Curious what other people’s setups are with the server hosting. Do you expose Netmaker bastion to the public Internet for all your VPC, where the bastion lives outside the VPC? That’s what they recommended to me when I set mine up but I also explored putting my bastion inside my VPC and exposing it to the internet

Sorry about the late reply.

> Do you expose Netmaker bastion to the public Internet for all your VPC

Yes

> , where the bastion lives outside the VPC?

No, but I imagine you're talking about Subnets? which in that case Yes.

We run multiple Subnets. Only bastion machines live in public subnets while pretty much everything else is in private ones that routes via NATs.

Thanks for the feedback. Just wondering, with 0.0.0.0, are you accessing using "external clients" or the regular netclient?

Love the product! Sorry for the late reply.

> are you accessing using "external clients" or the regular netclient?

"External Clients" on OSX Wireguard.

[More Info]

The use case that we have is when we need access an Akami Network through a whitelisted IP during development.

Our AWS networks have a Priv Subnet w/ a static IP NAT and a Public Subnet, both prod and staging.

Since wanted our all our local machine's traffic to go through the AWS NAT we hoped for: Local -> Bastion EC2 (Public Subnet) -> EC2 (Private Subnet) -> NAT -> Internet.

So to get setup, we tested: Local -> Bastion EC2 (Public Subnet) -> Internet. When we set the Bastion EC2 to have Egress of 0.0.0.0 the Wireguard's Handshake would never complete, just hang.

Let me know if there's anything else I can provide.

you're using it for office network or server infra?

did you compare it to others, what made you go with netmaker?

Server infra on AWS. Admitttedly we didn't test any others because after looking at Netmaker we were satisfied.

try mss clamping