==================================
 
-After creating a client, you can edit the name to something more logical.
+To create a relay, you can use any node in your network, but it should have a public IP address (not behind a NAT). Your Netmaker server can be a relay server and makes for a good default choice if you are unsure of which node to select.
 
-.. image:: images/exclient3.png
-   :width: 80%
-   :alt: Gateway
-   :align: center
+Simply click the relay button in the nodes list. Then, specify the nodes which it should relay. You can either enter the IP's directly, select from a list, or click "Select All."
 
-Then, you can either download the configuration file directly, or scan the QR code from your phone (assuming you have the WireGuard app installed). It will accept the configuration just as it would accept a typical WireGuard configuration file.
-
-.. image:: images/exclient4.png
+.. image:: images/ui-7.jpg
    :width: 80%
-   :alt: Gateway
+   :alt: Relay
    :align: center
 
-Example config file: 
-
-.. literalinclude:: ./examplecode/myclient.conf
+If you choose "select all" this essentially turns your network into a hub-and-spoke network. All traffic now routes over the relay node. This can create a bottleneck and slow down your network, but in some scenarios may simplify network operations.
 
-Your client should now be able to access the network! A client can be invalidated at any time by simply deleting it from the UI.
+After creation, you can change the list of relayed nodes by clicking "edit node" and editing the list (Field #12 below).
 
-Configuring DNS for Ext Clients (OPTIONAL)
-============================================
-
-If you wish to have a DNS field on your ext clients conf, simply edit the network field as shown below to 1.1.1.1 or 8.8.8.8 for example.
-If you do not want DNS on your ext client conf files, simply leave it blank.
-
-.. image:: images/extclient5.png
-   :width: 80%
-   :alt: Gateway
+.. image:: images/ui-5.jpg
+   :width: 40%
+   :alt: Relay
    :align: center
-
-Important to note, your client automatically adds egress gateway ranges (if any on the same network) to it's allowed IPs.

docs/_build/html/_sources/support.rst.txt

@@ -5,25 +5,10 @@ Support
 FAQ
 ======
 
-Does/Will Netmaker Support X Operating System?
---------------------------------------------------
-
-Netmaker is initially available on a limited number of operating systems for good reason: Every operating system is designed differently. With a small team, we can either focus on making Netmaker do a lot on a few number of operating systems, or a little on a bunch of operating systems. We chose the first option. You can view the System Compatibility docs for more info, but in general, you should only be using Netmaker on systemd linux right now.
-
-However, via "external clients", any device that supports WireGuard can be added to the network. 
-
-In future iterations will expand the operating system support for Netclient, and devices that must use the "external client" feature can switch to Netclient.
-
-How do I install the Netclient on X?
----------------------------------------
-
-As per the above, there are many unsupported operating systems. You are still welcome to try, it is just an executable binary file after all. If the system is unix-based and has kernel WireGuard installed, netclient may very well mesh the device into the network. However, the service likely will encounter problems retrieving updates.
-
-
 Is Netmaker a VPN like NordNPN?
 --------------------------------
 
-No. Netmaker makes Virtual Networks, which are technically VPNs, but different. It's more like a corporate VPN, or a VPC (if you're familiar with AWS).
+No. Netmaker makes Virtual Networks, which are technically VPNs, but different. It's more like a corporate VPN, or a VPC (if you're familiar with AWS). Netmaker is often compared to OpenVPN, Tailscale, or Nebula.
 
 If you're looking to achieve self-hosted web browsing, with functionality similar to NordVPN, ExpressVPN, Surfshark, Tunnelbear, or Private Internet Access, this is probably not the project for you. Technically, you can accomplish this with Netmaker, but it would be a little like using a all-terrain vehicle for stock car racing.
 
@@ -34,23 +19,25 @@ https://github.com/pivpn/pivpn
 https://github.com/subspacecloud/subspace
 https://github.com/mullvad/mullvadvpn-app
 
-Do you offer any enterprise support?
---------------------------------------
+Do you have an 'Exit Nodes' feature?
+---------------------------------------
 
-If you are interested in enterprise support for your project, please contact [email protected].
+Please see the :doc:`Egress Gateway <./egress-gateway>` documentation.
 
+Do you offer any business or enterprise support?
+---------------------------------------------------
 
-Why the SSPL License?
-----------------------
+Yes, please contact [email protected] or visit https://gravitl.com/plans.
 
-We thought long and hard about the license. Ultimately, we think this is the best way to support and ensure the health of the project long term. The community deserves something that is well-maintained, and in order to do that, eventually we need some financial support. We won't do that by limiting the project, but we will offer some additional support, and hosted options for things people would end up paying for anyway (relay servers, load balancing support, backups). 
 
-While SSPL is not an OSI-approved open source license, it let's people generally run the project however they want, both for private use and business use, without running into the issue of someone else monetizing the project and making it financially untenable. We are working on making the guidelines clear, and will make sure that the license does not impact the communities ability to use and modify the project.
+Why the SSPL License?
+----------------------
 
-If you have concerns about the license leading to project restrictions down the road, just know that there are other paid, closed-source/closed-core options out there, so beyond not wanting to follow that path, we also don't think it's a good idea economically either. We firmly believe that having the project open is not only right, but the best option.
+As of now, we think the SSPL is the best way to ensure the long-term viability of the project, but we are regularly evaluating this to see if an OSI-approved license makes more sense.
 
-All that said, we will re-evaluate the license on a regular basis and determine if an OSI-approved license makes more sense. It's just easier to move from SSPL to another license than vice-versa.
+We believe the SSPL lets most people run the project the way they want, for both for private use and business use, while giving us a path to maintain viability. We are working to make sure the guidelines clear, and do not want the license to impact the community's ability to use and modify the project.
 
+If you believe the SSPL will negatively impact your ability to use the project, please do not hesitate to reach out.
 
 Contact
 ===========

docs/_build/html/_sources/upgrades.rst.txt

@@ -5,68 +5,36 @@ Upgrades
 Introduction
 ===============
 
-Netmaker allows for "external clients" to reach into a network and access services via an Ingress Gateway. So what is an "external client"? An external client is any machine which cannot or should not be meshed. This can include:
-        - Phones
-        - Laptops
-        - Desktops
+As of 0.9.4, upgrading Netmaker is a manual process. This is expected to be automated in the future, but for now is still a relatively straightforward process. 
 
-An external client is not "managed," meaning it does not automatically pull the latest network configuration, or push changes to its configuration. Instead, it uses a generated WireGuard config file to access the designated **Ingress Gateway**, which **is** a managed server (running netclient). This server then forwards traffic to the appropriate endpoint, acting as a middle-man/relay.
-
-By using this method, you can hook any machine into a netmaker network that can run WireGuard.
-
-It is recommended to run the netclient where compatible, but for all other cases, a machine can be configured as an external client.
-
-Important to note, an external client is not **reachable** by the network, meaning the client can establish connections to other machines, but those machines cannot independently establish a connection back. The External Client method should only be used in use cases where one wishes to access resource running on the virtual network, and **not** for use cases where one wishes to make a resource accessible on the network. For that, use netclient.
-
-Configuring an Ingress Gateway
+Upgrade the Server (netmaker)
 ==================================
 
-External Clients must attach to an Ingress Gateway. By default, your network will not have an ingress gateway. To configure an ingress gateway, you can use any node in your network, but it should have a public IP address (not behind a NAT). Your Netmaker server can be an ingress gateway and makes for a good default choice if you are unsure of which node to select.
-
-.. image:: images/exclient1.png
-   :width: 80%
-   :alt: Gateway
-   :align: center
-
-Adding Clients to a Gateway
-=============================
+To upgrade the server, you only need to change the docker image versions:
 
-Once you have configured a node as a gateway, you can then add clients to that gateway. Clients will be able to access other nodes in the network just as the gateway node does.
+1. `ssh root@my-server-ip`
+2. `docker compose down`
+3. `vi docker-compose.yml`
+4. Change gravitl/netmaker:<version> and gravitl/netmaker-ui:<version> to the new version.
+5. Save and close the file
+6. `docker-compose up -d`
 
-.. image:: images/exclient2.png
-   :width: 80%
-   :alt: Gateway
-   :align: center
-
-After creating a client, you can edit the name to something more logical.
-
-.. image:: images/exclient3.png
-   :width: 80%
-   :alt: Gateway
-   :align: center
-
-Then, you can either download the configuration file directly, or scan the QR code from your phone (assuming you have the WireGuard app installed). It will accept the configuration just as it would accept a typical WireGuard configuration file.
-
-.. image:: images/exclient4.png
-   :width: 80%
-   :alt: Gateway
-   :align: center
-
-Example config file: 
+Upgrade the Clients (netclient)
+==================================
 
-.. literalinclude:: ./examplecode/myclient.conf
+To upgrade the client, you must get the new client binary and place it in /etc/netclient. Depending on the new vs. old version, there may be minor incompatibilities (discussed below).
 
-Your client should now be able to access the network! A client can be invalidated at any time by simply deleting it from the UI.
+1. Vists https://github.com/gravitl/netmaker/releases/
+2. Find the appropriate binary for your machine.
+3. Download. E.x.: `wget https://github.com/gravitl/netmaker/releases/download/vX.X.X/netclient-myversion`
+4. Rename binary to `netclient` and move to folder. E.x.: `mv netclient-myversion /etc/netclient/netclient`
+5. `netclient --version` (confirm it's the correct version)
+6. `netclient pull`
 
-Configuring DNS for Ext Clients (OPTIONAL)
-============================================
+This last step helps ensure any newly added fields are now present. You may run into a "panic" based on missing fields and your version mismatch. In such cases, you can either:
 
-If you wish to have a DNS field on your ext clients conf, simply edit the network field as shown below to 1.1.1.1 or 8.8.8.8 for example.
-If you do not want DNS on your ext client conf files, simply leave it blank.
+1. Add the missing field to /etc/netclient/config/netconfig-yournetwork and then run "netclient checkin"
 
-.. image:: images/extclient5.png
-   :width: 80%
-   :alt: Gateway
-   :align: center
+or
 
-Important to note, your client automatically adds egress gateway ranges (if any on the same network) to it's allowed IPs.
+2. Leave and rejoin the network

docs/_build/html/_sources/usage.rst.txt

@@ -1,16 +1,12 @@
-==============
-Using Netmaker
-==============
+=================
+External Guides
+=================
 
-Netmaker has many different use cases, from a basic virtual network to an office gateway VPN to a Kubernetes underlay. It can be a bit overwhelming to figure out where to start. If you don't find your use case here, but think Netmaker is a good fit, let us know!
+Netmaker has many use cases, from a basic virtual network to an office gateway VPN to a Kubernetes underlay. It can be a bit overwhelming to figure out where to start. If you don't find your use case here, but think Netmaker is a good fit, let us know!
 
-External Tutorials
+Video Tutorials
 ==================
 
-Members of the community have created helpful tutorials for getting started with Netmaker. Below are some selected tutorials on different topics.
-
-Video Tutorials
----------------
 * `Intro/Overview <https://youtu.be/PWLPT320Ybo>`_: Tutorial on first-time usage, setting up a mesh network.
 * `Site-to-Site Gateway <https://youtu.be/krCKBJhwwDk>`_: Tutorial on setting up site-to-site connections, allowing peers to access external networks via gateways.
 * `IPv6 and Private DNS <https://youtu.be/b4diaKWUcXI>`_: Tutorial on dual-stack IPv6 in Netmaker and Private DNS management (separate topics).
@@ -18,7 +14,8 @@ Video Tutorials
 
 
 Written Tutorials
------------------
+==================
+
 * `K3s Cross-cloud cluster <https://itnext.io/how-to-deploy-a-single-kubernetes-cluster-across-multiple-clouds-using-k3s-and-wireguard-a5ae176a6e81>`_: Tutorial on setting up cross-cloud K3s clusters using Netmaker.
 * `MicroK8s Cross-cloud cluster <https://itnext.io/how-to-deploy-a-cross-cloud-kubernetes-cluster-with-built-in-disaster-recovery-bbce27fcc9d7>`_: Tutorial on setting up cross-cloud MicroK8s clusters using Netmaker.
 * `Secure access to private services <https://afeiszli.medium.com/how-to-enable-secure-access-to-your-hosted-services-using-netmaker-and-wireguard-1b3282d4b7aa>`_: Tutorial on setting up secure Nextcloud with Netmaker.

docs/_build/html/client-installation.html

@@ -46,7 +46,7 @@
   
   
   
-    <title>Client Installation &#8212; Netmaker 0.9.4 documentation</title>
+    <title>Advanced Client Installation &#8212; Netmaker 0.9.4 documentation</title>
     <link rel="stylesheet" type="text/css" href="_static/pygments.css" />
     <link rel="stylesheet" type="text/css" href="_static/material.css" />
     <script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>
@@ -56,8 +56,8 @@
     <link rel="author" title="About these documents" href="about.html" />
     <link rel="index" title="Index" href="genindex.html" />
     <link rel="search" title="Search" href="search.html" />
-    <link rel="next" title="Ingress GW + External Clients" href="external-clients.html" />
-    <link rel="prev" title="Integrating OAuth" href="oauth.html" />
+    <link rel="next" title="Integrating OAuth" href="oauth.html" />
+    <link rel="prev" title="Advanced Server Installation" href="server-installation.html" />
   
    
 
@@ -94,7 +94,7 @@
       <div class="md-flex__cell md-flex__cell--stretch">
         <div class="md-flex__ellipsis md-header-nav__title" data-md-component="title">
           <span class="md-header-nav__topic">Netmaker Docs</span>
-          <span class="md-header-nav__topic"> Client Installation </span>
+          <span class="md-header-nav__topic"> Advanced Client Installation </span>
         </div>
       </div>
       <div class="md-flex__cell md-flex__cell--shrink">
@@ -209,7 +209,7 @@
     <li class="md-nav__item">
     
     
-      <a href="about.html" class="md-nav__link">1. About</a>
+      <a href="about.html" class="md-nav__link">About</a>
       
     
     </li>
@@ -244,14 +244,35 @@
     <li class="md-nav__item">
     
     
-      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
+      <a href="external-clients.html" class="md-nav__link">Ingress + External Clients</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
+      <a href="egress-gateway.html" class="md-nav__link">Egress Gateway</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="relay-server.html" class="md-nav__link">Relay Servers</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="https://nm-k8s.readthedocs.io" class="md-nav__link">Kubernetes</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
       
     
     </li>
@@ -259,15 +280,15 @@
     
     
     <input class="md-toggle md-nav__toggle" data-md-toggle="toc" type="checkbox" id="__toc">
-    <label class="md-nav__link md-nav__link--active" for="__toc"> Client Installation </label>
+    <label class="md-nav__link md-nav__link--active" for="__toc"> Advanced Client Installation </label>
     
-      <a href="#" class="md-nav__link md-nav__link--active">Client Installation</a>
+      <a href="#" class="md-nav__link md-nav__link--active">Advanced Client Installation</a>
       
         
 <nav class="md-nav md-nav--secondary">
     <label class="md-nav__title" for="__toc">Contents</label>
   <ul class="md-nav__list" data-md-scrollfix="">
-        <li class="md-nav__item"><a href="#client-installation--page-root" class="md-nav__link">Client Installation</a><nav class="md-nav">
+        <li class="md-nav__item"><a href="#client-installation--page-root" class="md-nav__link">Advanced Client Installation</a><nav class="md-nav">
               <ul class="md-nav__list">
         <li class="md-nav__item"><a href="#introduction-to-netclient" class="md-nav__link">Introduction to Netclient</a>
         </li>
@@ -366,28 +387,14 @@
     <li class="md-nav__item">
     
     
-      <a href="external-clients.html" class="md-nav__link">Ingress GW + External Clients</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="egress-gateway.html" class="md-nav__link">Egress Gateway</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="relay-server.html" class="md-nav__link">Relay Servers</a>
+      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="usage.html" class="md-nav__link">Using Netmaker</a>
+      <a href="usage.html" class="md-nav__link">External Guides</a>
       
     
     </li>
@@ -454,7 +461,7 @@
 <nav class="md-nav md-nav--secondary">
     <label class="md-nav__title" for="__toc">Contents</label>
   <ul class="md-nav__list" data-md-scrollfix="">
-        <li class="md-nav__item"><a href="#client-installation--page-root" class="md-nav__link">Client Installation</a><nav class="md-nav">
+        <li class="md-nav__item"><a href="#client-installation--page-root" class="md-nav__link">Advanced Client Installation</a><nav class="md-nav">
               <ul class="md-nav__list">
         <li class="md-nav__item"><a href="#introduction-to-netclient" class="md-nav__link">Introduction to Netclient</a>
         </li>
@@ -506,7 +513,7 @@
           <article class="md-content__inner md-typeset" role="main">
             
   
-<h1 id="client-installation--page-root">Client Installation<a class="headerlink" href="#client-installation--page-root" title="Permalink to this headline">¶</a></h1>
+<h1 id="client-installation--page-root">Advanced Client Installation<a class="headerlink" href="#client-installation--page-root" title="Permalink to this headline">¶</a></h1>
 <p>This document tells you how to install the netclient on machines that will be a part of your Netmaker network, as well as non-compatible systems.</p>
 <p>These steps should be run after the Netmaker server has been created and a network has been designated within Netmaker.</p>
 
@@ -715,7 +722,7 @@ If a key is provided (-k), then a token is unnecessary, but grpc, server, ports,
     <div class="md-footer-nav">
       <nav class="md-footer-nav__inner md-grid">
           
-            <a href="oauth.html" title="Integrating OAuth"
+            <a href="server-installation.html" title="Advanced Server Installation"
                class="md-flex md-footer-nav__link md-footer-nav__link--prev"
                rel="prev">
               <div class="md-flex__cell md-flex__cell--shrink">
@@ -724,17 +731,17 @@ If a key is provided (-k), then a token is unnecessary, but grpc, server, ports,
               <div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
                 <span class="md-flex__ellipsis">
                   <span
-                      class="md-footer-nav__direction"> Previous </span> Integrating OAuth </span>
+                      class="md-footer-nav__direction"> Previous </span> Advanced Server Installation </span>
               </div>
             </a>
           
           
-            <a href="external-clients.html" title="Ingress GW + External Clients"
+            <a href="oauth.html" title="Integrating OAuth"
                class="md-flex md-footer-nav__link md-footer-nav__link--next"
                rel="next">
             <div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title"><span
                 class="md-flex__ellipsis"> <span
-                class="md-footer-nav__direction"> Next </span> Ingress GW + External Clients </span>
+                class="md-footer-nav__direction"> Next </span> Integrating OAuth </span>
             </div>
             <div class="md-flex__cell md-flex__cell--shrink"><i
                 class="md-icon md-icon--arrow-forward md-footer-nav__button"></i>

docs/_build/html/external-clients.html

@@ -428,6 +428,7 @@
 <h1 id="external-clients--page-root">Ingress + External Clients<a class="headerlink" href="#external-clients--page-root" title="Permalink to this headline">¶</a></h1>
 
 <h2 id="introduction">Introduction<a class="headerlink" href="#introduction" title="Permalink to this headline">¶</a></h2>
+<a class="reference internal image-reference" href="_images/ingress1.png"><img alt="Gateway" class="align-center" src="_images/ingress1.png" style="width: 50%;"/></a>
 <dl class="simple">
 <dt>Netmaker allows for “external clients” to reach into a network and access services via an Ingress Gateway. So what is an “external client”? An external client is any machine which cannot or should not be meshed. This can include:</dt><dd><ul class="simple">
 <li><p>Phones</p></li>

docs/_build/html/genindex.html

@@ -242,49 +242,56 @@
     <li class="md-nav__item">
     
     
-      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
+      <a href="external-clients.html" class="md-nav__link">Ingress + External Clients</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
+      <a href="egress-gateway.html" class="md-nav__link">Egress Gateway</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="client-installation.html" class="md-nav__link">Client Installation</a>
+      <a href="relay-server.html" class="md-nav__link">Relay Servers</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="external-clients.html" class="md-nav__link">Ingress + External Clients</a>
+      <a href="https://nm-k8s.readthedocs.io" class="md-nav__link">Kubernetes</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="egress-gateway.html" class="md-nav__link">Egress Gateway</a>
+      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="relay-server.html" class="md-nav__link">Relay Servers</a>
+      <a href="client-installation.html" class="md-nav__link">Advanced Client Installation</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="usage.html" class="md-nav__link">Using Netmaker</a>
+      <a href="usage.html" class="md-nav__link">External Guides</a>
       
     
     </li>

docs/_build/html/index.html

@@ -243,49 +243,56 @@
     <li class="md-nav__item">
     
     
-      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
+      <a href="external-clients.html" class="md-nav__link">Ingress + External Clients</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
+      <a href="egress-gateway.html" class="md-nav__link">Egress Gateway</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="client-installation.html" class="md-nav__link">Client Installation</a>
+      <a href="relay-server.html" class="md-nav__link">Relay Servers</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="external-clients.html" class="md-nav__link">Ingress + External Clients</a>
+      <a href="https://nm-k8s.readthedocs.io" class="md-nav__link">Kubernetes</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="egress-gateway.html" class="md-nav__link">Egress Gateway</a>
+      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="relay-server.html" class="md-nav__link">Relay Servers</a>
+      <a href="client-installation.html" class="md-nav__link">Advanced Client Installation</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="usage.html" class="md-nav__link">Using Netmaker</a>
+      <a href="usage.html" class="md-nav__link">External Guides</a>
       
     
     </li>
@@ -356,21 +363,19 @@
               <ul class="md-nav__list">
         <li class="md-nav__item"><a href="#about" class="md-nav__link">About</a>
         </li>
-        <li class="md-nav__item"><a href="#architecture" class="md-nav__link">Architecture</a>
-        </li>
-        <li class="md-nav__item"><a href="#install" class="md-nav__link">Install</a>
+        <li class="md-nav__item"><a href="#getting-started" class="md-nav__link">Getting Started</a>
         </li>
-        <li class="md-nav__item"><a href="#quick-start" class="md-nav__link">Quick Start</a>
+        <li class="md-nav__item"><a href="#ingress-egress-and-relays" class="md-nav__link">Ingress, Egress, and Relays</a>
         </li>
-        <li class="md-nav__item"><a href="#server-installation" class="md-nav__link">Server Installation</a>
+        <li class="md-nav__item"><a href="#kubernetes-documentation" class="md-nav__link">Kubernetes Documentation</a>
         </li>
-        <li class="md-nav__item"><a href="#oauth-configuration" class="md-nav__link">Oauth Configuration</a>
+        <li class="md-nav__item"><a href="#advanced-server-installation" class="md-nav__link">Advanced Server Installation</a>
         </li>
-        <li class="md-nav__item"><a href="#client-installation" class="md-nav__link">Client Installation</a>
+        <li class="md-nav__item"><a href="#advanced-client-installation" class="md-nav__link">Advanced Client Installation</a>
         </li>
-        <li class="md-nav__item"><a href="#ingress-egress-and-relays" class="md-nav__link">Ingress, Egress, and Relays</a>
+        <li class="md-nav__item"><a href="#oauth-configuration" class="md-nav__link">Oauth Configuration</a>
         </li>
-        <li class="md-nav__item"><a href="#guides" class="md-nav__link">Guides</a>
+        <li class="md-nav__item"><a href="#external-guides" class="md-nav__link">External Guides</a>
         </li>
         <li class="md-nav__item"><a href="#ui-reference" class="md-nav__link">UI Reference</a>
         </li>
@@ -406,6 +411,7 @@
 <p><strong>For Kubernetes-specific guidance, please see the</strong> <a class="reference external" href="https://nm-k8s.readthedocs.io">Netmaker Kubernetes Documentation.</a></p>
 
 <h2 id="about">About<a class="headerlink" href="#about" title="Permalink to this headline">¶</a></h2>
+<p>High-level information about what Netmaker is and how it works.</p>
 <div class="toctree-wrapper compound">
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="about.html">About</a><ul>
@@ -414,15 +420,6 @@
 <li class="toctree-l2"><a class="reference internal" href="about.html#use-cases-for-netmaker">Use Cases for Netmaker</a></li>
 </ul>
 </li>
-</ul>
-</div>
-<p>A quick overview of Netmaker, explaining what it is, how it works, and why you should be using it.</p>
-
-
-<h2 id="architecture">Architecture<a class="headerlink" href="#architecture" title="Permalink to this headline">¶</a></h2>
-<p>A technical overview of Netmaker, including design decisions and limitations.</p>
-<div class="toctree-wrapper compound">
-<ul>
 <li class="toctree-l1"><a class="reference internal" href="architecture.html">Architecture</a><ul>
 <li class="toctree-l2"><a class="reference internal" href="architecture.html#core-concepts">Core Concepts</a></li>
 <li class="toctree-l2"><a class="reference internal" href="architecture.html#components">Components</a></li>
@@ -435,19 +432,11 @@
 </div>
 
 
-<h2 id="install">Install<a class="headerlink" href="#install" title="Permalink to this headline">¶</a></h2>
-<p>Choose the right install method for you.</p>
+<h2 id="getting-started">Getting Started<a class="headerlink" href="#getting-started" title="Permalink to this headline">¶</a></h2>
+<p>How to install Netmaker and set up your first network.</p>
 <div class="toctree-wrapper compound">
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="install.html">Install</a></li>
-</ul>
-</div>
-
-
-<h2 id="quick-start">Quick Start<a class="headerlink" href="#quick-start" title="Permalink to this headline">¶</a></h2>
-<p>A quick start guide to getting up and running with Netmaker and WireGuard as quickly as possible.</p>
-<div class="toctree-wrapper compound">
-<ul>
 <li class="toctree-l1"><a class="reference internal" href="quick-start.html">Quick Install</a><ul>
 <li class="toctree-l2"><a class="reference internal" href="quick-start.html#introduction">Introduction</a></li>
 <li class="toctree-l2"><a class="reference internal" href="quick-start.html#prerequisites">0. Prerequisites</a></li>
@@ -457,10 +446,6 @@
 <li class="toctree-l2"><a class="reference internal" href="quick-start.html#install-netmaker">4. Install Netmaker</a></li>
 </ul>
 </li>
-</ul>
-</div>
-<div class="toctree-wrapper compound">
-<ul>
 <li class="toctree-l1"><a class="reference internal" href="getting-started.html">Getting Started</a><ul>
 <li class="toctree-l2"><a class="reference internal" href="getting-started.html#setup">Setup</a></li>
 <li class="toctree-l2"><a class="reference internal" href="getting-started.html#create-a-network">Create a Network</a></li>
@@ -475,7 +460,52 @@
 </div>
 
 
-<h2 id="server-installation">Server Installation<a class="headerlink" href="#server-installation" title="Permalink to this headline">¶</a></h2>
+<h2 id="ingress-egress-and-relays">Ingress, Egress, and Relays<a class="headerlink" href="#ingress-egress-and-relays" title="Permalink to this headline">¶</a></h2>
+<p>How to give machines outside of the Netmaker network access to network resources via an Ingress Gateway:</p>
+<div class="toctree-wrapper compound">
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="external-clients.html">Ingress + External Clients</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="external-clients.html#introduction">Introduction</a></li>
+<li class="toctree-l2"><a class="reference internal" href="external-clients.html#configuring-an-ingress-gateway">Configuring an Ingress Gateway</a></li>
+<li class="toctree-l2"><a class="reference internal" href="external-clients.html#adding-clients-to-a-gateway">Adding Clients to a Gateway</a></li>
+<li class="toctree-l2"><a class="reference internal" href="external-clients.html#configuring-dns-for-ext-clients-optional">Configuring DNS for Ext Clients (OPTIONAL)</a></li>
+</ul>
+</li>
+</ul>
+</div>
+<p>How to give machines inside the Netmaker network access to external network resources via an Egress Gateway:</p>
+<div class="toctree-wrapper compound">
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="egress-gateway.html">Egress Gateway</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="egress-gateway.html#introduction">Introduction</a></li>
+<li class="toctree-l2"><a class="reference internal" href="egress-gateway.html#configuring-an-egress-gateway">Configuring an Egress Gateway</a></li>
+<li class="toctree-l2"><a class="reference internal" href="egress-gateway.html#use-cases">Use Cases</a></li>
+</ul>
+</li>
+</ul>
+</div>
+<p>How to make machines inside the network reachable if they are blocked by NAT/Firewall:</p>
+<div class="toctree-wrapper compound">
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="relay-server.html">Relay Servers</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="relay-server.html#introduction">Introduction</a></li>
+<li class="toctree-l2"><a class="reference internal" href="relay-server.html#configuring-a-relay">Configuring a Relay</a></li>
+</ul>
+</li>
+</ul>
+</div>
+
+
+<h2 id="kubernetes-documentation">Kubernetes Documentation<a class="headerlink" href="#kubernetes-documentation" title="Permalink to this headline">¶</a></h2>
+<div class="toctree-wrapper compound">
+<ul>
+<li class="toctree-l1"><a class="reference external" href="https://nm-k8s.readthedocs.io">Kubernetes</a></li>
+</ul>
+</div>
+<p><a class="reference external" href="https://nm-k8s.readthedocs.io">Netmaker Kubernetes Documentation</a></p>
+
+
+<h2 id="advanced-server-installation">Advanced Server Installation<a class="headerlink" href="#advanced-server-installation" title="Permalink to this headline">¶</a></h2>
 <p>A detailed guide to installing the Netmaker server (API, DB, UI, DNS), and configuration options.</p>
 <div class="toctree-wrapper compound">
 <ul>
@@ -495,26 +525,11 @@
 </div>
 
 
-<h2 id="oauth-configuration">Oauth Configuration<a class="headerlink" href="#oauth-configuration" title="Permalink to this headline">¶</a></h2>
-<p>A simple guide to configuring OAuth for Netmaker.</p>
-<div class="toctree-wrapper compound">
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="oauth.html">Integrating OAuth</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="oauth.html#introduction">Introduction</a></li>
-<li class="toctree-l2"><a class="reference internal" href="oauth.html#configuring-your-provider">Configuring your provider</a></li>
-<li class="toctree-l2"><a class="reference internal" href="oauth.html#configuring-netmaker">Configuring Netmaker</a></li>
-<li class="toctree-l2"><a class="reference internal" href="oauth.html#configuring-user-permissions">Configuring User Permissions</a></li>
-</ul>
-</li>
-</ul>
-</div>
-
-
-<h2 id="client-installation">Client Installation<a class="headerlink" href="#client-installation" title="Permalink to this headline">¶</a></h2>
+<h2 id="advanced-client-installation">Advanced Client Installation<a class="headerlink" href="#advanced-client-installation" title="Permalink to this headline">¶</a></h2>
 <p>A detailed guide to installing the Netmaker agent (netclient) on devices and configuration options.</p>
 <div class="toctree-wrapper compound">
 <ul>
-<li class="toctree-l1"><a class="reference internal" href="client-installation.html">Client Installation</a><ul>
+<li class="toctree-l1"><a class="reference internal" href="client-installation.html">Advanced Client Installation</a><ul>
 <li class="toctree-l2"><a class="reference internal" href="client-installation.html#introduction-to-netclient">Introduction to Netclient</a></li>
 <li class="toctree-l2"><a class="reference internal" href="client-installation.html#notes-on-windows">Notes on Windows</a></li>
 <li class="toctree-l2"><a class="reference internal" href="client-installation.html#modes-and-system-compatibility">Modes and System Compatibility</a></li>
@@ -528,33 +543,28 @@
 </div>
 
 
-<h2 id="ingress-egress-and-relays">Ingress, Egress, and Relays<a class="headerlink" href="#ingress-egress-and-relays" title="Permalink to this headline">¶</a></h2>
-<p><strong>Ingress:</strong> A guide on how to give machines outside of the Netmaker network access to network resources via an Ingress Gateway.</p>
-<div class="toctree-wrapper compound">
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="external-clients.html">Ingress + External Clients</a></li>
-</ul>
-</div>
-<p><strong>Egress:</strong> A guide on how to give machines inside the Netmaker network access to external network resources via an Egress Gateway.</p>
+<h2 id="oauth-configuration">Oauth Configuration<a class="headerlink" href="#oauth-configuration" title="Permalink to this headline">¶</a></h2>
+<p>A simple guide to configuring OAuth for Netmaker.</p>
 <div class="toctree-wrapper compound">
 <ul>
-<li class="toctree-l1"><a class="reference internal" href="egress-gateway.html">Egress Gateway</a></li>
+<li class="toctree-l1"><a class="reference internal" href="oauth.html">Integrating OAuth</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="oauth.html#introduction">Introduction</a></li>
+<li class="toctree-l2"><a class="reference internal" href="oauth.html#configuring-your-provider">Configuring your provider</a></li>
+<li class="toctree-l2"><a class="reference internal" href="oauth.html#configuring-netmaker">Configuring Netmaker</a></li>
+<li class="toctree-l2"><a class="reference internal" href="oauth.html#configuring-user-permissions">Configuring User Permissions</a></li>
 </ul>
-</div>
-<p><strong>Relay:</strong> A guide on how to make machines inside the network reachable if they are blocked by NAT/Firewall.</p>
-<div class="toctree-wrapper compound">
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="relay-server.html">Relay Servers</a></li>
+</li>
 </ul>
 </div>
 
 
-<h2 id="guides">Guides<a class="headerlink" href="#guides" title="Permalink to this headline">¶</a></h2>
+<h2 id="external-guides">External Guides<a class="headerlink" href="#external-guides" title="Permalink to this headline">¶</a></h2>
 <p>A handful of guides for use cases including site-to-site, Kubernetes, private DNS, and more.</p>
 <div class="toctree-wrapper compound">
 <ul>
-<li class="toctree-l1"><a class="reference internal" href="usage.html">Using Netmaker</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="usage.html#external-tutorials">External Tutorials</a></li>
+<li class="toctree-l1"><a class="reference internal" href="usage.html">External Guides</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="usage.html#video-tutorials">Video Tutorials</a></li>
+<li class="toctree-l2"><a class="reference internal" href="usage.html#written-tutorials">Written Tutorials</a></li>
 </ul>
 </li>
 </ul>
@@ -580,7 +590,6 @@
 
 <h2 id="api-reference">API Reference<a class="headerlink" href="#api-reference" title="Permalink to this headline">¶</a></h2>
 <p>A reference document for the Netmaker Server API, and example API calls for various use cases.</p>
-<p><strong>Coming Soon:</strong> Swagger Documentation</p>
 <div class="toctree-wrapper compound">
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="api.html">API Reference</a></li>

docs/_build/html/install.html

@@ -209,7 +209,7 @@
     <li class="md-nav__item">
     
     
-      <a href="about.html" class="md-nav__link">1. About</a>
+      <a href="about.html" class="md-nav__link">About</a>
       
     
     </li>
@@ -253,49 +253,56 @@
     <li class="md-nav__item">
     
     
-      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
+      <a href="external-clients.html" class="md-nav__link">Ingress + External Clients</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
+      <a href="egress-gateway.html" class="md-nav__link">Egress Gateway</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="client-installation.html" class="md-nav__link">Client Installation</a>
+      <a href="relay-server.html" class="md-nav__link">Relay Servers</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="external-clients.html" class="md-nav__link">Ingress GW + External Clients</a>
+      <a href="https://nm-k8s.readthedocs.io" class="md-nav__link">Kubernetes</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="egress-gateway.html" class="md-nav__link">Egress Gateway</a>
+      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="relay-server.html" class="md-nav__link">Relay Servers</a>
+      <a href="client-installation.html" class="md-nav__link">Advanced Client Installation</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="usage.html" class="md-nav__link">Using Netmaker</a>
+      <a href="usage.html" class="md-nav__link">External Guides</a>
       
     
     </li>

docs/_build/html/oauth.html

@@ -209,7 +209,7 @@
     <li class="md-nav__item">
     
     
-      <a href="about.html" class="md-nav__link">1. About</a>
+      <a href="about.html" class="md-nav__link">About</a>
       
     
     </li>
@@ -315,7 +315,7 @@
     <li class="md-nav__item">
     
     
-      <a href="external-clients.html" class="md-nav__link">Ingress GW + External Clients</a>
+      <a href="external-clients.html" class="md-nav__link">Ingress + External Clients</a>
       
     
     </li>

docs/_build/html/relay-server.html

@@ -56,7 +56,7 @@
     <link rel="author" title="About these documents" href="about.html" />
     <link rel="index" title="Index" href="genindex.html" />
     <link rel="search" title="Search" href="search.html" />
-    <link rel="next" title="Using Netmaker" href="usage.html" />
+    <link rel="next" title="Advanced Server Installation" href="server-installation.html" />
     <link rel="prev" title="Egress Gateway" href="egress-gateway.html" />
   
    
@@ -209,7 +209,7 @@
     <li class="md-nav__item">
     
     
-      <a href="about.html" class="md-nav__link">1. About</a>
+      <a href="about.html" class="md-nav__link">About</a>
       
     
     </li>
@@ -244,28 +244,7 @@
     <li class="md-nav__item">
     
     
-      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="client-installation.html" class="md-nav__link">Client Installation</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="external-clients.html" class="md-nav__link">Ingress GW + External Clients</a>
+      <a href="external-clients.html" class="md-nav__link">Ingress + External Clients</a>
       
     
     </li>
@@ -292,11 +271,7 @@
               <ul class="md-nav__list">
         <li class="md-nav__item"><a href="#introduction" class="md-nav__link">Introduction</a>
         </li>
-        <li class="md-nav__item"><a href="#configuring-an-ingress-gateway" class="md-nav__link">Configuring an Ingress Gateway</a>
-        </li>
-        <li class="md-nav__item"><a href="#adding-clients-to-a-gateway" class="md-nav__link">Adding Clients to a Gateway</a>
-        </li>
-        <li class="md-nav__item"><a href="#configuring-dns-for-ext-clients-optional" class="md-nav__link">Configuring DNS for Ext Clients (OPTIONAL)</a>
+        <li class="md-nav__item"><a href="#configuring-a-relay" class="md-nav__link">Configuring a Relay</a>
         </li></ul>
             </nav>
         </li>
@@ -313,30 +288,44 @@
     <li class="md-nav__item">
     
     
-      <a href="#configuring-an-ingress-gateway" class="md-nav__link">Configuring an Ingress Gateway</a>
+      <a href="#configuring-a-relay" class="md-nav__link">Configuring a Relay</a>
       
     
+    </li></ul>
+    
     </li>
     <li class="md-nav__item">
     
     
-      <a href="#adding-clients-to-a-gateway" class="md-nav__link">Adding Clients to a Gateway</a>
+      <a href="https://nm-k8s.readthedocs.io" class="md-nav__link">Kubernetes</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="#configuring-dns-for-ext-clients-optional" class="md-nav__link">Configuring DNS for Ext Clients (OPTIONAL)</a>
+      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
       
     
-    </li></ul>
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="client-installation.html" class="md-nav__link">Advanced Client Installation</a>
+      
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="usage.html" class="md-nav__link">Using Netmaker</a>
+      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="usage.html" class="md-nav__link">External Guides</a>
       
     
     </li>
@@ -407,11 +396,7 @@
               <ul class="md-nav__list">
         <li class="md-nav__item"><a href="#introduction" class="md-nav__link">Introduction</a>
         </li>
-        <li class="md-nav__item"><a href="#configuring-an-ingress-gateway" class="md-nav__link">Configuring an Ingress Gateway</a>
-        </li>
-        <li class="md-nav__item"><a href="#adding-clients-to-a-gateway" class="md-nav__link">Adding Clients to a Gateway</a>
-        </li>
-        <li class="md-nav__item"><a href="#configuring-dns-for-ext-clients-optional" class="md-nav__link">Configuring DNS for Ext Clients (OPTIONAL)</a>
+        <li class="md-nav__item"><a href="#configuring-a-relay" class="md-nav__link">Configuring a Relay</a>
         </li></ul>
             </nav>
         </li>
@@ -428,53 +413,18 @@
 <h1 id="relay-server--page-root">Relay Servers<a class="headerlink" href="#relay-server--page-root" title="Permalink to this headline">¶</a></h1>
 
 <h2 id="introduction">Introduction<a class="headerlink" href="#introduction" title="Permalink to this headline">¶</a></h2>
-<dl class="simple">
-<dt>Netmaker allows for “external clients” to reach into a network and access services via an Ingress Gateway. So what is an “external client”? An external client is any machine which cannot or should not be meshed. This can include:</dt><dd><ul class="simple">
-<li><p>Phones</p></li>
-<li><p>Laptops</p></li>
-<li><p>Desktops</p></li>
-</ul>
-</dd>
-</dl>
-<p>An external client is not “managed,” meaning it does not automatically pull the latest network configuration, or push changes to its configuration. Instead, it uses a generated WireGuard config file to access the designated <strong>Ingress Gateway</strong>, which <strong>is</strong> a managed server (running netclient). This server then forwards traffic to the appropriate endpoint, acting as a middle-man/relay.</p>
-<p>By using this method, you can hook any machine into a netmaker network that can run WireGuard.</p>
-<p>It is recommended to run the netclient where compatible, but for all other cases, a machine can be configured as an external client.</p>
-<p>Important to note, an external client is not <strong>reachable</strong> by the network, meaning the client can establish connections to other machines, but those machines cannot independently establish a connection back. The External Client method should only be used in use cases where one wishes to access resource running on the virtual network, and <strong>not</strong> for use cases where one wishes to make a resource accessible on the network. For that, use netclient.</p>
-
-
-<h2 id="configuring-an-ingress-gateway">Configuring an Ingress Gateway<a class="headerlink" href="#configuring-an-ingress-gateway" title="Permalink to this headline">¶</a></h2>
-<p>External Clients must attach to an Ingress Gateway. By default, your network will not have an ingress gateway. To configure an ingress gateway, you can use any node in your network, but it should have a public IP address (not behind a NAT). Your Netmaker server can be an ingress gateway and makes for a good default choice if you are unsure of which node to select.</p>
-<a class="reference internal image-reference" href="_images/exclient1.png"><img alt="Gateway" class="align-center" src="_images/exclient1.png" style="width: 80%;"/></a>
-
-
-<h2 id="adding-clients-to-a-gateway">Adding Clients to a Gateway<a class="headerlink" href="#adding-clients-to-a-gateway" title="Permalink to this headline">¶</a></h2>
-<p>Once you have configured a node as a gateway, you can then add clients to that gateway. Clients will be able to access other nodes in the network just as the gateway node does.</p>
-<a class="reference internal image-reference" href="_images/exclient2.png"><img alt="Gateway" class="align-center" src="_images/exclient2.png" style="width: 80%;"/></a>
-<p>After creating a client, you can edit the name to something more logical.</p>
-<a class="reference internal image-reference" href="_images/exclient3.png"><img alt="Gateway" class="align-center" src="_images/exclient3.png" style="width: 80%;"/></a>
-<p>Then, you can either download the configuration file directly, or scan the QR code from your phone (assuming you have the WireGuard app installed). It will accept the configuration just as it would accept a typical WireGuard configuration file.</p>
-<a class="reference internal image-reference" href="_images/exclient4.png"><img alt="Gateway" class="align-center" src="_images/exclient4.png" style="width: 80%;"/></a>
-<p>Example config file:</p>
-<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="p">[</span><span class="n">Interface</span><span class="p">]</span>
-<span class="n">Address</span> <span class="o">=</span> <span class="mf">10.7</span><span class="o">.</span><span class="mf">11.5</span><span class="o">/</span><span class="mi">32</span>
-<span class="n">PrivateKey</span> <span class="o">=</span> <span class="n">EJf6Yy51M</span><span class="o">/</span><span class="n">YDaZgedRpuxMmrqul35WfjmHvRZR1rQ0U</span><span class="o">=</span>
-
-<span class="p">[</span><span class="n">Peer</span><span class="p">]</span>
-<span class="n">PublicKey</span> <span class="o">=</span> <span class="n">m</span><span class="o">/</span><span class="n">RPuMVsbpgQ</span><span class="o">+</span><span class="n">RkxlgK2mG</span><span class="o">+</span><span class="n">dDFlzqn</span><span class="o">+</span><span class="n">ua2zJt8Wn7GA</span><span class="o">=</span>
-<span class="n">AllowedIPs</span> <span class="o">=</span> <span class="mf">10.7</span><span class="o">.</span><span class="mf">11.0</span><span class="o">/</span><span class="mi">24</span>
-<span class="n">Endpoint</span> <span class="o">=</span> <span class="mf">3.236</span><span class="o">.</span><span class="mf">60.247</span><span class="p">:</span><span class="mi">51822</span>
-<span class="n">PersistentKeepalive</span> <span class="o">=</span> <span class="mi">20</span>
-
-</pre></div>
-</div>
-<p>Your client should now be able to access the network! A client can be invalidated at any time by simply deleting it from the UI.</p>
+<a class="reference internal image-reference" href="_images/relay1.png"><img alt="Relay" class="align-center" src="_images/relay1.png" style="width: 80%;"/></a>
+<p>Sometimes nodes are in hard-to-reach places. Typically this will be due to a CGNAT, Double NAT, or restrictive firewall. In such scenarios, a direct peer-to-peer connection with all other nodes might be impossible.</p>
+<p>For this reason, Netmaker has a Relay Server functionality. At any time you may designate a publicly reachable node (such as the Netmaker Server) as a Relay, and tell it which machines it should relay. Then, all traffic routing to and from that machine will go through the relay. This allows you to circumvent the above issues and ensure connectivity when direct measures do not work.</p>
 
 
-<h2 id="configuring-dns-for-ext-clients-optional">Configuring DNS for Ext Clients (OPTIONAL)<a class="headerlink" href="#configuring-dns-for-ext-clients-optional" title="Permalink to this headline">¶</a></h2>
-<p>If you wish to have a DNS field on your ext clients conf, simply edit the network field as shown below to 1.1.1.1 or 8.8.8.8 for example.
-If you do not want DNS on your ext client conf files, simply leave it blank.</p>
-<a class="reference internal image-reference" href="_images/extclient5.png"><img alt="Gateway" class="align-center" src="_images/extclient5.png" style="width: 80%;"/></a>
-<p>Important to note, your client automatically adds egress gateway ranges (if any on the same network) to it’s allowed IPs.</p>
+<h2 id="configuring-a-relay">Configuring a Relay<a class="headerlink" href="#configuring-a-relay" title="Permalink to this headline">¶</a></h2>
+<p>To create a relay, you can use any node in your network, but it should have a public IP address (not behind a NAT). Your Netmaker server can be a relay server and makes for a good default choice if you are unsure of which node to select.</p>
+<p>Simply click the relay button in the nodes list. Then, specify the nodes which it should relay. You can either enter the IP’s directly, select from a list, or click “Select All.”</p>
+<a class="reference internal image-reference" href="_images/ui-7.jpg"><img alt="Relay" class="align-center" src="_images/ui-7.jpg" style="width: 80%;"/></a>
+<p>If you choose “select all” this essentially turns your network into a hub-and-spoke network. All traffic now routes over the relay node. This can create a bottleneck and slow down your network, but in some scenarios may simplify network operations.</p>
+<p>After creation, you can change the list of relayed nodes by clicking “edit node” and editing the list (Field #12 below).</p>
+<a class="reference internal image-reference" href="_images/ui-5.jpg"><img alt="Relay" class="align-center" src="_images/ui-5.jpg" style="width: 40%;"/></a>
 
 
 
@@ -502,12 +452,12 @@ If you do not want DNS on your ext client conf files, simply leave it blank.</p>
             </a>
           
           
-            <a href="usage.html" title="Using Netmaker"
+            <a href="server-installation.html" title="Advanced Server Installation"
                class="md-flex md-footer-nav__link md-footer-nav__link--next"
                rel="next">
             <div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title"><span
                 class="md-flex__ellipsis"> <span
-                class="md-footer-nav__direction"> Next </span> Using Netmaker </span>
+                class="md-footer-nav__direction"> Next </span> Advanced Server Installation </span>
             </div>
             <div class="md-flex__cell md-flex__cell--shrink"><i
                 class="md-icon md-icon--arrow-forward md-footer-nav__button"></i>

docs/_build/html/search.html

@@ -248,49 +248,56 @@
     <li class="md-nav__item">
     
     
-      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
+      <a href="external-clients.html" class="md-nav__link">Ingress + External Clients</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
+      <a href="egress-gateway.html" class="md-nav__link">Egress Gateway</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="client-installation.html" class="md-nav__link">Client Installation</a>
+      <a href="relay-server.html" class="md-nav__link">Relay Servers</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="external-clients.html" class="md-nav__link">Ingress + External Clients</a>
+      <a href="https://nm-k8s.readthedocs.io" class="md-nav__link">Kubernetes</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="egress-gateway.html" class="md-nav__link">Egress Gateway</a>
+      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="relay-server.html" class="md-nav__link">Relay Servers</a>
+      <a href="client-installation.html" class="md-nav__link">Advanced Client Installation</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="usage.html" class="md-nav__link">Using Netmaker</a>
+      <a href="usage.html" class="md-nav__link">External Guides</a>
       
     
     </li>

docs/_build/html/support.html

@@ -209,7 +209,7 @@
     <li class="md-nav__item">
     
     
-      <a href="about.html" class="md-nav__link">1. About</a>
+      <a href="about.html" class="md-nav__link">About</a>
       
     
     </li>
@@ -244,49 +244,56 @@
     <li class="md-nav__item">
     
     
-      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
+      <a href="external-clients.html" class="md-nav__link">Ingress + External Clients</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
+      <a href="egress-gateway.html" class="md-nav__link">Egress Gateway</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="client-installation.html" class="md-nav__link">Client Installation</a>
+      <a href="relay-server.html" class="md-nav__link">Relay Servers</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="external-clients.html" class="md-nav__link">Ingress GW + External Clients</a>
+      <a href="https://nm-k8s.readthedocs.io" class="md-nav__link">Kubernetes</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="egress-gateway.html" class="md-nav__link">Egress Gateway</a>
+      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="relay-server.html" class="md-nav__link">Relay Servers</a>
+      <a href="client-installation.html" class="md-nav__link">Advanced Client Installation</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="usage.html" class="md-nav__link">Using Netmaker</a>
+      <a href="usage.html" class="md-nav__link">External Guides</a>
       
     
     </li>
@@ -334,13 +341,11 @@
               <ul class="md-nav__list">
         <li class="md-nav__item"><a href="#faq" class="md-nav__link">FAQ</a><nav class="md-nav">
               <ul class="md-nav__list">
-        <li class="md-nav__item"><a href="#does-will-netmaker-support-x-operating-system" class="md-nav__link">Does/Will Netmaker Support X Operating System?</a>
-        </li>
-        <li class="md-nav__item"><a href="#how-do-i-install-the-netclient-on-x" class="md-nav__link">How do I install the Netclient on X?</a>
-        </li>
         <li class="md-nav__item"><a href="#is-netmaker-a-vpn-like-nordnpn" class="md-nav__link">Is Netmaker a VPN like NordNPN?</a>
         </li>
-        <li class="md-nav__item"><a href="#do-you-offer-any-enterprise-support" class="md-nav__link">Do you offer any enterprise support?</a>
+        <li class="md-nav__item"><a href="#do-you-have-an-exit-nodes-feature" class="md-nav__link">Do you have an ‘Exit Nodes’ feature?</a>
+        </li>
+        <li class="md-nav__item"><a href="#do-you-offer-any-business-or-enterprise-support" class="md-nav__link">Do you offer any business or enterprise support?</a>
         </li>
         <li class="md-nav__item"><a href="#why-the-sspl-license" class="md-nav__link">Why the SSPL License?</a>
         </li></ul>
@@ -401,13 +406,11 @@
               <ul class="md-nav__list">
         <li class="md-nav__item"><a href="#faq" class="md-nav__link">FAQ</a><nav class="md-nav">
               <ul class="md-nav__list">
-        <li class="md-nav__item"><a href="#does-will-netmaker-support-x-operating-system" class="md-nav__link">Does/Will Netmaker Support X Operating System?</a>
-        </li>
-        <li class="md-nav__item"><a href="#how-do-i-install-the-netclient-on-x" class="md-nav__link">How do I install the Netclient on X?</a>
-        </li>
         <li class="md-nav__item"><a href="#is-netmaker-a-vpn-like-nordnpn" class="md-nav__link">Is Netmaker a VPN like NordNPN?</a>
         </li>
-        <li class="md-nav__item"><a href="#do-you-offer-any-enterprise-support" class="md-nav__link">Do you offer any enterprise support?</a>
+        <li class="md-nav__item"><a href="#do-you-have-an-exit-nodes-feature" class="md-nav__link">Do you have an ‘Exit Nodes’ feature?</a>
+        </li>
+        <li class="md-nav__item"><a href="#do-you-offer-any-business-or-enterprise-support" class="md-nav__link">Do you offer any business or enterprise support?</a>
         </li>
         <li class="md-nav__item"><a href="#why-the-sspl-license" class="md-nav__link">Why the SSPL License?</a>
         </li></ul>
@@ -431,18 +434,8 @@
 
 <h2 id="faq">FAQ<a class="headerlink" href="#faq" title="Permalink to this headline">¶</a></h2>
 
-<h3 id="does-will-netmaker-support-x-operating-system">Does/Will Netmaker Support X Operating System?<a class="headerlink" href="#does-will-netmaker-support-x-operating-system" title="Permalink to this headline">¶</a></h3>
-<p>Netmaker is initially available on a limited number of operating systems for good reason: Every operating system is designed differently. With a small team, we can either focus on making Netmaker do a lot on a few number of operating systems, or a little on a bunch of operating systems. We chose the first option. You can view the System Compatibility docs for more info, but in general, you should only be using Netmaker on systemd linux right now.</p>
-<p>However, via “external clients”, any device that supports WireGuard can be added to the network.</p>
-<p>In future iterations will expand the operating system support for Netclient, and devices that must use the “external client” feature can switch to Netclient.</p>
-
-
-<h3 id="how-do-i-install-the-netclient-on-x">How do I install the Netclient on X?<a class="headerlink" href="#how-do-i-install-the-netclient-on-x" title="Permalink to this headline">¶</a></h3>
-<p>As per the above, there are many unsupported operating systems. You are still welcome to try, it is just an executable binary file after all. If the system is unix-based and has kernel WireGuard installed, netclient may very well mesh the device into the network. However, the service likely will encounter problems retrieving updates.</p>
-
-
 <h3 id="is-netmaker-a-vpn-like-nordnpn">Is Netmaker a VPN like NordNPN?<a class="headerlink" href="#is-netmaker-a-vpn-like-nordnpn" title="Permalink to this headline">¶</a></h3>
-<p>No. Netmaker makes Virtual Networks, which are technically VPNs, but different. It’s more like a corporate VPN, or a VPC (if you’re familiar with AWS).</p>
+<p>No. Netmaker makes Virtual Networks, which are technically VPNs, but different. It’s more like a corporate VPN, or a VPC (if you’re familiar with AWS). Netmaker is often compared to OpenVPN, Tailscale, or Nebula.</p>
 <p>If you’re looking to achieve self-hosted web browsing, with functionality similar to NordVPN, ExpressVPN, Surfshark, Tunnelbear, or Private Internet Access, this is probably not the project for you. Technically, you can accomplish this with Netmaker, but it would be a little like using a all-terrain vehicle for stock car racing.</p>
 <p>There are many good projects out there that support general internet privacy using WireGuard. Here are just a few of them:</p>
 <p><a class="reference external" href="https://github.com/trailofbits/algo">https://github.com/trailofbits/algo</a>
@@ -451,15 +444,18 @@
 <a class="reference external" href="https://github.com/mullvad/mullvadvpn-app">https://github.com/mullvad/mullvadvpn-app</a></p>
 
 
-<h3 id="do-you-offer-any-enterprise-support">Do you offer any enterprise support?<a class="headerlink" href="#do-you-offer-any-enterprise-support" title="Permalink to this headline">¶</a></h3>
-<p>If you are interested in enterprise support for your project, please contact <a class="reference external" href="mailto:info%40gravitl.com">info<span>@</span>gravitl<span>.</span>com</a>.</p>
+<h3 id="do-you-have-an-exit-nodes-feature">Do you have an ‘Exit Nodes’ feature?<a class="headerlink" href="#do-you-have-an-exit-nodes-feature" title="Permalink to this headline">¶</a></h3>
+<p>Please see the <a class="reference internal" href="egress-gateway.html"><span class="doc">Egress Gateway</span></a> documentation.</p>
+
+
+<h3 id="do-you-offer-any-business-or-enterprise-support">Do you offer any business or enterprise support?<a class="headerlink" href="#do-you-offer-any-business-or-enterprise-support" title="Permalink to this headline">¶</a></h3>
+<p>Yes, please contact <a class="reference external" href="mailto:info%40gravitl.com">info<span>@</span>gravitl<span>.</span>com</a> or visit <a class="reference external" href="https://gravitl.com/plans">https://gravitl.com/plans</a>.</p>
 
 
 <h3 id="why-the-sspl-license">Why the SSPL License?<a class="headerlink" href="#why-the-sspl-license" title="Permalink to this headline">¶</a></h3>
-<p>We thought long and hard about the license. Ultimately, we think this is the best way to support and ensure the health of the project long term. The community deserves something that is well-maintained, and in order to do that, eventually we need some financial support. We won’t do that by limiting the project, but we will offer some additional support, and hosted options for things people would end up paying for anyway (relay servers, load balancing support, backups).</p>
-<p>While SSPL is not an OSI-approved open source license, it let’s people generally run the project however they want, both for private use and business use, without running into the issue of someone else monetizing the project and making it financially untenable. We are working on making the guidelines clear, and will make sure that the license does not impact the communities ability to use and modify the project.</p>
-<p>If you have concerns about the license leading to project restrictions down the road, just know that there are other paid, closed-source/closed-core options out there, so beyond not wanting to follow that path, we also don’t think it’s a good idea economically either. We firmly believe that having the project open is not only right, but the best option.</p>
-<p>All that said, we will re-evaluate the license on a regular basis and determine if an OSI-approved license makes more sense. It’s just easier to move from SSPL to another license than vice-versa.</p>
+<p>As of now, we think the SSPL is the best way to ensure the long-term viability of the project, but we are regularly evaluating this to see if an OSI-approved license makes more sense.</p>
+<p>We believe the SSPL lets most people run the project the way they want, for both for private use and business use, while giving us a path to maintain viability. We are working to make sure the guidelines clear, and do not want the license to impact the community’s ability to use and modify the project.</p>
+<p>If you believe the SSPL will negatively impact your ability to use the project, please do not hesitate to reach out.</p>
 
 
 

docs/_build/html/ui-reference.html

@@ -209,7 +209,7 @@
     <li class="md-nav__item">
     
     
-      <a href="about.html" class="md-nav__link">1. About</a>
+      <a href="about.html" class="md-nav__link">About</a>
       
     
     </li>
@@ -265,7 +265,7 @@
     <li class="md-nav__item">
     
     
-      <a href="external-clients.html" class="md-nav__link">Ingress GW + External Clients</a>
+      <a href="external-clients.html" class="md-nav__link">Ingress + External Clients</a>
       
     
     </li>

docs/_build/html/upgrades.html

@@ -209,7 +209,7 @@
     <li class="md-nav__item">
     
     
-      <a href="about.html" class="md-nav__link">1. About</a>
+      <a href="about.html" class="md-nav__link">About</a>
       
     
     </li>
@@ -244,49 +244,56 @@
     <li class="md-nav__item">
     
     
-      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
+      <a href="external-clients.html" class="md-nav__link">Ingress + External Clients</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
+      <a href="egress-gateway.html" class="md-nav__link">Egress Gateway</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="client-installation.html" class="md-nav__link">Client Installation</a>
+      <a href="relay-server.html" class="md-nav__link">Relay Servers</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="external-clients.html" class="md-nav__link">Ingress GW + External Clients</a>
+      <a href="https://nm-k8s.readthedocs.io" class="md-nav__link">Kubernetes</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="egress-gateway.html" class="md-nav__link">Egress Gateway</a>
+      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="relay-server.html" class="md-nav__link">Relay Servers</a>
+      <a href="client-installation.html" class="md-nav__link">Advanced Client Installation</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="usage.html" class="md-nav__link">Using Netmaker</a>
+      <a href="usage.html" class="md-nav__link">External Guides</a>
       
     
     </li>
@@ -320,11 +327,9 @@
               <ul class="md-nav__list">
         <li class="md-nav__item"><a href="#introduction" class="md-nav__link">Introduction</a>
         </li>
-        <li class="md-nav__item"><a href="#configuring-an-ingress-gateway" class="md-nav__link">Configuring an Ingress Gateway</a>
+        <li class="md-nav__item"><a href="#upgrade-the-server-netmaker" class="md-nav__link">Upgrade the Server (netmaker)</a>
         </li>
-        <li class="md-nav__item"><a href="#adding-clients-to-a-gateway" class="md-nav__link">Adding Clients to a Gateway</a>
-        </li>
-        <li class="md-nav__item"><a href="#configuring-dns-for-ext-clients-optional" class="md-nav__link">Configuring DNS for Ext Clients (OPTIONAL)</a>
+        <li class="md-nav__item"><a href="#upgrade-the-clients-netclient" class="md-nav__link">Upgrade the Clients (netclient)</a>
         </li></ul>
             </nav>
         </li>
@@ -341,21 +346,14 @@
     <li class="md-nav__item">
     
     
-      <a href="#configuring-an-ingress-gateway" class="md-nav__link">Configuring an Ingress Gateway</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="#adding-clients-to-a-gateway" class="md-nav__link">Adding Clients to a Gateway</a>
+      <a href="#upgrade-the-server-netmaker" class="md-nav__link">Upgrade the Server (netmaker)</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="#configuring-dns-for-ext-clients-optional" class="md-nav__link">Configuring DNS for Ext Clients (OPTIONAL)</a>
+      <a href="#upgrade-the-clients-netclient" class="md-nav__link">Upgrade the Clients (netclient)</a>
       
     
     </li></ul>
@@ -407,11 +405,9 @@
               <ul class="md-nav__list">
         <li class="md-nav__item"><a href="#introduction" class="md-nav__link">Introduction</a>
         </li>
-        <li class="md-nav__item"><a href="#configuring-an-ingress-gateway" class="md-nav__link">Configuring an Ingress Gateway</a>
+        <li class="md-nav__item"><a href="#upgrade-the-server-netmaker" class="md-nav__link">Upgrade the Server (netmaker)</a>
         </li>
-        <li class="md-nav__item"><a href="#adding-clients-to-a-gateway" class="md-nav__link">Adding Clients to a Gateway</a>
-        </li>
-        <li class="md-nav__item"><a href="#configuring-dns-for-ext-clients-optional" class="md-nav__link">Configuring DNS for Ext Clients (OPTIONAL)</a>
+        <li class="md-nav__item"><a href="#upgrade-the-clients-netclient" class="md-nav__link">Upgrade the Clients (netclient)</a>
         </li></ul>
             </nav>
         </li>
@@ -428,53 +424,39 @@
 <h1 id="upgrades--page-root">Upgrades<a class="headerlink" href="#upgrades--page-root" title="Permalink to this headline">¶</a></h1>
 
 <h2 id="introduction">Introduction<a class="headerlink" href="#introduction" title="Permalink to this headline">¶</a></h2>
-<dl class="simple">
-<dt>Netmaker allows for “external clients” to reach into a network and access services via an Ingress Gateway. So what is an “external client”? An external client is any machine which cannot or should not be meshed. This can include:</dt><dd><ul class="simple">
-<li><p>Phones</p></li>
-<li><p>Laptops</p></li>
-<li><p>Desktops</p></li>
-</ul>
-</dd>
-</dl>
-<p>An external client is not “managed,” meaning it does not automatically pull the latest network configuration, or push changes to its configuration. Instead, it uses a generated WireGuard config file to access the designated <strong>Ingress Gateway</strong>, which <strong>is</strong> a managed server (running netclient). This server then forwards traffic to the appropriate endpoint, acting as a middle-man/relay.</p>
-<p>By using this method, you can hook any machine into a netmaker network that can run WireGuard.</p>
-<p>It is recommended to run the netclient where compatible, but for all other cases, a machine can be configured as an external client.</p>
-<p>Important to note, an external client is not <strong>reachable</strong> by the network, meaning the client can establish connections to other machines, but those machines cannot independently establish a connection back. The External Client method should only be used in use cases where one wishes to access resource running on the virtual network, and <strong>not</strong> for use cases where one wishes to make a resource accessible on the network. For that, use netclient.</p>
-
-
-<h2 id="configuring-an-ingress-gateway">Configuring an Ingress Gateway<a class="headerlink" href="#configuring-an-ingress-gateway" title="Permalink to this headline">¶</a></h2>
-<p>External Clients must attach to an Ingress Gateway. By default, your network will not have an ingress gateway. To configure an ingress gateway, you can use any node in your network, but it should have a public IP address (not behind a NAT). Your Netmaker server can be an ingress gateway and makes for a good default choice if you are unsure of which node to select.</p>
-<a class="reference internal image-reference" href="_images/exclient1.png"><img alt="Gateway" class="align-center" src="_images/exclient1.png" style="width: 80%;"/></a>
+<p>As of 0.9.4, upgrading Netmaker is a manual process. This is expected to be automated in the future, but for now is still a relatively straightforward process.</p>
 
 
-<h2 id="adding-clients-to-a-gateway">Adding Clients to a Gateway<a class="headerlink" href="#adding-clients-to-a-gateway" title="Permalink to this headline">¶</a></h2>
-<p>Once you have configured a node as a gateway, you can then add clients to that gateway. Clients will be able to access other nodes in the network just as the gateway node does.</p>
-<a class="reference internal image-reference" href="_images/exclient2.png"><img alt="Gateway" class="align-center" src="_images/exclient2.png" style="width: 80%;"/></a>
-<p>After creating a client, you can edit the name to something more logical.</p>
-<a class="reference internal image-reference" href="_images/exclient3.png"><img alt="Gateway" class="align-center" src="_images/exclient3.png" style="width: 80%;"/></a>
-<p>Then, you can either download the configuration file directly, or scan the QR code from your phone (assuming you have the WireGuard app installed). It will accept the configuration just as it would accept a typical WireGuard configuration file.</p>
-<a class="reference internal image-reference" href="_images/exclient4.png"><img alt="Gateway" class="align-center" src="_images/exclient4.png" style="width: 80%;"/></a>
-<p>Example config file:</p>
-<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="p">[</span><span class="n">Interface</span><span class="p">]</span>
-<span class="n">Address</span> <span class="o">=</span> <span class="mf">10.7</span><span class="o">.</span><span class="mf">11.5</span><span class="o">/</span><span class="mi">32</span>
-<span class="n">PrivateKey</span> <span class="o">=</span> <span class="n">EJf6Yy51M</span><span class="o">/</span><span class="n">YDaZgedRpuxMmrqul35WfjmHvRZR1rQ0U</span><span class="o">=</span>
-
-<span class="p">[</span><span class="n">Peer</span><span class="p">]</span>
-<span class="n">PublicKey</span> <span class="o">=</span> <span class="n">m</span><span class="o">/</span><span class="n">RPuMVsbpgQ</span><span class="o">+</span><span class="n">RkxlgK2mG</span><span class="o">+</span><span class="n">dDFlzqn</span><span class="o">+</span><span class="n">ua2zJt8Wn7GA</span><span class="o">=</span>
-<span class="n">AllowedIPs</span> <span class="o">=</span> <span class="mf">10.7</span><span class="o">.</span><span class="mf">11.0</span><span class="o">/</span><span class="mi">24</span>
-<span class="n">Endpoint</span> <span class="o">=</span> <span class="mf">3.236</span><span class="o">.</span><span class="mf">60.247</span><span class="p">:</span><span class="mi">51822</span>
-<span class="n">PersistentKeepalive</span> <span class="o">=</span> <span class="mi">20</span>
-
-</pre></div>
-</div>
-<p>Your client should now be able to access the network! A client can be invalidated at any time by simply deleting it from the UI.</p>
+<h2 id="upgrade-the-server-netmaker">Upgrade the Server (netmaker)<a class="headerlink" href="#upgrade-the-server-netmaker" title="Permalink to this headline">¶</a></h2>
+<p>To upgrade the server, you only need to change the docker image versions:</p>
+<ol class="arabic simple">
+<li><p><cite>ssh root@my-server-ip</cite></p></li>
+<li><p><cite>docker compose down</cite></p></li>
+<li><p><cite>vi docker-compose.yml</cite></p></li>
+<li><p>Change gravitl/netmaker:&lt;version&gt; and gravitl/netmaker-ui:&lt;version&gt; to the new version.</p></li>
+<li><p>Save and close the file</p></li>
+<li><p><cite>docker-compose up -d</cite></p></li>
+</ol>
 
 
-<h2 id="configuring-dns-for-ext-clients-optional">Configuring DNS for Ext Clients (OPTIONAL)<a class="headerlink" href="#configuring-dns-for-ext-clients-optional" title="Permalink to this headline">¶</a></h2>
-<p>If you wish to have a DNS field on your ext clients conf, simply edit the network field as shown below to 1.1.1.1 or 8.8.8.8 for example.
-If you do not want DNS on your ext client conf files, simply leave it blank.</p>
-<a class="reference internal image-reference" href="_images/extclient5.png"><img alt="Gateway" class="align-center" src="_images/extclient5.png" style="width: 80%;"/></a>
-<p>Important to note, your client automatically adds egress gateway ranges (if any on the same network) to it’s allowed IPs.</p>
+<h2 id="upgrade-the-clients-netclient">Upgrade the Clients (netclient)<a class="headerlink" href="#upgrade-the-clients-netclient" title="Permalink to this headline">¶</a></h2>
+<p>To upgrade the client, you must get the new client binary and place it in /etc/netclient. Depending on the new vs. old version, there may be minor incompatibilities (discussed below).</p>
+<ol class="arabic simple">
+<li><p>Vists <a class="reference external" href="https://github.com/gravitl/netmaker/releases/">https://github.com/gravitl/netmaker/releases/</a></p></li>
+<li><p>Find the appropriate binary for your machine.</p></li>
+<li><p>Download. E.x.: <cite>wget https://github.com/gravitl/netmaker/releases/download/vX.X.X/netclient-myversion</cite></p></li>
+<li><p>Rename binary to <cite>netclient</cite> and move to folder. E.x.: <cite>mv netclient-myversion /etc/netclient/netclient</cite></p></li>
+<li><p><cite>netclient –version</cite> (confirm it’s the correct version)</p></li>
+<li><p><cite>netclient pull</cite></p></li>
+</ol>
+<p>This last step helps ensure any newly added fields are now present. You may run into a “panic” based on missing fields and your version mismatch. In such cases, you can either:</p>
+<ol class="arabic simple">
+<li><p>Add the missing field to /etc/netclient/config/netconfig-yournetwork and then run “netclient checkin”</p></li>
+</ol>
+<p>or</p>
+<ol class="arabic simple" start="2">
+<li><p>Leave and rejoin the network</p></li>
+</ol>
 
 
 

docs/_build/html/usage.html

@@ -46,7 +46,7 @@
   
   
   
-    <title>Using Netmaker &#8212; Netmaker 0.9.4 documentation</title>
+    <title>External Guides &#8212; Netmaker 0.9.4 documentation</title>
     <link rel="stylesheet" type="text/css" href="_static/pygments.css" />
     <link rel="stylesheet" type="text/css" href="_static/material.css" />
     <script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>
@@ -57,7 +57,7 @@
     <link rel="index" title="Index" href="genindex.html" />
     <link rel="search" title="Search" href="search.html" />
     <link rel="next" title="UI Reference" href="ui-reference.html" />
-    <link rel="prev" title="Relay Servers" href="relay-server.html" />
+    <link rel="prev" title="Integrating OAuth" href="oauth.html" />
   
    
 
@@ -94,7 +94,7 @@
       <div class="md-flex__cell md-flex__cell--stretch">
         <div class="md-flex__ellipsis md-header-nav__title" data-md-component="title">
           <span class="md-header-nav__topic">Netmaker Docs</span>
-          <span class="md-header-nav__topic"> Using Netmaker </span>
+          <span class="md-header-nav__topic"> External Guides </span>
         </div>
       </div>
       <div class="md-flex__cell md-flex__cell--shrink">
@@ -209,7 +209,7 @@
     <li class="md-nav__item">
     
     
-      <a href="about.html" class="md-nav__link">1. About</a>
+      <a href="about.html" class="md-nav__link">About</a>
       
     
     </li>
@@ -244,42 +244,49 @@
     <li class="md-nav__item">
     
     
-      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
+      <a href="external-clients.html" class="md-nav__link">Ingress + External Clients</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
+      <a href="egress-gateway.html" class="md-nav__link">Egress Gateway</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="client-installation.html" class="md-nav__link">Client Installation</a>
+      <a href="relay-server.html" class="md-nav__link">Relay Servers</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="external-clients.html" class="md-nav__link">Ingress GW + External Clients</a>
+      <a href="https://nm-k8s.readthedocs.io" class="md-nav__link">Kubernetes</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="egress-gateway.html" class="md-nav__link">Egress Gateway</a>
+      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
       
     
     </li>
     <li class="md-nav__item">
     
     
-      <a href="relay-server.html" class="md-nav__link">Relay Servers</a>
+      <a href="client-installation.html" class="md-nav__link">Advanced Client Installation</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
       
     
     </li>
@@ -287,23 +294,19 @@
     
     
     <input class="md-toggle md-nav__toggle" data-md-toggle="toc" type="checkbox" id="__toc">
-    <label class="md-nav__link md-nav__link--active" for="__toc"> Using Netmaker </label>
+    <label class="md-nav__link md-nav__link--active" for="__toc"> External Guides </label>
     
-      <a href="#" class="md-nav__link md-nav__link--active">Using Netmaker</a>
+      <a href="#" class="md-nav__link md-nav__link--active">External Guides</a>
       
         
 <nav class="md-nav md-nav--secondary">
     <label class="md-nav__title" for="__toc">Contents</label>
   <ul class="md-nav__list" data-md-scrollfix="">
-        <li class="md-nav__item"><a href="#usage--page-root" class="md-nav__link">Using Netmaker</a><nav class="md-nav">
-              <ul class="md-nav__list">
-        <li class="md-nav__item"><a href="#external-tutorials" class="md-nav__link">External Tutorials</a><nav class="md-nav">
+        <li class="md-nav__item"><a href="#usage--page-root" class="md-nav__link">External Guides</a><nav class="md-nav">
               <ul class="md-nav__list">
         <li class="md-nav__item"><a href="#video-tutorials" class="md-nav__link">Video Tutorials</a>
         </li>
         <li class="md-nav__item"><a href="#written-tutorials" class="md-nav__link">Written Tutorials</a>
-        </li></ul>
-            </nav>
         </li></ul>
             </nav>
         </li>
@@ -313,7 +316,14 @@
     <li class="md-nav__item">
     
     
-      <a href="#external-tutorials" class="md-nav__link">External Tutorials</a>
+      <a href="#video-tutorials" class="md-nav__link">Video Tutorials</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="#written-tutorials" class="md-nav__link">Written Tutorials</a>
       
     
     </li></ul>
@@ -382,15 +392,11 @@
 <nav class="md-nav md-nav--secondary">
     <label class="md-nav__title" for="__toc">Contents</label>
   <ul class="md-nav__list" data-md-scrollfix="">
-        <li class="md-nav__item"><a href="#usage--page-root" class="md-nav__link">Using Netmaker</a><nav class="md-nav">
-              <ul class="md-nav__list">
-        <li class="md-nav__item"><a href="#external-tutorials" class="md-nav__link">External Tutorials</a><nav class="md-nav">
+        <li class="md-nav__item"><a href="#usage--page-root" class="md-nav__link">External Guides</a><nav class="md-nav">
               <ul class="md-nav__list">
         <li class="md-nav__item"><a href="#video-tutorials" class="md-nav__link">Video Tutorials</a>
         </li>
         <li class="md-nav__item"><a href="#written-tutorials" class="md-nav__link">Written Tutorials</a>
-        </li></ul>
-            </nav>
         </li></ul>
             </nav>
         </li>
@@ -404,13 +410,10 @@
           <article class="md-content__inner md-typeset" role="main">
             
   
-<h1 id="usage--page-root">Using Netmaker<a class="headerlink" href="#usage--page-root" title="Permalink to this headline">¶</a></h1>
-<p>Netmaker has many different use cases, from a basic virtual network to an office gateway VPN to a Kubernetes underlay. It can be a bit overwhelming to figure out where to start. If you don’t find your use case here, but think Netmaker is a good fit, let us know!</p>
-
-<h2 id="external-tutorials">External Tutorials<a class="headerlink" href="#external-tutorials" title="Permalink to this headline">¶</a></h2>
-<p>Members of the community have created helpful tutorials for getting started with Netmaker. Below are some selected tutorials on different topics.</p>
+<h1 id="usage--page-root">External Guides<a class="headerlink" href="#usage--page-root" title="Permalink to this headline">¶</a></h1>
+<p>Netmaker has many use cases, from a basic virtual network to an office gateway VPN to a Kubernetes underlay. It can be a bit overwhelming to figure out where to start. If you don’t find your use case here, but think Netmaker is a good fit, let us know!</p>
 
-<h3 id="video-tutorials">Video Tutorials<a class="headerlink" href="#video-tutorials" title="Permalink to this headline">¶</a></h3>
+<h2 id="video-tutorials">Video Tutorials<a class="headerlink" href="#video-tutorials" title="Permalink to this headline">¶</a></h2>
 <ul class="simple">
 <li><p><a class="reference external" href="https://youtu.be/PWLPT320Ybo">Intro/Overview</a>: Tutorial on first-time usage, setting up a mesh network.</p></li>
 <li><p><a class="reference external" href="https://youtu.be/krCKBJhwwDk">Site-to-Site Gateway</a>: Tutorial on setting up site-to-site connections, allowing peers to access external networks via gateways.</p></li>
@@ -419,7 +422,7 @@
 </ul>
 
 
-<h3 id="written-tutorials">Written Tutorials<a class="headerlink" href="#written-tutorials" title="Permalink to this headline">¶</a></h3>
+<h2 id="written-tutorials">Written Tutorials<a class="headerlink" href="#written-tutorials" title="Permalink to this headline">¶</a></h2>
 <ul class="simple">
 <li><p><a class="reference external" href="https://itnext.io/how-to-deploy-a-single-kubernetes-cluster-across-multiple-clouds-using-k3s-and-wireguard-a5ae176a6e81">K3s Cross-cloud cluster</a>: Tutorial on setting up cross-cloud K3s clusters using Netmaker.</p></li>
 <li><p><a class="reference external" href="https://itnext.io/how-to-deploy-a-cross-cloud-kubernetes-cluster-with-built-in-disaster-recovery-bbce27fcc9d7">MicroK8s Cross-cloud cluster</a>: Tutorial on setting up cross-cloud MicroK8s clusters using Netmaker.</p></li>
@@ -429,7 +432,6 @@
 
 
 
-
           </article>
         </div>
       </div>
@@ -439,7 +441,7 @@
     <div class="md-footer-nav">
       <nav class="md-footer-nav__inner md-grid">
           
-            <a href="relay-server.html" title="Relay Servers"
+            <a href="oauth.html" title="Integrating OAuth"
                class="md-flex md-footer-nav__link md-footer-nav__link--prev"
                rel="prev">
               <div class="md-flex__cell md-flex__cell--shrink">
@@ -448,7 +450,7 @@
               <div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
                 <span class="md-flex__ellipsis">
                   <span
-                      class="md-footer-nav__direction"> Previous </span> Relay Servers </span>
+                      class="md-footer-nav__direction"> Previous </span> Integrating OAuth </span>
               </div>
             </a>
           

docs/client-installation.rst

@@ -1,6 +1,6 @@
-====================
-Client Installation
-====================
+================================
+Advanced Client Installation
+================================
 
 This document tells you how to install the netclient on machines that will be a part of your Netmaker network, as well as non-compatible systems.
 

docs/conf.py

@@ -70,4 +70,4 @@ html_sidebars = {
 # Add any paths that contain custom static files (such as style sheets) here,
 # relative to this directory. They are copied after the builtin static files,
 # so a file named "default.css" will overwrite the builtin "default.css".
-html_static_path = ['_static']
+# html_static_path = ['_static']

docs/egress-gateway.rst

@@ -5,68 +5,92 @@ Egress Gateway
 Introduction
 ===============
 
-Netmaker allows for "external clients" to reach into a network and access services via an Ingress Gateway. So what is an "external client"? An external client is any machine which cannot or should not be meshed. This can include:
-        - Phones
-        - Laptops
-        - Desktops
+.. image:: images/egress1.png
+   :width: 80%
+   :alt: Gateway
+   :align: center
 
-An external client is not "managed," meaning it does not automatically pull the latest network configuration, or push changes to its configuration. Instead, it uses a generated WireGuard config file to access the designated **Ingress Gateway**, which **is** a managed server (running netclient). This server then forwards traffic to the appropriate endpoint, acting as a middle-man/relay.
+Netmaker allows your clients to reach external networks via an Egress Gateway. The Egress Gateway is a netclient which has been deployed to a server or router with access to a given subnet.
 
-By using this method, you can hook any machine into a netmaker network that can run WireGuard.
+In the netmaker UI, that node is set as an "egress gateway." Range(s) are specified which this node has access to. Once created, all clients (and all new ext clients) in the network will be able to reach those ranges via the gateway.
 
-It is recommended to run the netclient where compatible, but for all other cases, a machine can be configured as an external client.
+Configuring an Egress Gateway
+==================================
 
-Important to note, an external client is not **reachable** by the network, meaning the client can establish connections to other machines, but those machines cannot independently establish a connection back. The External Client method should only be used in use cases where one wishes to access resource running on the virtual network, and **not** for use cases where one wishes to make a resource accessible on the network. For that, use netclient.
+Configuring an Egress Gateway is very straight forward. As a prerequisite, you must know what you are trying to access remotely. For instance:
 
-Configuring an Ingress Gateway
-==================================
+- a VPC
+- a Kubernetes network
+- a home network
+- an office network
+- a data center
+
+After you have determined this, you must next deploy a netclient in a compatible location where the network is accessible. For instance, a Linux server or router in the office, or a Kubernetes worker node. This machine should be stable and relatively static (not expected to change its IP frequently or shut down unexpectedly).
 
-External Clients must attach to an Ingress Gateway. By default, your network will not have an ingress gateway. To configure an ingress gateway, you can use any node in your network, but it should have a public IP address (not behind a NAT). Your Netmaker server can be an ingress gateway and makes for a good default choice if you are unsure of which node to select.
+Next, you must determine which interface to use in order to reach the internal network. As an example, lets say there is a machine in the network at 10.10.10.2, and you have deployed the netclient on a different machine. You can run 
 
-.. image:: images/exclient1.png
+.. code-block::
+
+   ip route get 10.10.10.2
+
+This should return the interface used to reach that address (e.x. "eth2")
+
+Finally, once you have determined the interface, the subnet, and deployed your netclient, you can go to your Netmaker UI and set the node as a gateway.
+
+.. image:: images/egress7.png
    :width: 80%
    :alt: Gateway
    :align: center
 
-Adding Clients to a Gateway
-=============================
-
-Once you have configured a node as a gateway, you can then add clients to that gateway. Clients will be able to access other nodes in the network just as the gateway node does.
+At this point simply insert the range(s) into the first field, and the interface name into the second field, and click "create".
 
-.. image:: images/exclient2.png
+.. image:: images/ui-6.jpg
    :width: 80%
    :alt: Gateway
    :align: center
 
-After creating a client, you can edit the name to something more logical.
+Netmaker will set iptables rules on the node, which will then implement these rules, allowing it to route traffic from the network to the specified range(s).
 
-.. image:: images/exclient3.png
+Use Cases
+============
+
+1) Remote Access
+-------------------
+
+A common scenario would be to combine this with an "Ingress Gateway" to create a simple method for accessing a home or office network. Such a setup would typically have only two nodes: the ingress and egress gateways. The Ingress Gateway should usually be globally accessible, which makes the Netmaker server itself a good candidate. This means you need only the netmaker server as the Ingress, and one additional machine (in the private network you wish to reach), as the Egress.
+
+.. image:: images/egress2.png
    :width: 80%
    :alt: Gateway
    :align: center
 
-Then, you can either download the configuration file directly, or scan the QR code from your phone (assuming you have the WireGuard app installed). It will accept the configuration just as it would accept a typical WireGuard configuration file.
+In some scenarios, a single node will act as both ingress and egress! For instance, you can enable acess to a VPC using your Netmaker server, deployed with a public IP. Traffic comes in over the public IP (encrypted of course) and then routes to the VPC subnet via the egress gateway.
 
-.. image:: images/exclient4.png
-   :width: 80%
+.. image:: images/egress3.png
+   :width: 50%
    :alt: Gateway
    :align: center
 
-Example config file: 
+2) VPN / NAT Gateway
+-----------------------
 
-.. literalinclude:: ./examplecode/myclient.conf
+Most people think of a VPN as a remote server that keeps your internet traffic secure while you browse the web, or as a tool for accessing internet services in another country,using a VPN server based in that country.
 
-Your client should now be able to access the network! A client can be invalidated at any time by simply deleting it from the UI.
+These are not typical use cases for Netmaker, but can be easily enabled.
 
-Configuring DNS for Ext Clients (OPTIONAL)
-============================================
+**The most important note is this: Do not use 0.0.0.0/0 as your egress gateway.** This is how you typically set up a "standard" VPN with WireGuard, however, it will not work with Netmaker. The Netclient specifically ignores gateways that overlap with local ranges (for efficiency ranges). 0.0.0.0 overlaps with everything, so it is always ignored.
 
-If you wish to have a DNS field on your ext clients conf, simply edit the network field as shown below to 1.1.1.1 or 8.8.8.8 for example.
-If you do not want DNS on your ext client conf files, simply leave it blank.
+Instead, use the following list of ranges:
 
-.. image:: images/extclient5.png
-   :width: 80%
+.. code-block::
+
+   0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/3,160.0.0.0/5,168.0.0.0/6,172.0.0.0/12,172.32.0.0/11,172.64.0.0/10,172.128.0.0/9,173.0.0.0/8,174.0.0.0/7,176.0.0.0/4,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4
+
+This list encompasses the standard "public" network ranges, and ignores the standard "private" network ranges.
+
+Simply paste this list into your "egress gateway ranges" and your clients should begin routing public-facing traffic over the gateway.
+
+.. image:: images/egress5.png
+   :width: 50%
    :alt: Gateway
    :align: center
-
-Important to note, your client automatically adds egress gateway ranges (if any on the same network) to it's allowed IPs.

docs/external-clients.rst

@@ -5,6 +5,11 @@ Ingress + External Clients
 Introduction
 ===============
 
+.. image:: images/ingress1.png
+   :width: 50%
+   :alt: Gateway
+   :align: center
+
 Netmaker allows for "external clients" to reach into a network and access services via an Ingress Gateway. So what is an "external client"? An external client is any machine which cannot or should not be meshed. This can include:
         - Phones
         - Laptops

docs/index.rst

@@ -25,114 +25,100 @@ This documentation covers Netmaker's :doc:`installation <./server-installation>`
 
 **For Kubernetes-specific guidance, please see the** `Netmaker Kubernetes Documentation. <https://nm-k8s.readthedocs.io>`_
 
-.. :raw-html:`<br />`
-
-.. .. raw:: html
-..   :file: youtube-1.html
-
 About
 --------
 
+High-level information about what Netmaker is and how it works.
+
 .. toctree::
    :maxdepth: 2
 
    about
-
-A quick overview of Netmaker, explaining what it is, how it works, and why you should be using it.
-
-Architecture
----------------
-
-A technical overview of Netmaker, including design decisions and limitations.
-
-.. toctree::
-   :maxdepth: 2
    
    architecture
 
-Install
+Getting Started
 ------------------------------------
 
-Choose the right install method for you.
+How to install Netmaker and set up your first network.
 
 .. toctree::
-   :maxdepth: 1
+   :maxdepth: 2
 
    install
 
-Quick Start
----------------
-
-A quick start guide to getting up and running with Netmaker and WireGuard as quickly as possible.
-
-.. toctree::
-   :maxdepth: 2
-
    quick-start
 
-.. toctree::
-   :maxdepth: 2
-
    getting-started
 
-Server Installation
---------------------
+Ingress, Egress, and Relays
+------------------------------
 
-A detailed guide to installing the Netmaker server (API, DB, UI, DNS), and configuration options.
+How to give machines outside of the Netmaker network access to network resources via an Ingress Gateway:
 
 .. toctree::
    :maxdepth: 2
    
-   server-installation
+   external-clients
 
-Oauth Configuration
---------------------
+How to give machines inside the Netmaker network access to external network resources via an Egress Gateway:
 
-A simple guide to configuring OAuth for Netmaker.
 
 .. toctree::
    :maxdepth: 2
    
-   oauth
+   egress-gateway
 
+How to make machines inside the network reachable if they are blocked by NAT/Firewall:
 
-Client Installation
---------------------
+.. toctree::
+   :maxdepth: 2
+   
+   relay-server
 
-A detailed guide to installing the Netmaker agent (netclient) on devices and configuration options.
+Kubernetes Documentation
+---------------------------
 
 .. toctree::
-   :maxdepth: 2
+
+   Kubernetes <https://nm-k8s.readthedocs.io>
    
-   client-installation
+`Netmaker Kubernetes Documentation <https://nm-k8s.readthedocs.io>`_
 
-Ingress, Egress, and Relays
-------------------------------
 
-**Ingress:** A guide on how to give machines outside of the Netmaker network access to network resources via an Ingress Gateway.
+Advanced Server Installation
+-------------------------------
+
+A detailed guide to installing the Netmaker server (API, DB, UI, DNS), and configuration options.
 
 .. toctree::
-   :maxdepth: 1
+   :maxdepth: 2
    
-   external-clients
+   server-installation
 
-**Egress:** A guide on how to give machines inside the Netmaker network access to external network resources via an Egress Gateway.
+Advanced Client Installation
+--------------------------------
 
+A detailed guide to installing the Netmaker agent (netclient) on devices and configuration options.
 
 .. toctree::
-   :maxdepth: 1
+   :maxdepth: 2
    
-   egress-gateway
+   client-installation
+
+
+Oauth Configuration
+--------------------
 
-**Relay:** A guide on how to make machines inside the network reachable if they are blocked by NAT/Firewall.
+A simple guide to configuring OAuth for Netmaker.
 
 .. toctree::
-   :maxdepth: 1
+   :maxdepth: 2
    
-   relay-server
+   oauth
 
 
-Guides
+External Guides
 ----------------
 
 A handful of guides for use cases including site-to-site, Kubernetes, private DNS, and more.
@@ -157,8 +143,6 @@ API Reference
 
 A reference document for the Netmaker Server API, and example API calls for various use cases.
 
-**Coming Soon:** Swagger Documentation
-
 .. toctree::
    :maxdepth: 1
 

docs/relay-server.rst

@@ -5,68 +5,32 @@ Relay Servers
 Introduction
 ===============
 
-Netmaker allows for "external clients" to reach into a network and access services via an Ingress Gateway. So what is an "external client"? An external client is any machine which cannot or should not be meshed. This can include:
-        - Phones
-        - Laptops
-        - Desktops
-
-An external client is not "managed," meaning it does not automatically pull the latest network configuration, or push changes to its configuration. Instead, it uses a generated WireGuard config file to access the designated **Ingress Gateway**, which **is** a managed server (running netclient). This server then forwards traffic to the appropriate endpoint, acting as a middle-man/relay.
-
-By using this method, you can hook any machine into a netmaker network that can run WireGuard.
-
-It is recommended to run the netclient where compatible, but for all other cases, a machine can be configured as an external client.
-
-Important to note, an external client is not **reachable** by the network, meaning the client can establish connections to other machines, but those machines cannot independently establish a connection back. The External Client method should only be used in use cases where one wishes to access resource running on the virtual network, and **not** for use cases where one wishes to make a resource accessible on the network. For that, use netclient.
-
-Configuring an Ingress Gateway
-==================================
-
-External Clients must attach to an Ingress Gateway. By default, your network will not have an ingress gateway. To configure an ingress gateway, you can use any node in your network, but it should have a public IP address (not behind a NAT). Your Netmaker server can be an ingress gateway and makes for a good default choice if you are unsure of which node to select.
-
-.. image:: images/exclient1.png
+.. image:: images/relay1.png
    :width: 80%
-   :alt: Gateway
+   :alt: Relay
    :align: center
 
-Adding Clients to a Gateway
-=============================
+Sometimes nodes are in hard-to-reach places. Typically this will be due to a CGNAT, Double NAT, or restrictive firewall. In such scenarios, a direct peer-to-peer connection with all other nodes might be impossible.
 
-Once you have configured a node as a gateway, you can then add clients to that gateway. Clients will be able to access other nodes in the network just as the gateway node does.
+For this reason, Netmaker has a Relay Server functionality. At any time you may designate a publicly reachable node (such as the Netmaker Server) as a Relay, and tell it which machines it should relay. Then, all traffic routing to and from that machine will go through the relay. This allows you to circumvent the above issues and ensure connectivity when direct measures do not work.
 
-.. image:: images/exclient2.png
-   :width: 80%
-   :alt: Gateway
-   :align: center
+Configuring a Relay
+==================================
 
-After creating a client, you can edit the name to something more logical.
+To create a relay, you can use any node in your network, but it should have a public IP address (not behind a NAT). Your Netmaker server can be a relay server and makes for a good default choice if you are unsure of which node to select.
 
-.. image:: images/exclient3.png
-   :width: 80%
-   :alt: Gateway
-   :align: center
+Simply click the relay button in the nodes list. Then, specify the nodes which it should relay. You can either enter the IP's directly, select from a list, or click "Select All."
 
-Then, you can either download the configuration file directly, or scan the QR code from your phone (assuming you have the WireGuard app installed). It will accept the configuration just as it would accept a typical WireGuard configuration file.
-
-.. image:: images/exclient4.png
+.. image:: images/ui-7.jpg
    :width: 80%
-   :alt: Gateway
+   :alt: Relay
    :align: center
 
-Example config file: 
-
-.. literalinclude:: ./examplecode/myclient.conf
+If you choose "select all" this essentially turns your network into a hub-and-spoke network. All traffic now routes over the relay node. This can create a bottleneck and slow down your network, but in some scenarios may simplify network operations.
 
-Your client should now be able to access the network! A client can be invalidated at any time by simply deleting it from the UI.
+After creation, you can change the list of relayed nodes by clicking "edit node" and editing the list (Field #12 below).
 
-Configuring DNS for Ext Clients (OPTIONAL)
-============================================
-
-If you wish to have a DNS field on your ext clients conf, simply edit the network field as shown below to 1.1.1.1 or 8.8.8.8 for example.
-If you do not want DNS on your ext client conf files, simply leave it blank.
-
-.. image:: images/extclient5.png
-   :width: 80%
-   :alt: Gateway
+.. image:: images/ui-5.jpg
+   :width: 40%
+   :alt: Relay
    :align: center
-
-Important to note, your client automatically adds egress gateway ranges (if any on the same network) to it's allowed IPs.

docs/support.rst

@@ -5,25 +5,10 @@ Support
 FAQ
 ======
 
-Does/Will Netmaker Support X Operating System?
---------------------------------------------------
-
-Netmaker is initially available on a limited number of operating systems for good reason: Every operating system is designed differently. With a small team, we can either focus on making Netmaker do a lot on a few number of operating systems, or a little on a bunch of operating systems. We chose the first option. You can view the System Compatibility docs for more info, but in general, you should only be using Netmaker on systemd linux right now.
-
-However, via "external clients", any device that supports WireGuard can be added to the network. 
-
-In future iterations will expand the operating system support for Netclient, and devices that must use the "external client" feature can switch to Netclient.
-
-How do I install the Netclient on X?
----------------------------------------
-
-As per the above, there are many unsupported operating systems. You are still welcome to try, it is just an executable binary file after all. If the system is unix-based and has kernel WireGuard installed, netclient may very well mesh the device into the network. However, the service likely will encounter problems retrieving updates.
-
-
 Is Netmaker a VPN like NordNPN?
 --------------------------------
 
-No. Netmaker makes Virtual Networks, which are technically VPNs, but different. It's more like a corporate VPN, or a VPC (if you're familiar with AWS).
+No. Netmaker makes Virtual Networks, which are technically VPNs, but different. It's more like a corporate VPN, or a VPC (if you're familiar with AWS). Netmaker is often compared to OpenVPN, Tailscale, or Nebula.
 
 If you're looking to achieve self-hosted web browsing, with functionality similar to NordVPN, ExpressVPN, Surfshark, Tunnelbear, or Private Internet Access, this is probably not the project for you. Technically, you can accomplish this with Netmaker, but it would be a little like using a all-terrain vehicle for stock car racing.
 
@@ -34,23 +19,25 @@ https://github.com/pivpn/pivpn
 https://github.com/subspacecloud/subspace
 https://github.com/mullvad/mullvadvpn-app
 
-Do you offer any enterprise support?
---------------------------------------
+Do you have an 'Exit Nodes' feature?
+---------------------------------------
 
-If you are interested in enterprise support for your project, please contact [email protected].
+Please see the :doc:`Egress Gateway <./egress-gateway>` documentation.
 
+Do you offer any business or enterprise support?
+---------------------------------------------------
 
-Why the SSPL License?
-----------------------
+Yes, please contact [email protected] or visit https://gravitl.com/plans.
 
-We thought long and hard about the license. Ultimately, we think this is the best way to support and ensure the health of the project long term. The community deserves something that is well-maintained, and in order to do that, eventually we need some financial support. We won't do that by limiting the project, but we will offer some additional support, and hosted options for things people would end up paying for anyway (relay servers, load balancing support, backups). 
 
-While SSPL is not an OSI-approved open source license, it let's people generally run the project however they want, both for private use and business use, without running into the issue of someone else monetizing the project and making it financially untenable. We are working on making the guidelines clear, and will make sure that the license does not impact the communities ability to use and modify the project.
+Why the SSPL License?
+----------------------
 
-If you have concerns about the license leading to project restrictions down the road, just know that there are other paid, closed-source/closed-core options out there, so beyond not wanting to follow that path, we also don't think it's a good idea economically either. We firmly believe that having the project open is not only right, but the best option.
+As of now, we think the SSPL is the best way to ensure the long-term viability of the project, but we are regularly evaluating this to see if an OSI-approved license makes more sense.
 
-All that said, we will re-evaluate the license on a regular basis and determine if an OSI-approved license makes more sense. It's just easier to move from SSPL to another license than vice-versa.
+We believe the SSPL lets most people run the project the way they want, for both for private use and business use, while giving us a path to maintain viability. We are working to make sure the guidelines clear, and do not want the license to impact the community's ability to use and modify the project.
 
+If you believe the SSPL will negatively impact your ability to use the project, please do not hesitate to reach out.
 
 Contact
 ===========

docs/upgrades.rst

@@ -5,68 +5,36 @@ Upgrades
 Introduction
 ===============
 
-Netmaker allows for "external clients" to reach into a network and access services via an Ingress Gateway. So what is an "external client"? An external client is any machine which cannot or should not be meshed. This can include:
-        - Phones
-        - Laptops
-        - Desktops
+As of 0.9.4, upgrading Netmaker is a manual process. This is expected to be automated in the future, but for now is still a relatively straightforward process. 
 
-An external client is not "managed," meaning it does not automatically pull the latest network configuration, or push changes to its configuration. Instead, it uses a generated WireGuard config file to access the designated **Ingress Gateway**, which **is** a managed server (running netclient). This server then forwards traffic to the appropriate endpoint, acting as a middle-man/relay.
-
-By using this method, you can hook any machine into a netmaker network that can run WireGuard.
-
-It is recommended to run the netclient where compatible, but for all other cases, a machine can be configured as an external client.
-
-Important to note, an external client is not **reachable** by the network, meaning the client can establish connections to other machines, but those machines cannot independently establish a connection back. The External Client method should only be used in use cases where one wishes to access resource running on the virtual network, and **not** for use cases where one wishes to make a resource accessible on the network. For that, use netclient.
-
-Configuring an Ingress Gateway
+Upgrade the Server (netmaker)
 ==================================
 
-External Clients must attach to an Ingress Gateway. By default, your network will not have an ingress gateway. To configure an ingress gateway, you can use any node in your network, but it should have a public IP address (not behind a NAT). Your Netmaker server can be an ingress gateway and makes for a good default choice if you are unsure of which node to select.
-
-.. image:: images/exclient1.png
-   :width: 80%
-   :alt: Gateway
-   :align: center
-
-Adding Clients to a Gateway
-=============================
+To upgrade the server, you only need to change the docker image versions:
 
-Once you have configured a node as a gateway, you can then add clients to that gateway. Clients will be able to access other nodes in the network just as the gateway node does.
+1. `ssh root@my-server-ip`
+2. `docker compose down`
+3. `vi docker-compose.yml`
+4. Change gravitl/netmaker:<version> and gravitl/netmaker-ui:<version> to the new version.
+5. Save and close the file
+6. `docker-compose up -d`
 
-.. image:: images/exclient2.png
-   :width: 80%
-   :alt: Gateway
-   :align: center
-
-After creating a client, you can edit the name to something more logical.
-
-.. image:: images/exclient3.png
-   :width: 80%
-   :alt: Gateway
-   :align: center
-
-Then, you can either download the configuration file directly, or scan the QR code from your phone (assuming you have the WireGuard app installed). It will accept the configuration just as it would accept a typical WireGuard configuration file.
-
-.. image:: images/exclient4.png
-   :width: 80%
-   :alt: Gateway
-   :align: center
-
-Example config file: 
+Upgrade the Clients (netclient)
+==================================
 
-.. literalinclude:: ./examplecode/myclient.conf
+To upgrade the client, you must get the new client binary and place it in /etc/netclient. Depending on the new vs. old version, there may be minor incompatibilities (discussed below).
 
-Your client should now be able to access the network! A client can be invalidated at any time by simply deleting it from the UI.
+1. Vists https://github.com/gravitl/netmaker/releases/
+2. Find the appropriate binary for your machine.
+3. Download. E.x.: `wget https://github.com/gravitl/netmaker/releases/download/vX.X.X/netclient-myversion`
+4. Rename binary to `netclient` and move to folder. E.x.: `mv netclient-myversion /etc/netclient/netclient`
+5. `netclient --version` (confirm it's the correct version)
+6. `netclient pull`
 
-Configuring DNS for Ext Clients (OPTIONAL)
-============================================
+This last step helps ensure any newly added fields are now present. You may run into a "panic" based on missing fields and your version mismatch. In such cases, you can either:
 
-If you wish to have a DNS field on your ext clients conf, simply edit the network field as shown below to 1.1.1.1 or 8.8.8.8 for example.
-If you do not want DNS on your ext client conf files, simply leave it blank.
+1. Add the missing field to /etc/netclient/config/netconfig-yournetwork and then run "netclient checkin"
 
-.. image:: images/extclient5.png
-   :width: 80%
-   :alt: Gateway
-   :align: center
+or
 
-Important to note, your client automatically adds egress gateway ranges (if any on the same network) to it's allowed IPs.
+2. Leave and rejoin the network

docs/usage.rst

@@ -1,16 +1,12 @@
-==============
-Using Netmaker
-==============
+=================
+External Guides
+=================
 
-Netmaker has many different use cases, from a basic virtual network to an office gateway VPN to a Kubernetes underlay. It can be a bit overwhelming to figure out where to start. If you don't find your use case here, but think Netmaker is a good fit, let us know!
+Netmaker has many use cases, from a basic virtual network to an office gateway VPN to a Kubernetes underlay. It can be a bit overwhelming to figure out where to start. If you don't find your use case here, but think Netmaker is a good fit, let us know!
 
-External Tutorials
+Video Tutorials
 ==================
 
-Members of the community have created helpful tutorials for getting started with Netmaker. Below are some selected tutorials on different topics.
-
-Video Tutorials
----------------
 * `Intro/Overview <https://youtu.be/PWLPT320Ybo>`_: Tutorial on first-time usage, setting up a mesh network.
 * `Site-to-Site Gateway <https://youtu.be/krCKBJhwwDk>`_: Tutorial on setting up site-to-site connections, allowing peers to access external networks via gateways.
 * `IPv6 and Private DNS <https://youtu.be/b4diaKWUcXI>`_: Tutorial on dual-stack IPv6 in Netmaker and Private DNS management (separate topics).
@@ -18,7 +14,8 @@ Video Tutorials
 
 
 Written Tutorials
------------------
+==================
+
 * `K3s Cross-cloud cluster <https://itnext.io/how-to-deploy-a-single-kubernetes-cluster-across-multiple-clouds-using-k3s-and-wireguard-a5ae176a6e81>`_: Tutorial on setting up cross-cloud K3s clusters using Netmaker.
 * `MicroK8s Cross-cloud cluster <https://itnext.io/how-to-deploy-a-cross-cloud-kubernetes-cluster-with-built-in-disaster-recovery-bbce27fcc9d7>`_: Tutorial on setting up cross-cloud MicroK8s clusters using Netmaker.
 * `Secure access to private services <https://afeiszli.medium.com/how-to-enable-secure-access-to-your-hosted-services-using-netmaker-and-wireguard-1b3282d4b7aa>`_: Tutorial on setting up secure Nextcloud with Netmaker.