0.9.4 docs

2025-10-31 04:06:37 +08:00 · 2022-01-16 10:09:19 -05:00
parent 72c62793d3
commit f5299ea338
56 changed files with 905 additions and 1070 deletions
--- a/docs/_build/doctrees/client-installation.doctree
+++ b/docs/_build/doctrees/client-installation.doctree
--- a/docs/_build/doctrees/egress-gateway.doctree
+++ b/docs/_build/doctrees/egress-gateway.doctree
--- a/docs/_build/doctrees/environment.pickle
+++ b/docs/_build/doctrees/environment.pickle
--- a/docs/_build/doctrees/external-clients.doctree
+++ b/docs/_build/doctrees/external-clients.doctree
--- a/docs/_build/doctrees/index.doctree
+++ b/docs/_build/doctrees/index.doctree
--- a/docs/_build/doctrees/relay-server.doctree
+++ b/docs/_build/doctrees/relay-server.doctree
--- a/docs/_build/doctrees/support.doctree
+++ b/docs/_build/doctrees/support.doctree
--- a/docs/_build/doctrees/upgrades.doctree
+++ b/docs/_build/doctrees/upgrades.doctree
--- a/docs/_build/doctrees/usage.doctree
+++ b/docs/_build/doctrees/usage.doctree
--- a/docs/_build/html/_images/egress1.png
+++ b/docs/_build/html/_images/egress1.png
--- a/docs/_build/html/_images/egress2.png
+++ b/docs/_build/html/_images/egress2.png
--- a/docs/_build/html/_images/egress3.png
+++ b/docs/_build/html/_images/egress3.png
--- a/docs/_build/html/_images/egress4.png
+++ b/docs/_build/html/_images/egress4.png
--- a/docs/_build/html/_images/egress5.png
+++ b/docs/_build/html/_images/egress5.png
--- a/docs/_build/html/_images/egress7.png
+++ b/docs/_build/html/_images/egress7.png
--- a/docs/_build/html/_images/ingress1.png
+++ b/docs/_build/html/_images/ingress1.png
--- a/docs/_build/html/_images/relay1.png
+++ b/docs/_build/html/_images/relay1.png
--- a/docs/_build/html/_sources/client-installation.rst.txt
+++ b/docs/_build/html/_sources/client-installation.rst.txt
@@ -1,6 +1,6 @@
-====================
-Client Installation
-====================
+================================
+Advanced Client Installation
+================================

 This document tells you how to install the netclient on machines that will be a part of your Netmaker network, as well as non-compatible systems.

--- a/docs/_build/html/_sources/egress-gateway.rst.txt
+++ b/docs/_build/html/_sources/egress-gateway.rst.txt
@@ -5,68 +5,92 @@ Egress Gateway
 Introduction
 ===============

-Netmaker allows for "external clients" to reach into a network and access services via an Ingress Gateway. So what is an "external client"? An external client is any machine which cannot or should not be meshed. This can include:
-        - Phones
-        - Laptops
-        - Desktops
+.. image:: images/egress1.png
+   :width: 80%
+   :alt: Gateway
+   :align: center

-An external client is not "managed," meaning it does not automatically pull the latest network configuration, or push changes to its configuration. Instead, it uses a generated WireGuard config file to access the designated **Ingress Gateway**, which **is** a managed server (running netclient). This server then forwards traffic to the appropriate endpoint, acting as a middle-man/relay.
+Netmaker allows your clients to reach external networks via an Egress Gateway. The Egress Gateway is a netclient which has been deployed to a server or router with access to a given subnet.

-By using this method, you can hook any machine into a netmaker network that can run WireGuard.
+In the netmaker UI, that node is set as an "egress gateway." Range(s) are specified which this node has access to. Once created, all clients (and all new ext clients) in the network will be able to reach those ranges via the gateway.

-It is recommended to run the netclient where compatible, but for all other cases, a machine can be configured as an external client.
-
-Important to note, an external client is not **reachable** by the network, meaning the client can establish connections to other machines, but those machines cannot independently establish a connection back. The External Client method should only be used in use cases where one wishes to access resource running on the virtual network, and **not** for use cases where one wishes to make a resource accessible on the network. For that, use netclient.
-
-Configuring an Ingress Gateway
+Configuring an Egress Gateway
 ==================================

-External Clients must attach to an Ingress Gateway. By default, your network will not have an ingress gateway. To configure an ingress gateway, you can use any node in your network, but it should have a public IP address (not behind a NAT). Your Netmaker server can be an ingress gateway and makes for a good default choice if you are unsure of which node to select.
+Configuring an Egress Gateway is very straight forward. As a prerequisite, you must know what you are trying to access remotely. For instance:

-.. image:: images/exclient1.png
+- a VPC
+- a Kubernetes network
+- a home network
+- an office network
+- a data center
+
+After you have determined this, you must next deploy a netclient in a compatible location where the network is accessible. For instance, a Linux server or router in the office, or a Kubernetes worker node. This machine should be stable and relatively static (not expected to change its IP frequently or shut down unexpectedly).
+
+Next, you must determine which interface to use in order to reach the internal network. As an example, lets say there is a machine in the network at 10.10.10.2, and you have deployed the netclient on a different machine. You can run 
+
+.. code-block::
+
+   ip route get 10.10.10.2
+
+This should return the interface used to reach that address (e.x. "eth2")
+
+Finally, once you have determined the interface, the subnet, and deployed your netclient, you can go to your Netmaker UI and set the node as a gateway.
+
+.. image:: images/egress7.png
   :width: 80%
   :alt: Gateway
   :align: center

-Adding Clients to a Gateway
-=============================
+At this point simply insert the range(s) into the first field, and the interface name into the second field, and click "create".

-Once you have configured a node as a gateway, you can then add clients to that gateway. Clients will be able to access other nodes in the network just as the gateway node does.
-
-.. image:: images/exclient2.png
+.. image:: images/ui-6.jpg
   :width: 80%
   :alt: Gateway
   :align: center

-After creating a client, you can edit the name to something more logical.
+Netmaker will set iptables rules on the node, which will then implement these rules, allowing it to route traffic from the network to the specified range(s).

-.. image:: images/exclient3.png
+Use Cases
+============
+
+1) Remote Access
+-------------------
+
+A common scenario would be to combine this with an "Ingress Gateway" to create a simple method for accessing a home or office network. Such a setup would typically have only two nodes: the ingress and egress gateways. The Ingress Gateway should usually be globally accessible, which makes the Netmaker server itself a good candidate. This means you need only the netmaker server as the Ingress, and one additional machine (in the private network you wish to reach), as the Egress.
+
+.. image:: images/egress2.png
   :width: 80%
   :alt: Gateway
   :align: center

-Then, you can either download the configuration file directly, or scan the QR code from your phone (assuming you have the WireGuard app installed). It will accept the configuration just as it would accept a typical WireGuard configuration file.
+In some scenarios, a single node will act as both ingress and egress! For instance, you can enable acess to a VPC using your Netmaker server, deployed with a public IP. Traffic comes in over the public IP (encrypted of course) and then routes to the VPC subnet via the egress gateway.

-.. image:: images/exclient4.png
-   :width: 80%
+.. image:: images/egress3.png
+   :width: 50%
   :alt: Gateway
   :align: center

-Example config file: 
+2) VPN / NAT Gateway
+-----------------------

-.. literalinclude:: ./examplecode/myclient.conf
+Most people think of a VPN as a remote server that keeps your internet traffic secure while you browse the web, or as a tool for accessing internet services in another country,using a VPN server based in that country.

-Your client should now be able to access the network! A client can be invalidated at any time by simply deleting it from the UI.
+These are not typical use cases for Netmaker, but can be easily enabled.

-Configuring DNS for Ext Clients (OPTIONAL)
-============================================
+**The most important note is this: Do not use 0.0.0.0/0 as your egress gateway.** This is how you typically set up a "standard" VPN with WireGuard, however, it will not work with Netmaker. The Netclient specifically ignores gateways that overlap with local ranges (for efficiency ranges). 0.0.0.0 overlaps with everything, so it is always ignored.

-If you wish to have a DNS field on your ext clients conf, simply edit the network field as shown below to 1.1.1.1 or 8.8.8.8 for example.
-If you do not want DNS on your ext client conf files, simply leave it blank.
+Instead, use the following list of ranges:

-.. image:: images/extclient5.png
-   :width: 80%
+.. code-block::
+
+   0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/3,160.0.0.0/5,168.0.0.0/6,172.0.0.0/12,172.32.0.0/11,172.64.0.0/10,172.128.0.0/9,173.0.0.0/8,174.0.0.0/7,176.0.0.0/4,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4
+
+This list encompasses the standard "public" network ranges, and ignores the standard "private" network ranges.
+
+Simply paste this list into your "egress gateway ranges" and your clients should begin routing public-facing traffic over the gateway.
+
+.. image:: images/egress5.png
+   :width: 50%
   :alt: Gateway
   :align: center
-
-Important to note, your client automatically adds egress gateway ranges (if any on the same network) to it's allowed IPs.
--- a/docs/_build/html/_sources/external-clients.rst.txt
+++ b/docs/_build/html/_sources/external-clients.rst.txt
@@ -5,6 +5,11 @@ Ingress + External Clients
 Introduction
 ===============

+.. image:: images/ingress1.png
+   :width: 50%
+   :alt: Gateway
+   :align: center
+
 Netmaker allows for "external clients" to reach into a network and access services via an Ingress Gateway. So what is an "external client"? An external client is any machine which cannot or should not be meshed. This can include:
        - Phones
        - Laptops
--- a/docs/_build/html/_sources/index.rst.txt
+++ b/docs/_build/html/_sources/index.rst.txt
@@ -25,58 +25,69 @@ This documentation covers Netmaker's :doc:`installation <./server-installation>`

 **For Kubernetes-specific guidance, please see the** `Netmaker Kubernetes Documentation. <https://nm-k8s.readthedocs.io>`_

-.. :raw-html:`<br />`
-
-.. .. raw:: html
-..   :file: youtube-1.html
-
 About
 --------

+High-level information about what Netmaker is and how it works.
+
 .. toctree::
   :maxdepth: 2

   about
   
-A quick overview of Netmaker, explaining what it is, how it works, and why you should be using it.
+   architecture

-Architecture
---------------
+Getting Started
+------------------------------------

-A technical overview of Netmaker, including design decisions and limitations.
+How to install Netmaker and set up your first network.

 .. toctree::
   :maxdepth: 2

-   architecture
-
-Install
------------------------------------
-
-Choose the right install method for you.
-
-.. toctree::
-   :maxdepth: 1
-
   install

-Quick Start
---------------
-
-A quick start guide to getting up and running with Netmaker and WireGuard as quickly as possible.
-
-.. toctree::
-   :maxdepth: 2
-
   quick-start

-.. toctree::
-   :maxdepth: 2
-
   getting-started

-Server Installation
--------------------
+Ingress, Egress, and Relays
+------------------------------
+
+How to give machines outside of the Netmaker network access to network resources via an Ingress Gateway:
+
+.. toctree::
+   :maxdepth: 2
+   
+   external-clients
+
+How to give machines inside the Netmaker network access to external network resources via an Egress Gateway:
+
+
+.. toctree::
+   :maxdepth: 2
+   
+   egress-gateway
+
+How to make machines inside the network reachable if they are blocked by NAT/Firewall:
+
+.. toctree::
+   :maxdepth: 2
+   
+   relay-server
+
+Kubernetes Documentation
+---------------------------
+
+.. toctree::
+
+   Kubernetes <https://nm-k8s.readthedocs.io>
+   
+`Netmaker Kubernetes Documentation <https://nm-k8s.readthedocs.io>`_
+
+
+Advanced Server Installation
+-------------------------------

 A detailed guide to installing the Netmaker server (API, DB, UI, DNS), and configuration options.

@@ -85,6 +96,17 @@ A detailed guide to installing the Netmaker server (API, DB, UI, DNS), and confi
   
   server-installation

+Advanced Client Installation
+--------------------------------
+
+A detailed guide to installing the Netmaker agent (netclient) on devices and configuration options.
+
+.. toctree::
+   :maxdepth: 2
+   
+   client-installation
+
+
 Oauth Configuration
 --------------------

@@ -96,43 +118,7 @@ A simple guide to configuring OAuth for Netmaker.
   oauth


-Client Installation
--------------------
-
-A detailed guide to installing the Netmaker agent (netclient) on devices and configuration options.
-
-.. toctree::
-   :maxdepth: 2
-   
-   client-installation
-
-Ingress, Egress, and Relays
------------------------------
-
-**Ingress:** A guide on how to give machines outside of the Netmaker network access to network resources via an Ingress Gateway.
-
-.. toctree::
-   :maxdepth: 1
-   
-   external-clients
-
-**Egress:** A guide on how to give machines inside the Netmaker network access to external network resources via an Egress Gateway.
-
-
-.. toctree::
-   :maxdepth: 1
-   
-   egress-gateway
-
-**Relay:** A guide on how to make machines inside the network reachable if they are blocked by NAT/Firewall.
-
-.. toctree::
-   :maxdepth: 1
-   
-   relay-server
-
-
-Guides
+External Guides
 ----------------

 A handful of guides for use cases including site-to-site, Kubernetes, private DNS, and more.
@@ -157,8 +143,6 @@ API Reference

 A reference document for the Netmaker Server API, and example API calls for various use cases.

-**Coming Soon:** Swagger Documentation
-
 .. toctree::
   :maxdepth: 1

--- a/docs/_build/html/_sources/relay-server.rst.txt
+++ b/docs/_build/html/_sources/relay-server.rst.txt
@@ -5,68 +5,32 @@ Relay Servers
 Introduction
 ===============

-Netmaker allows for "external clients" to reach into a network and access services via an Ingress Gateway. So what is an "external client"? An external client is any machine which cannot or should not be meshed. This can include:
-        - Phones
-        - Laptops
-        - Desktops
+.. image:: images/relay1.png
+   :width: 80%
+   :alt: Relay
+   :align: center

-An external client is not "managed," meaning it does not automatically pull the latest network configuration, or push changes to its configuration. Instead, it uses a generated WireGuard config file to access the designated **Ingress Gateway**, which **is** a managed server (running netclient). This server then forwards traffic to the appropriate endpoint, acting as a middle-man/relay.
+Sometimes nodes are in hard-to-reach places. Typically this will be due to a CGNAT, Double NAT, or restrictive firewall. In such scenarios, a direct peer-to-peer connection with all other nodes might be impossible.

-By using this method, you can hook any machine into a netmaker network that can run WireGuard.
+For this reason, Netmaker has a Relay Server functionality. At any time you may designate a publicly reachable node (such as the Netmaker Server) as a Relay, and tell it which machines it should relay. Then, all traffic routing to and from that machine will go through the relay. This allows you to circumvent the above issues and ensure connectivity when direct measures do not work.

-It is recommended to run the netclient where compatible, but for all other cases, a machine can be configured as an external client.
-
-Important to note, an external client is not **reachable** by the network, meaning the client can establish connections to other machines, but those machines cannot independently establish a connection back. The External Client method should only be used in use cases where one wishes to access resource running on the virtual network, and **not** for use cases where one wishes to make a resource accessible on the network. For that, use netclient.
-
-Configuring an Ingress Gateway
+Configuring a Relay
 ==================================

-External Clients must attach to an Ingress Gateway. By default, your network will not have an ingress gateway. To configure an ingress gateway, you can use any node in your network, but it should have a public IP address (not behind a NAT). Your Netmaker server can be an ingress gateway and makes for a good default choice if you are unsure of which node to select.
+To create a relay, you can use any node in your network, but it should have a public IP address (not behind a NAT). Your Netmaker server can be a relay server and makes for a good default choice if you are unsure of which node to select.

-.. image:: images/exclient1.png
+Simply click the relay button in the nodes list. Then, specify the nodes which it should relay. You can either enter the IP's directly, select from a list, or click "Select All."
+
+.. image:: images/ui-7.jpg
   :width: 80%
-   :alt: Gateway
+   :alt: Relay
   :align: center

-Adding Clients to a Gateway
-=============================
+If you choose "select all" this essentially turns your network into a hub-and-spoke network. All traffic now routes over the relay node. This can create a bottleneck and slow down your network, but in some scenarios may simplify network operations.

-Once you have configured a node as a gateway, you can then add clients to that gateway. Clients will be able to access other nodes in the network just as the gateway node does.
+After creation, you can change the list of relayed nodes by clicking "edit node" and editing the list (Field #12 below).

-.. image:: images/exclient2.png
-   :width: 80%
-   :alt: Gateway
+.. image:: images/ui-5.jpg
+   :width: 40%
+   :alt: Relay
   :align: center
-
-After creating a client, you can edit the name to something more logical.
-
-.. image:: images/exclient3.png
-   :width: 80%
-   :alt: Gateway
-   :align: center
-
-Then, you can either download the configuration file directly, or scan the QR code from your phone (assuming you have the WireGuard app installed). It will accept the configuration just as it would accept a typical WireGuard configuration file.
-
-.. image:: images/exclient4.png
-   :width: 80%
-   :alt: Gateway
-   :align: center
-
-Example config file: 
-
-.. literalinclude:: ./examplecode/myclient.conf
-
-Your client should now be able to access the network! A client can be invalidated at any time by simply deleting it from the UI.
-
-Configuring DNS for Ext Clients (OPTIONAL)
-============================================
-
-If you wish to have a DNS field on your ext clients conf, simply edit the network field as shown below to 1.1.1.1 or 8.8.8.8 for example.
-If you do not want DNS on your ext client conf files, simply leave it blank.
-
-.. image:: images/extclient5.png
-   :width: 80%
-   :alt: Gateway
-   :align: center
-
-Important to note, your client automatically adds egress gateway ranges (if any on the same network) to it's allowed IPs.
--- a/docs/_build/html/_sources/support.rst.txt
+++ b/docs/_build/html/_sources/support.rst.txt
@@ -5,25 +5,10 @@ Support
 FAQ
 ======

-Does/Will Netmaker Support X Operating System?
--------------------------------------------------
-
-Netmaker is initially available on a limited number of operating systems for good reason: Every operating system is designed differently. With a small team, we can either focus on making Netmaker do a lot on a few number of operating systems, or a little on a bunch of operating systems. We chose the first option. You can view the System Compatibility docs for more info, but in general, you should only be using Netmaker on systemd linux right now.
-
-However, via "external clients", any device that supports WireGuard can be added to the network. 
-
-In future iterations will expand the operating system support for Netclient, and devices that must use the "external client" feature can switch to Netclient.
-
-How do I install the Netclient on X?
---------------------------------------
-
-As per the above, there are many unsupported operating systems. You are still welcome to try, it is just an executable binary file after all. If the system is unix-based and has kernel WireGuard installed, netclient may very well mesh the device into the network. However, the service likely will encounter problems retrieving updates.
-
-
 Is Netmaker a VPN like NordNPN?
 --------------------------------

-No. Netmaker makes Virtual Networks, which are technically VPNs, but different. It's more like a corporate VPN, or a VPC (if you're familiar with AWS).
+No. Netmaker makes Virtual Networks, which are technically VPNs, but different. It's more like a corporate VPN, or a VPC (if you're familiar with AWS). Netmaker is often compared to OpenVPN, Tailscale, or Nebula.

 If you're looking to achieve self-hosted web browsing, with functionality similar to NordVPN, ExpressVPN, Surfshark, Tunnelbear, or Private Internet Access, this is probably not the project for you. Technically, you can accomplish this with Netmaker, but it would be a little like using a all-terrain vehicle for stock car racing.

@@ -34,23 +19,25 @@ https://github.com/pivpn/pivpn
 https://github.com/subspacecloud/subspace
 https://github.com/mullvad/mullvadvpn-app

-Do you offer any enterprise support?
--------------------------------------
+Do you have an 'Exit Nodes' feature?
+---------------------------------------

-If you are interested in enterprise support for your project, please contact info@gravitl.com.
+Please see the :doc:`Egress Gateway <./egress-gateway>` documentation.
+
+Do you offer any business or enterprise support?
+---------------------------------------------------
+
+Yes, please contact info@gravitl.com or visit https://gravitl.com/plans.


 Why the SSPL License?
 ----------------------

-We thought long and hard about the license. Ultimately, we think this is the best way to support and ensure the health of the project long term. The community deserves something that is well-maintained, and in order to do that, eventually we need some financial support. We won't do that by limiting the project, but we will offer some additional support, and hosted options for things people would end up paying for anyway (relay servers, load balancing support, backups). 
+As of now, we think the SSPL is the best way to ensure the long-term viability of the project, but we are regularly evaluating this to see if an OSI-approved license makes more sense.

-While SSPL is not an OSI-approved open source license, it let's people generally run the project however they want, both for private use and business use, without running into the issue of someone else monetizing the project and making it financially untenable. We are working on making the guidelines clear, and will make sure that the license does not impact the communities ability to use and modify the project.
-
-If you have concerns about the license leading to project restrictions down the road, just know that there are other paid, closed-source/closed-core options out there, so beyond not wanting to follow that path, we also don't think it's a good idea economically either. We firmly believe that having the project open is not only right, but the best option.
-
-All that said, we will re-evaluate the license on a regular basis and determine if an OSI-approved license makes more sense. It's just easier to move from SSPL to another license than vice-versa.
+We believe the SSPL lets most people run the project the way they want, for both for private use and business use, while giving us a path to maintain viability. We are working to make sure the guidelines clear, and do not want the license to impact the community's ability to use and modify the project.

+If you believe the SSPL will negatively impact your ability to use the project, please do not hesitate to reach out.

 Contact
 ===========
--- a/docs/_build/html/_sources/upgrades.rst.txt
+++ b/docs/_build/html/_sources/upgrades.rst.txt
@@ -5,68 +5,36 @@ Upgrades
 Introduction
 ===============

-Netmaker allows for "external clients" to reach into a network and access services via an Ingress Gateway. So what is an "external client"? An external client is any machine which cannot or should not be meshed. This can include:
-        - Phones
-        - Laptops
-        - Desktops
+As of 0.9.4, upgrading Netmaker is a manual process. This is expected to be automated in the future, but for now is still a relatively straightforward process. 

-An external client is not "managed," meaning it does not automatically pull the latest network configuration, or push changes to its configuration. Instead, it uses a generated WireGuard config file to access the designated **Ingress Gateway**, which **is** a managed server (running netclient). This server then forwards traffic to the appropriate endpoint, acting as a middle-man/relay.
-
-By using this method, you can hook any machine into a netmaker network that can run WireGuard.
-
-It is recommended to run the netclient where compatible, but for all other cases, a machine can be configured as an external client.
-
-Important to note, an external client is not **reachable** by the network, meaning the client can establish connections to other machines, but those machines cannot independently establish a connection back. The External Client method should only be used in use cases where one wishes to access resource running on the virtual network, and **not** for use cases where one wishes to make a resource accessible on the network. For that, use netclient.
-
-Configuring an Ingress Gateway
+Upgrade the Server (netmaker)
 ==================================

-External Clients must attach to an Ingress Gateway. By default, your network will not have an ingress gateway. To configure an ingress gateway, you can use any node in your network, but it should have a public IP address (not behind a NAT). Your Netmaker server can be an ingress gateway and makes for a good default choice if you are unsure of which node to select.
+To upgrade the server, you only need to change the docker image versions:

-.. image:: images/exclient1.png
-   :width: 80%
-   :alt: Gateway
-   :align: center
+1. `ssh root@my-server-ip`
+2. `docker compose down`
+3. `vi docker-compose.yml`
+4. Change gravitl/netmaker:<version> and gravitl/netmaker-ui:<version> to the new version.
+5. Save and close the file
+6. `docker-compose up -d`

-Adding Clients to a Gateway
-=============================
+Upgrade the Clients (netclient)
+==================================

-Once you have configured a node as a gateway, you can then add clients to that gateway. Clients will be able to access other nodes in the network just as the gateway node does.
+To upgrade the client, you must get the new client binary and place it in /etc/netclient. Depending on the new vs. old version, there may be minor incompatibilities (discussed below).

-.. image:: images/exclient2.png
-   :width: 80%
-   :alt: Gateway
-   :align: center
+1. Vists https://github.com/gravitl/netmaker/releases/
+2. Find the appropriate binary for your machine.
+3. Download. E.x.: `wget https://github.com/gravitl/netmaker/releases/download/vX.X.X/netclient-myversion`
+4. Rename binary to `netclient` and move to folder. E.x.: `mv netclient-myversion /etc/netclient/netclient`
+5. `netclient --version` (confirm it's the correct version)
+6. `netclient pull`

-After creating a client, you can edit the name to something more logical.
+This last step helps ensure any newly added fields are now present. You may run into a "panic" based on missing fields and your version mismatch. In such cases, you can either:

-.. image:: images/exclient3.png
-   :width: 80%
-   :alt: Gateway
-   :align: center
+1. Add the missing field to /etc/netclient/config/netconfig-yournetwork and then run "netclient checkin"

-Then, you can either download the configuration file directly, or scan the QR code from your phone (assuming you have the WireGuard app installed). It will accept the configuration just as it would accept a typical WireGuard configuration file.
+or

-.. image:: images/exclient4.png
-   :width: 80%
-   :alt: Gateway
-   :align: center
-
-Example config file: 
-
-.. literalinclude:: ./examplecode/myclient.conf
-
-Your client should now be able to access the network! A client can be invalidated at any time by simply deleting it from the UI.
-
-Configuring DNS for Ext Clients (OPTIONAL)
-============================================
-
-If you wish to have a DNS field on your ext clients conf, simply edit the network field as shown below to 1.1.1.1 or 8.8.8.8 for example.
-If you do not want DNS on your ext client conf files, simply leave it blank.
-
-.. image:: images/extclient5.png
-   :width: 80%
-   :alt: Gateway
-   :align: center
-
-Important to note, your client automatically adds egress gateway ranges (if any on the same network) to it's allowed IPs.
+2. Leave and rejoin the network
--- a/docs/_build/html/_sources/usage.rst.txt
+++ b/docs/_build/html/_sources/usage.rst.txt
@@ -1,16 +1,12 @@
-==============
-Using Netmaker
-==============
+=================
+External Guides
+=================

-Netmaker has many different use cases, from a basic virtual network to an office gateway VPN to a Kubernetes underlay. It can be a bit overwhelming to figure out where to start. If you don't find your use case here, but think Netmaker is a good fit, let us know!
-
-External Tutorials
-==================
-
-Members of the community have created helpful tutorials for getting started with Netmaker. Below are some selected tutorials on different topics.
+Netmaker has many use cases, from a basic virtual network to an office gateway VPN to a Kubernetes underlay. It can be a bit overwhelming to figure out where to start. If you don't find your use case here, but think Netmaker is a good fit, let us know!

 Video Tutorials
---------------
+==================
+
 * `Intro/Overview <https://youtu.be/PWLPT320Ybo>`_: Tutorial on first-time usage, setting up a mesh network.
 * `Site-to-Site Gateway <https://youtu.be/krCKBJhwwDk>`_: Tutorial on setting up site-to-site connections, allowing peers to access external networks via gateways.
 * `IPv6 and Private DNS <https://youtu.be/b4diaKWUcXI>`_: Tutorial on dual-stack IPv6 in Netmaker and Private DNS management (separate topics).
@@ -18,7 +14,8 @@ Video Tutorials


 Written Tutorials
-----------------
+==================
+
 * `K3s Cross-cloud cluster <https://itnext.io/how-to-deploy-a-single-kubernetes-cluster-across-multiple-clouds-using-k3s-and-wireguard-a5ae176a6e81>`_: Tutorial on setting up cross-cloud K3s clusters using Netmaker.
 * `MicroK8s Cross-cloud cluster <https://itnext.io/how-to-deploy-a-cross-cloud-kubernetes-cluster-with-built-in-disaster-recovery-bbce27fcc9d7>`_: Tutorial on setting up cross-cloud MicroK8s clusters using Netmaker.
 * `Secure access to private services <https://afeiszli.medium.com/how-to-enable-secure-access-to-your-hosted-services-using-netmaker-and-wireguard-1b3282d4b7aa>`_: Tutorial on setting up secure Nextcloud with Netmaker.
--- a/docs/_build/html/client-installation.html
+++ b/docs/_build/html/client-installation.html
@@ -46,7 +46,7 @@
  
  
  
-    <title>Client Installation &#8212; Netmaker 0.9.4 documentation</title>
+    <title>Advanced Client Installation &#8212; Netmaker 0.9.4 documentation</title>
    <link rel="stylesheet" type="text/css" href="_static/pygments.css" />
    <link rel="stylesheet" type="text/css" href="_static/material.css" />
    <script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>
@@ -56,8 +56,8 @@
    <link rel="author" title="About these documents" href="about.html" />
    <link rel="index" title="Index" href="genindex.html" />
    <link rel="search" title="Search" href="search.html" />
-    <link rel="next" title="Ingress GW + External Clients" href="external-clients.html" />
-    <link rel="prev" title="Integrating OAuth" href="oauth.html" />
+    <link rel="next" title="Integrating OAuth" href="oauth.html" />
+    <link rel="prev" title="Advanced Server Installation" href="server-installation.html" />
  
   

@@ -94,7 +94,7 @@
      <div class="md-flex__cell md-flex__cell--stretch">
        <div class="md-flex__ellipsis md-header-nav__title" data-md-component="title">
          <span class="md-header-nav__topic">Netmaker Docs</span>
-          <span class="md-header-nav__topic"> Client Installation </span>
+          <span class="md-header-nav__topic"> Advanced Client Installation </span>
        </div>
      </div>
      <div class="md-flex__cell md-flex__cell--shrink">
@@ -209,7 +209,7 @@
    <li class="md-nav__item">
    
    
-      <a href="about.html" class="md-nav__link">1. About</a>
+      <a href="about.html" class="md-nav__link">About</a>
      
    
    </li>
@@ -240,6 +240,34 @@
      <a href="getting-started.html" class="md-nav__link">Getting Started</a>
      
    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="external-clients.html" class="md-nav__link">Ingress + External Clients</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="egress-gateway.html" class="md-nav__link">Egress Gateway</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="relay-server.html" class="md-nav__link">Relay Servers</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="https://nm-k8s.readthedocs.io" class="md-nav__link">Kubernetes</a>
+      
+    
    </li>
    <li class="md-nav__item">
    
@@ -247,27 +275,20 @@
      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
      
    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
-      
-    
    </li>
    <li class="md-nav__item">
    
    
    <input class="md-toggle md-nav__toggle" data-md-toggle="toc" type="checkbox" id="__toc">
-    <label class="md-nav__link md-nav__link--active" for="__toc"> Client Installation </label>
+    <label class="md-nav__link md-nav__link--active" for="__toc"> Advanced Client Installation </label>
    
-      <a href="#" class="md-nav__link md-nav__link--active">Client Installation</a>
+      <a href="#" class="md-nav__link md-nav__link--active">Advanced Client Installation</a>
      
        
 <nav class="md-nav md-nav--secondary">
    <label class="md-nav__title" for="__toc">Contents</label>
  <ul class="md-nav__list" data-md-scrollfix="">
-        <li class="md-nav__item"><a href="#client-installation--page-root" class="md-nav__link">Client Installation</a><nav class="md-nav">
+        <li class="md-nav__item"><a href="#client-installation--page-root" class="md-nav__link">Advanced Client Installation</a><nav class="md-nav">
              <ul class="md-nav__list">
        <li class="md-nav__item"><a href="#introduction-to-netclient" class="md-nav__link">Introduction to Netclient</a>
        </li>
@@ -366,28 +387,14 @@
    <li class="md-nav__item">
    
    
-      <a href="external-clients.html" class="md-nav__link">Ingress GW + External Clients</a>
+      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
      
    
    </li>
    <li class="md-nav__item">
    
    
-      <a href="egress-gateway.html" class="md-nav__link">Egress Gateway</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="relay-server.html" class="md-nav__link">Relay Servers</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="usage.html" class="md-nav__link">Using Netmaker</a>
+      <a href="usage.html" class="md-nav__link">External Guides</a>
      
    
    </li>
@@ -454,7 +461,7 @@
 <nav class="md-nav md-nav--secondary">
    <label class="md-nav__title" for="__toc">Contents</label>
  <ul class="md-nav__list" data-md-scrollfix="">
-        <li class="md-nav__item"><a href="#client-installation--page-root" class="md-nav__link">Client Installation</a><nav class="md-nav">
+        <li class="md-nav__item"><a href="#client-installation--page-root" class="md-nav__link">Advanced Client Installation</a><nav class="md-nav">
              <ul class="md-nav__list">
        <li class="md-nav__item"><a href="#introduction-to-netclient" class="md-nav__link">Introduction to Netclient</a>
        </li>
@@ -506,7 +513,7 @@
          <article class="md-content__inner md-typeset" role="main">
            
  
-<h1 id="client-installation--page-root">Client Installation<a class="headerlink" href="#client-installation--page-root" title="Permalink to this headline">¶</a></h1>
+<h1 id="client-installation--page-root">Advanced Client Installation<a class="headerlink" href="#client-installation--page-root" title="Permalink to this headline">¶</a></h1>
 <p>This document tells you how to install the netclient on machines that will be a part of your Netmaker network, as well as non-compatible systems.</p>
 <p>These steps should be run after the Netmaker server has been created and a network has been designated within Netmaker.</p>

@@ -715,7 +722,7 @@ If a key is provided (-k), then a token is unnecessary, but grpc, server, ports,
    <div class="md-footer-nav">
      <nav class="md-footer-nav__inner md-grid">
          
-            <a href="oauth.html" title="Integrating OAuth"
+            <a href="server-installation.html" title="Advanced Server Installation"
               class="md-flex md-footer-nav__link md-footer-nav__link--prev"
               rel="prev">
              <div class="md-flex__cell md-flex__cell--shrink">
@@ -724,17 +731,17 @@ If a key is provided (-k), then a token is unnecessary, but grpc, server, ports,
              <div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
                <span class="md-flex__ellipsis">
                  <span
-                      class="md-footer-nav__direction"> Previous </span> Integrating OAuth </span>
+                      class="md-footer-nav__direction"> Previous </span> Advanced Server Installation </span>
              </div>
            </a>
          
          
-            <a href="external-clients.html" title="Ingress GW + External Clients"
+            <a href="oauth.html" title="Integrating OAuth"
               class="md-flex md-footer-nav__link md-footer-nav__link--next"
               rel="next">
            <div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title"><span
                class="md-flex__ellipsis"> <span
-                class="md-footer-nav__direction"> Next </span> Ingress GW + External Clients </span>
+                class="md-footer-nav__direction"> Next </span> Integrating OAuth </span>
            </div>
            <div class="md-flex__cell md-flex__cell--shrink"><i
                class="md-icon md-icon--arrow-forward md-footer-nav__button"></i>
--- a/docs/_build/html/egress-gateway.html
+++ b/docs/_build/html/egress-gateway.html
@@ -57,7 +57,7 @@
    <link rel="index" title="Index" href="genindex.html" />
    <link rel="search" title="Search" href="search.html" />
    <link rel="next" title="Relay Servers" href="relay-server.html" />
-    <link rel="prev" title="Ingress GW + External Clients" href="external-clients.html" />
+    <link rel="prev" title="Ingress + External Clients" href="external-clients.html" />
  
   

@@ -209,7 +209,7 @@
    <li class="md-nav__item">
    
    
-      <a href="about.html" class="md-nav__link">1. About</a>
+      <a href="about.html" class="md-nav__link">About</a>
      
    
    </li>
@@ -244,28 +244,7 @@
    <li class="md-nav__item">
    
    
-      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="client-installation.html" class="md-nav__link">Client Installation</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="external-clients.html" class="md-nav__link">Ingress GW + External Clients</a>
+      <a href="external-clients.html" class="md-nav__link">Ingress + External Clients</a>
      
    
    </li>
@@ -285,11 +264,15 @@
              <ul class="md-nav__list">
        <li class="md-nav__item"><a href="#introduction" class="md-nav__link">Introduction</a>
        </li>
-        <li class="md-nav__item"><a href="#configuring-an-ingress-gateway" class="md-nav__link">Configuring an Ingress Gateway</a>
+        <li class="md-nav__item"><a href="#configuring-an-egress-gateway" class="md-nav__link">Configuring an Egress Gateway</a>
        </li>
-        <li class="md-nav__item"><a href="#adding-clients-to-a-gateway" class="md-nav__link">Adding Clients to a Gateway</a>
+        <li class="md-nav__item"><a href="#use-cases" class="md-nav__link">Use Cases</a><nav class="md-nav">
+              <ul class="md-nav__list">
+        <li class="md-nav__item"><a href="#remote-access" class="md-nav__link">1) Remote Access</a>
        </li>
-        <li class="md-nav__item"><a href="#configuring-dns-for-ext-clients-optional" class="md-nav__link">Configuring DNS for Ext Clients (OPTIONAL)</a>
+        <li class="md-nav__item"><a href="#vpn-nat-gateway" class="md-nav__link">2) VPN / NAT Gateway</a>
+        </li></ul>
+            </nav>
        </li></ul>
            </nav>
        </li>
@@ -306,21 +289,14 @@
    <li class="md-nav__item">
    
    
-      <a href="#configuring-an-ingress-gateway" class="md-nav__link">Configuring an Ingress Gateway</a>
+      <a href="#configuring-an-egress-gateway" class="md-nav__link">Configuring an Egress Gateway</a>
      
    
    </li>
    <li class="md-nav__item">
    
    
-      <a href="#adding-clients-to-a-gateway" class="md-nav__link">Adding Clients to a Gateway</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="#configuring-dns-for-ext-clients-optional" class="md-nav__link">Configuring DNS for Ext Clients (OPTIONAL)</a>
+      <a href="#use-cases" class="md-nav__link">Use Cases</a>
      
    
    </li></ul>
@@ -336,7 +312,35 @@
    <li class="md-nav__item">
    
    
-      <a href="usage.html" class="md-nav__link">Using Netmaker</a>
+      <a href="https://nm-k8s.readthedocs.io" class="md-nav__link">Kubernetes</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="client-installation.html" class="md-nav__link">Advanced Client Installation</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="usage.html" class="md-nav__link">External Guides</a>
      
    
    </li>
@@ -407,11 +411,15 @@
              <ul class="md-nav__list">
        <li class="md-nav__item"><a href="#introduction" class="md-nav__link">Introduction</a>
        </li>
-        <li class="md-nav__item"><a href="#configuring-an-ingress-gateway" class="md-nav__link">Configuring an Ingress Gateway</a>
+        <li class="md-nav__item"><a href="#configuring-an-egress-gateway" class="md-nav__link">Configuring an Egress Gateway</a>
        </li>
-        <li class="md-nav__item"><a href="#adding-clients-to-a-gateway" class="md-nav__link">Adding Clients to a Gateway</a>
+        <li class="md-nav__item"><a href="#use-cases" class="md-nav__link">Use Cases</a><nav class="md-nav">
+              <ul class="md-nav__list">
+        <li class="md-nav__item"><a href="#remote-access" class="md-nav__link">1) Remote Access</a>
        </li>
-        <li class="md-nav__item"><a href="#configuring-dns-for-ext-clients-optional" class="md-nav__link">Configuring DNS for Ext Clients (OPTIONAL)</a>
+        <li class="md-nav__item"><a href="#vpn-nat-gateway" class="md-nav__link">2) VPN / NAT Gateway</a>
+        </li></ul>
+            </nav>
        </li></ul>
            </nav>
        </li>
@@ -428,53 +436,54 @@
 <h1 id="egress-gateway--page-root">Egress Gateway<a class="headerlink" href="#egress-gateway--page-root" title="Permalink to this headline">¶</a></h1>

 <h2 id="introduction">Introduction<a class="headerlink" href="#introduction" title="Permalink to this headline">¶</a></h2>
-<dl class="simple">
-<dt>Netmaker allows for “external clients” to reach into a network and access services via an Ingress Gateway. So what is an “external client”? An external client is any machine which cannot or should not be meshed. This can include:</dt><dd><ul class="simple">
-<li><p>Phones</p></li>
-<li><p>Laptops</p></li>
-<li><p>Desktops</p></li>
+<a class="reference internal image-reference" href="_images/egress1.png"><img alt="Gateway" class="align-center" src="_images/egress1.png" style="width: 80%;"/></a>
+<p>Netmaker allows your clients to reach external networks via an Egress Gateway. The Egress Gateway is a netclient which has been deployed to a server or router with access to a given subnet.</p>
+<p>In the netmaker UI, that node is set as an “egress gateway.” Range(s) are specified which this node has access to. Once created, all clients (and all new ext clients) in the network will be able to reach those ranges via the gateway.</p>
+
+
+<h2 id="configuring-an-egress-gateway">Configuring an Egress Gateway<a class="headerlink" href="#configuring-an-egress-gateway" title="Permalink to this headline">¶</a></h2>
+<p>Configuring an Egress Gateway is very straight forward. As a prerequisite, you must know what you are trying to access remotely. For instance:</p>
+<ul class="simple">
+<li><p>a VPC</p></li>
+<li><p>a Kubernetes network</p></li>
+<li><p>a home network</p></li>
+<li><p>an office network</p></li>
+<li><p>a data center</p></li>
 </ul>
-</dd>
-</dl>
-<p>An external client is not “managed,” meaning it does not automatically pull the latest network configuration, or push changes to its configuration. Instead, it uses a generated WireGuard config file to access the designated <strong>Ingress Gateway</strong>, which <strong>is</strong> a managed server (running netclient). This server then forwards traffic to the appropriate endpoint, acting as a middle-man/relay.</p>
-<p>By using this method, you can hook any machine into a netmaker network that can run WireGuard.</p>
-<p>It is recommended to run the netclient where compatible, but for all other cases, a machine can be configured as an external client.</p>
-<p>Important to note, an external client is not <strong>reachable</strong> by the network, meaning the client can establish connections to other machines, but those machines cannot independently establish a connection back. The External Client method should only be used in use cases where one wishes to access resource running on the virtual network, and <strong>not</strong> for use cases where one wishes to make a resource accessible on the network. For that, use netclient.</p>
-
-
-<h2 id="configuring-an-ingress-gateway">Configuring an Ingress Gateway<a class="headerlink" href="#configuring-an-ingress-gateway" title="Permalink to this headline">¶</a></h2>
-<p>External Clients must attach to an Ingress Gateway. By default, your network will not have an ingress gateway. To configure an ingress gateway, you can use any node in your network, but it should have a public IP address (not behind a NAT). Your Netmaker server can be an ingress gateway and makes for a good default choice if you are unsure of which node to select.</p>
-<a class="reference internal image-reference" href="_images/exclient1.png"><img alt="Gateway" class="align-center" src="_images/exclient1.png" style="width: 80%;"/></a>
-
-
-<h2 id="adding-clients-to-a-gateway">Adding Clients to a Gateway<a class="headerlink" href="#adding-clients-to-a-gateway" title="Permalink to this headline">¶</a></h2>
-<p>Once you have configured a node as a gateway, you can then add clients to that gateway. Clients will be able to access other nodes in the network just as the gateway node does.</p>
-<a class="reference internal image-reference" href="_images/exclient2.png"><img alt="Gateway" class="align-center" src="_images/exclient2.png" style="width: 80%;"/></a>
-<p>After creating a client, you can edit the name to something more logical.</p>
-<a class="reference internal image-reference" href="_images/exclient3.png"><img alt="Gateway" class="align-center" src="_images/exclient3.png" style="width: 80%;"/></a>
-<p>Then, you can either download the configuration file directly, or scan the QR code from your phone (assuming you have the WireGuard app installed). It will accept the configuration just as it would accept a typical WireGuard configuration file.</p>
-<a class="reference internal image-reference" href="_images/exclient4.png"><img alt="Gateway" class="align-center" src="_images/exclient4.png" style="width: 80%;"/></a>
-<p>Example config file:</p>
-<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="p">[</span><span class="n">Interface</span><span class="p">]</span>
-<span class="n">Address</span> <span class="o">=</span> <span class="mf">10.7</span><span class="o">.</span><span class="mf">11.5</span><span class="o">/</span><span class="mi">32</span>
-<span class="n">PrivateKey</span> <span class="o">=</span> <span class="n">EJf6Yy51M</span><span class="o">/</span><span class="n">YDaZgedRpuxMmrqul35WfjmHvRZR1rQ0U</span><span class="o">=</span>
-
-<span class="p">[</span><span class="n">Peer</span><span class="p">]</span>
-<span class="n">PublicKey</span> <span class="o">=</span> <span class="n">m</span><span class="o">/</span><span class="n">RPuMVsbpgQ</span><span class="o">+</span><span class="n">RkxlgK2mG</span><span class="o">+</span><span class="n">dDFlzqn</span><span class="o">+</span><span class="n">ua2zJt8Wn7GA</span><span class="o">=</span>
-<span class="n">AllowedIPs</span> <span class="o">=</span> <span class="mf">10.7</span><span class="o">.</span><span class="mf">11.0</span><span class="o">/</span><span class="mi">24</span>
-<span class="n">Endpoint</span> <span class="o">=</span> <span class="mf">3.236</span><span class="o">.</span><span class="mf">60.247</span><span class="p">:</span><span class="mi">51822</span>
-<span class="n">PersistentKeepalive</span> <span class="o">=</span> <span class="mi">20</span>
-
+<p>After you have determined this, you must next deploy a netclient in a compatible location where the network is accessible. For instance, a Linux server or router in the office, or a Kubernetes worker node. This machine should be stable and relatively static (not expected to change its IP frequently or shut down unexpectedly).</p>
+<p>Next, you must determine which interface to use in order to reach the internal network. As an example, lets say there is a machine in the network at 10.10.10.2, and you have deployed the netclient on a different machine. You can run</p>
+<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">ip</span> <span class="n">route</span> <span class="n">get</span> <span class="mf">10.10</span><span class="o">.</span><span class="mf">10.2</span>
 </pre></div>
 </div>
-<p>Your client should now be able to access the network! A client can be invalidated at any time by simply deleting it from the UI.</p>
+<p>This should return the interface used to reach that address (e.x. “eth2”)</p>
+<p>Finally, once you have determined the interface, the subnet, and deployed your netclient, you can go to your Netmaker UI and set the node as a gateway.</p>
+<a class="reference internal image-reference" href="_images/egress7.png"><img alt="Gateway" class="align-center" src="_images/egress7.png" style="width: 80%;"/></a>
+<p>At this point simply insert the range(s) into the first field, and the interface name into the second field, and click “create”.</p>
+<a class="reference internal image-reference" href="_images/ui-6.jpg"><img alt="Gateway" class="align-center" src="_images/ui-6.jpg" style="width: 80%;"/></a>
+<p>Netmaker will set iptables rules on the node, which will then implement these rules, allowing it to route traffic from the network to the specified range(s).</p>


-<h2 id="configuring-dns-for-ext-clients-optional">Configuring DNS for Ext Clients (OPTIONAL)<a class="headerlink" href="#configuring-dns-for-ext-clients-optional" title="Permalink to this headline">¶</a></h2>
-<p>If you wish to have a DNS field on your ext clients conf, simply edit the network field as shown below to 1.1.1.1 or 8.8.8.8 for example.
-If you do not want DNS on your ext client conf files, simply leave it blank.</p>
-<a class="reference internal image-reference" href="_images/extclient5.png"><img alt="Gateway" class="align-center" src="_images/extclient5.png" style="width: 80%;"/></a>
-<p>Important to note, your client automatically adds egress gateway ranges (if any on the same network) to it’s allowed IPs.</p>
+<h2 id="use-cases">Use Cases<a class="headerlink" href="#use-cases" title="Permalink to this headline">¶</a></h2>
+
+<h3 id="remote-access">1) Remote Access<a class="headerlink" href="#remote-access" title="Permalink to this headline">¶</a></h3>
+<p>A common scenario would be to combine this with an “Ingress Gateway” to create a simple method for accessing a home or office network. Such a setup would typically have only two nodes: the ingress and egress gateways. The Ingress Gateway should usually be globally accessible, which makes the Netmaker server itself a good candidate. This means you need only the netmaker server as the Ingress, and one additional machine (in the private network you wish to reach), as the Egress.</p>
+<a class="reference internal image-reference" href="_images/egress2.png"><img alt="Gateway" class="align-center" src="_images/egress2.png" style="width: 80%;"/></a>
+<p>In some scenarios, a single node will act as both ingress and egress! For instance, you can enable acess to a VPC using your Netmaker server, deployed with a public IP. Traffic comes in over the public IP (encrypted of course) and then routes to the VPC subnet via the egress gateway.</p>
+<a class="reference internal image-reference" href="_images/egress3.png"><img alt="Gateway" class="align-center" src="_images/egress3.png" style="width: 50%;"/></a>
+
+
+<h3 id="vpn-nat-gateway">2) VPN / NAT Gateway<a class="headerlink" href="#vpn-nat-gateway" title="Permalink to this headline">¶</a></h3>
+<p>Most people think of a VPN as a remote server that keeps your internet traffic secure while you browse the web, or as a tool for accessing internet services in another country,using a VPN server based in that country.</p>
+<p>These are not typical use cases for Netmaker, but can be easily enabled.</p>
+<p><strong>The most important note is this: Do not use 0.0.0.0/0 as your egress gateway.</strong> This is how you typically set up a “standard” VPN with WireGuard, however, it will not work with Netmaker. The Netclient specifically ignores gateways that overlap with local ranges (for efficiency ranges). 0.0.0.0 overlaps with everything, so it is always ignored.</p>
+<p>Instead, use the following list of ranges:</p>
+<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="mf">0.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">5</span><span class="p">,</span><span class="mf">8.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">7</span><span class="p">,</span><span class="mf">11.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">8</span><span class="p">,</span><span class="mf">12.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">6</span><span class="p">,</span><span class="mf">16.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">4</span><span class="p">,</span><span class="mf">32.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">3</span><span class="p">,</span><span class="mf">64.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">2</span><span class="p">,</span><span class="mf">128.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">3</span><span class="p">,</span><span class="mf">160.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">5</span><span class="p">,</span><span class="mf">168.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">6</span><span class="p">,</span><span class="mf">172.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">12</span><span class="p">,</span><span class="mf">172.32</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">11</span><span class="p">,</span><span class="mf">172.64</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">10</span><span class="p">,</span><span class="mf">172.128</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">9</span><span class="p">,</span><span class="mf">173.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">8</span><span class="p">,</span><span class="mf">174.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">7</span><span class="p">,</span><span class="mf">176.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">4</span><span class="p">,</span><span class="mf">192.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">9</span><span class="p">,</span><span class="mf">192.128</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">11</span><span class="p">,</span><span class="mf">192.160</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">13</span><span class="p">,</span><span class="mf">192.169</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">16</span><span class="p">,</span><span class="mf">192.170</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">15</span><span class="p">,</span><span class="mf">192.172</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">14</span><span class="p">,</span><span class="mf">192.176</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">12</span><span class="p">,</span><span class="mf">192.192</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">10</span><span class="p">,</span><span class="mf">193.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">8</span><span class="p">,</span><span class="mf">194.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">7</span><span class="p">,</span><span class="mf">196.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">6</span><span class="p">,</span><span class="mf">200.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">5</span><span class="p">,</span><span class="mf">208.0</span><span class="o">.</span><span class="mf">0.0</span><span class="o">/</span><span class="mi">4</span>
+</pre></div>
+</div>
+<p>This list encompasses the standard “public” network ranges, and ignores the standard “private” network ranges.</p>
+<p>Simply paste this list into your “egress gateway ranges” and your clients should begin routing public-facing traffic over the gateway.</p>
+<a class="reference internal image-reference" href="_images/egress5.png"><img alt="Gateway" class="align-center" src="_images/egress5.png" style="width: 50%;"/></a>
+



@@ -488,7 +497,7 @@ If you do not want DNS on your ext client conf files, simply leave it blank.</p>
    <div class="md-footer-nav">
      <nav class="md-footer-nav__inner md-grid">
          
-            <a href="external-clients.html" title="Ingress GW + External Clients"
+            <a href="external-clients.html" title="Ingress + External Clients"
               class="md-flex md-footer-nav__link md-footer-nav__link--prev"
               rel="prev">
              <div class="md-flex__cell md-flex__cell--shrink">
@@ -497,7 +506,7 @@ If you do not want DNS on your ext client conf files, simply leave it blank.</p>
              <div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
                <span class="md-flex__ellipsis">
                  <span
-                      class="md-footer-nav__direction"> Previous </span> Ingress GW + External Clients </span>
+                      class="md-footer-nav__direction"> Previous </span> Ingress + External Clients </span>
              </div>
            </a>
          
--- a/docs/_build/html/external-clients.html
+++ b/docs/_build/html/external-clients.html
@@ -428,6 +428,7 @@
 <h1 id="external-clients--page-root">Ingress + External Clients<a class="headerlink" href="#external-clients--page-root" title="Permalink to this headline">¶</a></h1>

 <h2 id="introduction">Introduction<a class="headerlink" href="#introduction" title="Permalink to this headline">¶</a></h2>
+<a class="reference internal image-reference" href="_images/ingress1.png"><img alt="Gateway" class="align-center" src="_images/ingress1.png" style="width: 50%;"/></a>
 <dl class="simple">
 <dt>Netmaker allows for “external clients” to reach into a network and access services via an Ingress Gateway. So what is an “external client”? An external client is any machine which cannot or should not be meshed. This can include:</dt><dd><ul class="simple">
 <li><p>Phones</p></li>
--- a/docs/_build/html/genindex.html
+++ b/docs/_build/html/genindex.html
@@ -238,27 +238,6 @@
      <a href="getting-started.html" class="md-nav__link">Getting Started</a>
      
    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="client-installation.html" class="md-nav__link">Client Installation</a>
-      
-    
    </li>
    <li class="md-nav__item">
    
@@ -284,7 +263,35 @@
    <li class="md-nav__item">
    
    
-      <a href="usage.html" class="md-nav__link">Using Netmaker</a>
+      <a href="https://nm-k8s.readthedocs.io" class="md-nav__link">Kubernetes</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="client-installation.html" class="md-nav__link">Advanced Client Installation</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="usage.html" class="md-nav__link">External Guides</a>
      
    
    </li>
--- a/docs/_build/html/index.html
+++ b/docs/_build/html/index.html
@@ -239,27 +239,6 @@
      <a href="getting-started.html" class="md-nav__link">Getting Started</a>
      
    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="client-installation.html" class="md-nav__link">Client Installation</a>
-      
-    
    </li>
    <li class="md-nav__item">
    
@@ -285,7 +264,35 @@
    <li class="md-nav__item">
    
    
-      <a href="usage.html" class="md-nav__link">Using Netmaker</a>
+      <a href="https://nm-k8s.readthedocs.io" class="md-nav__link">Kubernetes</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="client-installation.html" class="md-nav__link">Advanced Client Installation</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="usage.html" class="md-nav__link">External Guides</a>
      
    
    </li>
@@ -356,21 +363,19 @@
              <ul class="md-nav__list">
        <li class="md-nav__item"><a href="#about" class="md-nav__link">About</a>
        </li>
-        <li class="md-nav__item"><a href="#architecture" class="md-nav__link">Architecture</a>
-        </li>
-        <li class="md-nav__item"><a href="#install" class="md-nav__link">Install</a>
-        </li>
-        <li class="md-nav__item"><a href="#quick-start" class="md-nav__link">Quick Start</a>
-        </li>
-        <li class="md-nav__item"><a href="#server-installation" class="md-nav__link">Server Installation</a>
-        </li>
-        <li class="md-nav__item"><a href="#oauth-configuration" class="md-nav__link">Oauth Configuration</a>
-        </li>
-        <li class="md-nav__item"><a href="#client-installation" class="md-nav__link">Client Installation</a>
+        <li class="md-nav__item"><a href="#getting-started" class="md-nav__link">Getting Started</a>
        </li>
        <li class="md-nav__item"><a href="#ingress-egress-and-relays" class="md-nav__link">Ingress, Egress, and Relays</a>
        </li>
-        <li class="md-nav__item"><a href="#guides" class="md-nav__link">Guides</a>
+        <li class="md-nav__item"><a href="#kubernetes-documentation" class="md-nav__link">Kubernetes Documentation</a>
+        </li>
+        <li class="md-nav__item"><a href="#advanced-server-installation" class="md-nav__link">Advanced Server Installation</a>
+        </li>
+        <li class="md-nav__item"><a href="#advanced-client-installation" class="md-nav__link">Advanced Client Installation</a>
+        </li>
+        <li class="md-nav__item"><a href="#oauth-configuration" class="md-nav__link">Oauth Configuration</a>
+        </li>
+        <li class="md-nav__item"><a href="#external-guides" class="md-nav__link">External Guides</a>
        </li>
        <li class="md-nav__item"><a href="#ui-reference" class="md-nav__link">UI Reference</a>
        </li>
@@ -406,6 +411,7 @@
 <p><strong>For Kubernetes-specific guidance, please see the</strong> <a class="reference external" href="https://nm-k8s.readthedocs.io">Netmaker Kubernetes Documentation.</a></p>

 <h2 id="about">About<a class="headerlink" href="#about" title="Permalink to this headline">¶</a></h2>
+<p>High-level information about what Netmaker is and how it works.</p>
 <div class="toctree-wrapper compound">
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="about.html">About</a><ul>
@@ -414,15 +420,6 @@
 <li class="toctree-l2"><a class="reference internal" href="about.html#use-cases-for-netmaker">Use Cases for Netmaker</a></li>
 </ul>
 </li>
-</ul>
-</div>
-<p>A quick overview of Netmaker, explaining what it is, how it works, and why you should be using it.</p>
-
-
-<h2 id="architecture">Architecture<a class="headerlink" href="#architecture" title="Permalink to this headline">¶</a></h2>
-<p>A technical overview of Netmaker, including design decisions and limitations.</p>
-<div class="toctree-wrapper compound">
-<ul>
 <li class="toctree-l1"><a class="reference internal" href="architecture.html">Architecture</a><ul>
 <li class="toctree-l2"><a class="reference internal" href="architecture.html#core-concepts">Core Concepts</a></li>
 <li class="toctree-l2"><a class="reference internal" href="architecture.html#components">Components</a></li>
@@ -435,19 +432,11 @@
 </div>


-<h2 id="install">Install<a class="headerlink" href="#install" title="Permalink to this headline">¶</a></h2>
-<p>Choose the right install method for you.</p>
+<h2 id="getting-started">Getting Started<a class="headerlink" href="#getting-started" title="Permalink to this headline">¶</a></h2>
+<p>How to install Netmaker and set up your first network.</p>
 <div class="toctree-wrapper compound">
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="install.html">Install</a></li>
-</ul>
-</div>
-
-
-<h2 id="quick-start">Quick Start<a class="headerlink" href="#quick-start" title="Permalink to this headline">¶</a></h2>
-<p>A quick start guide to getting up and running with Netmaker and WireGuard as quickly as possible.</p>
-<div class="toctree-wrapper compound">
-<ul>
 <li class="toctree-l1"><a class="reference internal" href="quick-start.html">Quick Install</a><ul>
 <li class="toctree-l2"><a class="reference internal" href="quick-start.html#introduction">Introduction</a></li>
 <li class="toctree-l2"><a class="reference internal" href="quick-start.html#prerequisites">0. Prerequisites</a></li>
@@ -457,10 +446,6 @@
 <li class="toctree-l2"><a class="reference internal" href="quick-start.html#install-netmaker">4. Install Netmaker</a></li>
 </ul>
 </li>
-</ul>
-</div>
-<div class="toctree-wrapper compound">
-<ul>
 <li class="toctree-l1"><a class="reference internal" href="getting-started.html">Getting Started</a><ul>
 <li class="toctree-l2"><a class="reference internal" href="getting-started.html#setup">Setup</a></li>
 <li class="toctree-l2"><a class="reference internal" href="getting-started.html#create-a-network">Create a Network</a></li>
@@ -475,7 +460,52 @@
 </div>


-<h2 id="server-installation">Server Installation<a class="headerlink" href="#server-installation" title="Permalink to this headline">¶</a></h2>
+<h2 id="ingress-egress-and-relays">Ingress, Egress, and Relays<a class="headerlink" href="#ingress-egress-and-relays" title="Permalink to this headline">¶</a></h2>
+<p>How to give machines outside of the Netmaker network access to network resources via an Ingress Gateway:</p>
+<div class="toctree-wrapper compound">
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="external-clients.html">Ingress + External Clients</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="external-clients.html#introduction">Introduction</a></li>
+<li class="toctree-l2"><a class="reference internal" href="external-clients.html#configuring-an-ingress-gateway">Configuring an Ingress Gateway</a></li>
+<li class="toctree-l2"><a class="reference internal" href="external-clients.html#adding-clients-to-a-gateway">Adding Clients to a Gateway</a></li>
+<li class="toctree-l2"><a class="reference internal" href="external-clients.html#configuring-dns-for-ext-clients-optional">Configuring DNS for Ext Clients (OPTIONAL)</a></li>
+</ul>
+</li>
+</ul>
+</div>
+<p>How to give machines inside the Netmaker network access to external network resources via an Egress Gateway:</p>
+<div class="toctree-wrapper compound">
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="egress-gateway.html">Egress Gateway</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="egress-gateway.html#introduction">Introduction</a></li>
+<li class="toctree-l2"><a class="reference internal" href="egress-gateway.html#configuring-an-egress-gateway">Configuring an Egress Gateway</a></li>
+<li class="toctree-l2"><a class="reference internal" href="egress-gateway.html#use-cases">Use Cases</a></li>
+</ul>
+</li>
+</ul>
+</div>
+<p>How to make machines inside the network reachable if they are blocked by NAT/Firewall:</p>
+<div class="toctree-wrapper compound">
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="relay-server.html">Relay Servers</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="relay-server.html#introduction">Introduction</a></li>
+<li class="toctree-l2"><a class="reference internal" href="relay-server.html#configuring-a-relay">Configuring a Relay</a></li>
+</ul>
+</li>
+</ul>
+</div>
+
+
+<h2 id="kubernetes-documentation">Kubernetes Documentation<a class="headerlink" href="#kubernetes-documentation" title="Permalink to this headline">¶</a></h2>
+<div class="toctree-wrapper compound">
+<ul>
+<li class="toctree-l1"><a class="reference external" href="https://nm-k8s.readthedocs.io">Kubernetes</a></li>
+</ul>
+</div>
+<p><a class="reference external" href="https://nm-k8s.readthedocs.io">Netmaker Kubernetes Documentation</a></p>
+
+
+<h2 id="advanced-server-installation">Advanced Server Installation<a class="headerlink" href="#advanced-server-installation" title="Permalink to this headline">¶</a></h2>
 <p>A detailed guide to installing the Netmaker server (API, DB, UI, DNS), and configuration options.</p>
 <div class="toctree-wrapper compound">
 <ul>
@@ -495,6 +525,24 @@
 </div>


+<h2 id="advanced-client-installation">Advanced Client Installation<a class="headerlink" href="#advanced-client-installation" title="Permalink to this headline">¶</a></h2>
+<p>A detailed guide to installing the Netmaker agent (netclient) on devices and configuration options.</p>
+<div class="toctree-wrapper compound">
+<ul>
+<li class="toctree-l1"><a class="reference internal" href="client-installation.html">Advanced Client Installation</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="client-installation.html#introduction-to-netclient">Introduction to Netclient</a></li>
+<li class="toctree-l2"><a class="reference internal" href="client-installation.html#notes-on-windows">Notes on Windows</a></li>
+<li class="toctree-l2"><a class="reference internal" href="client-installation.html#modes-and-system-compatibility">Modes and System Compatibility</a></li>
+<li class="toctree-l2"><a class="reference internal" href="client-installation.html#prerequisites">Prerequisites</a></li>
+<li class="toctree-l2"><a class="reference internal" href="client-installation.html#configuration">Configuration</a></li>
+<li class="toctree-l2"><a class="reference internal" href="client-installation.html#installation">Installation</a></li>
+<li class="toctree-l2"><a class="reference internal" href="client-installation.html#managing-netclient">Managing Netclient</a></li>
+</ul>
+</li>
+</ul>
+</div>
+
+
 <h2 id="oauth-configuration">Oauth Configuration<a class="headerlink" href="#oauth-configuration" title="Permalink to this headline">¶</a></h2>
 <p>A simple guide to configuring OAuth for Netmaker.</p>
 <div class="toctree-wrapper compound">
@@ -510,51 +558,13 @@
 </div>


-<h2 id="client-installation">Client Installation<a class="headerlink" href="#client-installation" title="Permalink to this headline">¶</a></h2>
-<p>A detailed guide to installing the Netmaker agent (netclient) on devices and configuration options.</p>
-<div class="toctree-wrapper compound">
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="client-installation.html">Client Installation</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="client-installation.html#introduction-to-netclient">Introduction to Netclient</a></li>
-<li class="toctree-l2"><a class="reference internal" href="client-installation.html#notes-on-windows">Notes on Windows</a></li>
-<li class="toctree-l2"><a class="reference internal" href="client-installation.html#modes-and-system-compatibility">Modes and System Compatibility</a></li>
-<li class="toctree-l2"><a class="reference internal" href="client-installation.html#prerequisites">Prerequisites</a></li>
-<li class="toctree-l2"><a class="reference internal" href="client-installation.html#configuration">Configuration</a></li>
-<li class="toctree-l2"><a class="reference internal" href="client-installation.html#installation">Installation</a></li>
-<li class="toctree-l2"><a class="reference internal" href="client-installation.html#managing-netclient">Managing Netclient</a></li>
-</ul>
-</li>
-</ul>
-</div>
-
-
-<h2 id="ingress-egress-and-relays">Ingress, Egress, and Relays<a class="headerlink" href="#ingress-egress-and-relays" title="Permalink to this headline">¶</a></h2>
-<p><strong>Ingress:</strong> A guide on how to give machines outside of the Netmaker network access to network resources via an Ingress Gateway.</p>
-<div class="toctree-wrapper compound">
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="external-clients.html">Ingress + External Clients</a></li>
-</ul>
-</div>
-<p><strong>Egress:</strong> A guide on how to give machines inside the Netmaker network access to external network resources via an Egress Gateway.</p>
-<div class="toctree-wrapper compound">
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="egress-gateway.html">Egress Gateway</a></li>
-</ul>
-</div>
-<p><strong>Relay:</strong> A guide on how to make machines inside the network reachable if they are blocked by NAT/Firewall.</p>
-<div class="toctree-wrapper compound">
-<ul>
-<li class="toctree-l1"><a class="reference internal" href="relay-server.html">Relay Servers</a></li>
-</ul>
-</div>
-
-
-<h2 id="guides">Guides<a class="headerlink" href="#guides" title="Permalink to this headline">¶</a></h2>
+<h2 id="external-guides">External Guides<a class="headerlink" href="#external-guides" title="Permalink to this headline">¶</a></h2>
 <p>A handful of guides for use cases including site-to-site, Kubernetes, private DNS, and more.</p>
 <div class="toctree-wrapper compound">
 <ul>
-<li class="toctree-l1"><a class="reference internal" href="usage.html">Using Netmaker</a><ul>
-<li class="toctree-l2"><a class="reference internal" href="usage.html#external-tutorials">External Tutorials</a></li>
+<li class="toctree-l1"><a class="reference internal" href="usage.html">External Guides</a><ul>
+<li class="toctree-l2"><a class="reference internal" href="usage.html#video-tutorials">Video Tutorials</a></li>
+<li class="toctree-l2"><a class="reference internal" href="usage.html#written-tutorials">Written Tutorials</a></li>
 </ul>
 </li>
 </ul>
@@ -580,7 +590,6 @@

 <h2 id="api-reference">API Reference<a class="headerlink" href="#api-reference" title="Permalink to this headline">¶</a></h2>
 <p>A reference document for the Netmaker Server API, and example API calls for various use cases.</p>
-<p><strong>Coming Soon:</strong> Swagger Documentation</p>
 <div class="toctree-wrapper compound">
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="api.html">API Reference</a></li>
--- a/docs/_build/html/install.html
+++ b/docs/_build/html/install.html
@@ -209,7 +209,7 @@
    <li class="md-nav__item">
    
    
-      <a href="about.html" class="md-nav__link">1. About</a>
+      <a href="about.html" class="md-nav__link">About</a>
      
    
    </li>
@@ -253,28 +253,7 @@
    <li class="md-nav__item">
    
    
-      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="client-installation.html" class="md-nav__link">Client Installation</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="external-clients.html" class="md-nav__link">Ingress GW + External Clients</a>
+      <a href="external-clients.html" class="md-nav__link">Ingress + External Clients</a>
      
    
    </li>
@@ -295,7 +274,35 @@
    <li class="md-nav__item">
    
    
-      <a href="usage.html" class="md-nav__link">Using Netmaker</a>
+      <a href="https://nm-k8s.readthedocs.io" class="md-nav__link">Kubernetes</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="client-installation.html" class="md-nav__link">Advanced Client Installation</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="usage.html" class="md-nav__link">External Guides</a>
      
    
    </li>
--- a/docs/_build/html/oauth.html
+++ b/docs/_build/html/oauth.html
@@ -209,7 +209,7 @@
    <li class="md-nav__item">
    
    
-      <a href="about.html" class="md-nav__link">1. About</a>
+      <a href="about.html" class="md-nav__link">About</a>
      
    
    </li>
@@ -315,7 +315,7 @@
    <li class="md-nav__item">
    
    
-      <a href="external-clients.html" class="md-nav__link">Ingress GW + External Clients</a>
+      <a href="external-clients.html" class="md-nav__link">Ingress + External Clients</a>
      
    
    </li>
--- a/docs/_build/html/objects.inv
+++ b/docs/_build/html/objects.inv
--- a/docs/_build/html/relay-server.html
+++ b/docs/_build/html/relay-server.html
@@ -56,7 +56,7 @@
    <link rel="author" title="About these documents" href="about.html" />
    <link rel="index" title="Index" href="genindex.html" />
    <link rel="search" title="Search" href="search.html" />
-    <link rel="next" title="Using Netmaker" href="usage.html" />
+    <link rel="next" title="Advanced Server Installation" href="server-installation.html" />
    <link rel="prev" title="Egress Gateway" href="egress-gateway.html" />
  
   
@@ -209,7 +209,7 @@
    <li class="md-nav__item">
    
    
-      <a href="about.html" class="md-nav__link">1. About</a>
+      <a href="about.html" class="md-nav__link">About</a>
      
    
    </li>
@@ -244,28 +244,7 @@
    <li class="md-nav__item">
    
    
-      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="client-installation.html" class="md-nav__link">Client Installation</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="external-clients.html" class="md-nav__link">Ingress GW + External Clients</a>
+      <a href="external-clients.html" class="md-nav__link">Ingress + External Clients</a>
      
    
    </li>
@@ -292,11 +271,7 @@
              <ul class="md-nav__list">
        <li class="md-nav__item"><a href="#introduction" class="md-nav__link">Introduction</a>
        </li>
-        <li class="md-nav__item"><a href="#configuring-an-ingress-gateway" class="md-nav__link">Configuring an Ingress Gateway</a>
-        </li>
-        <li class="md-nav__item"><a href="#adding-clients-to-a-gateway" class="md-nav__link">Adding Clients to a Gateway</a>
-        </li>
-        <li class="md-nav__item"><a href="#configuring-dns-for-ext-clients-optional" class="md-nav__link">Configuring DNS for Ext Clients (OPTIONAL)</a>
+        <li class="md-nav__item"><a href="#configuring-a-relay" class="md-nav__link">Configuring a Relay</a>
        </li></ul>
            </nav>
        </li>
@@ -313,21 +288,7 @@
    <li class="md-nav__item">
    
    
-      <a href="#configuring-an-ingress-gateway" class="md-nav__link">Configuring an Ingress Gateway</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="#adding-clients-to-a-gateway" class="md-nav__link">Adding Clients to a Gateway</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="#configuring-dns-for-ext-clients-optional" class="md-nav__link">Configuring DNS for Ext Clients (OPTIONAL)</a>
+      <a href="#configuring-a-relay" class="md-nav__link">Configuring a Relay</a>
      
    
    </li></ul>
@@ -336,7 +297,35 @@
    <li class="md-nav__item">
    
    
-      <a href="usage.html" class="md-nav__link">Using Netmaker</a>
+      <a href="https://nm-k8s.readthedocs.io" class="md-nav__link">Kubernetes</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="client-installation.html" class="md-nav__link">Advanced Client Installation</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="usage.html" class="md-nav__link">External Guides</a>
      
    
    </li>
@@ -407,11 +396,7 @@
              <ul class="md-nav__list">
        <li class="md-nav__item"><a href="#introduction" class="md-nav__link">Introduction</a>
        </li>
-        <li class="md-nav__item"><a href="#configuring-an-ingress-gateway" class="md-nav__link">Configuring an Ingress Gateway</a>
-        </li>
-        <li class="md-nav__item"><a href="#adding-clients-to-a-gateway" class="md-nav__link">Adding Clients to a Gateway</a>
-        </li>
-        <li class="md-nav__item"><a href="#configuring-dns-for-ext-clients-optional" class="md-nav__link">Configuring DNS for Ext Clients (OPTIONAL)</a>
+        <li class="md-nav__item"><a href="#configuring-a-relay" class="md-nav__link">Configuring a Relay</a>
        </li></ul>
            </nav>
        </li>
@@ -428,53 +413,18 @@
 <h1 id="relay-server--page-root">Relay Servers<a class="headerlink" href="#relay-server--page-root" title="Permalink to this headline">¶</a></h1>

 <h2 id="introduction">Introduction<a class="headerlink" href="#introduction" title="Permalink to this headline">¶</a></h2>
-<dl class="simple">
-<dt>Netmaker allows for “external clients” to reach into a network and access services via an Ingress Gateway. So what is an “external client”? An external client is any machine which cannot or should not be meshed. This can include:</dt><dd><ul class="simple">
-<li><p>Phones</p></li>
-<li><p>Laptops</p></li>
-<li><p>Desktops</p></li>
-</ul>
-</dd>
-</dl>
-<p>An external client is not “managed,” meaning it does not automatically pull the latest network configuration, or push changes to its configuration. Instead, it uses a generated WireGuard config file to access the designated <strong>Ingress Gateway</strong>, which <strong>is</strong> a managed server (running netclient). This server then forwards traffic to the appropriate endpoint, acting as a middle-man/relay.</p>
-<p>By using this method, you can hook any machine into a netmaker network that can run WireGuard.</p>
-<p>It is recommended to run the netclient where compatible, but for all other cases, a machine can be configured as an external client.</p>
-<p>Important to note, an external client is not <strong>reachable</strong> by the network, meaning the client can establish connections to other machines, but those machines cannot independently establish a connection back. The External Client method should only be used in use cases where one wishes to access resource running on the virtual network, and <strong>not</strong> for use cases where one wishes to make a resource accessible on the network. For that, use netclient.</p>
+<a class="reference internal image-reference" href="_images/relay1.png"><img alt="Relay" class="align-center" src="_images/relay1.png" style="width: 80%;"/></a>
+<p>Sometimes nodes are in hard-to-reach places. Typically this will be due to a CGNAT, Double NAT, or restrictive firewall. In such scenarios, a direct peer-to-peer connection with all other nodes might be impossible.</p>
+<p>For this reason, Netmaker has a Relay Server functionality. At any time you may designate a publicly reachable node (such as the Netmaker Server) as a Relay, and tell it which machines it should relay. Then, all traffic routing to and from that machine will go through the relay. This allows you to circumvent the above issues and ensure connectivity when direct measures do not work.</p>


-<h2 id="configuring-an-ingress-gateway">Configuring an Ingress Gateway<a class="headerlink" href="#configuring-an-ingress-gateway" title="Permalink to this headline">¶</a></h2>
-<p>External Clients must attach to an Ingress Gateway. By default, your network will not have an ingress gateway. To configure an ingress gateway, you can use any node in your network, but it should have a public IP address (not behind a NAT). Your Netmaker server can be an ingress gateway and makes for a good default choice if you are unsure of which node to select.</p>
-<a class="reference internal image-reference" href="_images/exclient1.png"><img alt="Gateway" class="align-center" src="_images/exclient1.png" style="width: 80%;"/></a>
-
-
-<h2 id="adding-clients-to-a-gateway">Adding Clients to a Gateway<a class="headerlink" href="#adding-clients-to-a-gateway" title="Permalink to this headline">¶</a></h2>
-<p>Once you have configured a node as a gateway, you can then add clients to that gateway. Clients will be able to access other nodes in the network just as the gateway node does.</p>
-<a class="reference internal image-reference" href="_images/exclient2.png"><img alt="Gateway" class="align-center" src="_images/exclient2.png" style="width: 80%;"/></a>
-<p>After creating a client, you can edit the name to something more logical.</p>
-<a class="reference internal image-reference" href="_images/exclient3.png"><img alt="Gateway" class="align-center" src="_images/exclient3.png" style="width: 80%;"/></a>
-<p>Then, you can either download the configuration file directly, or scan the QR code from your phone (assuming you have the WireGuard app installed). It will accept the configuration just as it would accept a typical WireGuard configuration file.</p>
-<a class="reference internal image-reference" href="_images/exclient4.png"><img alt="Gateway" class="align-center" src="_images/exclient4.png" style="width: 80%;"/></a>
-<p>Example config file:</p>
-<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="p">[</span><span class="n">Interface</span><span class="p">]</span>
-<span class="n">Address</span> <span class="o">=</span> <span class="mf">10.7</span><span class="o">.</span><span class="mf">11.5</span><span class="o">/</span><span class="mi">32</span>
-<span class="n">PrivateKey</span> <span class="o">=</span> <span class="n">EJf6Yy51M</span><span class="o">/</span><span class="n">YDaZgedRpuxMmrqul35WfjmHvRZR1rQ0U</span><span class="o">=</span>
-
-<span class="p">[</span><span class="n">Peer</span><span class="p">]</span>
-<span class="n">PublicKey</span> <span class="o">=</span> <span class="n">m</span><span class="o">/</span><span class="n">RPuMVsbpgQ</span><span class="o">+</span><span class="n">RkxlgK2mG</span><span class="o">+</span><span class="n">dDFlzqn</span><span class="o">+</span><span class="n">ua2zJt8Wn7GA</span><span class="o">=</span>
-<span class="n">AllowedIPs</span> <span class="o">=</span> <span class="mf">10.7</span><span class="o">.</span><span class="mf">11.0</span><span class="o">/</span><span class="mi">24</span>
-<span class="n">Endpoint</span> <span class="o">=</span> <span class="mf">3.236</span><span class="o">.</span><span class="mf">60.247</span><span class="p">:</span><span class="mi">51822</span>
-<span class="n">PersistentKeepalive</span> <span class="o">=</span> <span class="mi">20</span>
-
-</pre></div>
-</div>
-<p>Your client should now be able to access the network! A client can be invalidated at any time by simply deleting it from the UI.</p>
-
-
-<h2 id="configuring-dns-for-ext-clients-optional">Configuring DNS for Ext Clients (OPTIONAL)<a class="headerlink" href="#configuring-dns-for-ext-clients-optional" title="Permalink to this headline">¶</a></h2>
-<p>If you wish to have a DNS field on your ext clients conf, simply edit the network field as shown below to 1.1.1.1 or 8.8.8.8 for example.
-If you do not want DNS on your ext client conf files, simply leave it blank.</p>
-<a class="reference internal image-reference" href="_images/extclient5.png"><img alt="Gateway" class="align-center" src="_images/extclient5.png" style="width: 80%;"/></a>
-<p>Important to note, your client automatically adds egress gateway ranges (if any on the same network) to it’s allowed IPs.</p>
+<h2 id="configuring-a-relay">Configuring a Relay<a class="headerlink" href="#configuring-a-relay" title="Permalink to this headline">¶</a></h2>
+<p>To create a relay, you can use any node in your network, but it should have a public IP address (not behind a NAT). Your Netmaker server can be a relay server and makes for a good default choice if you are unsure of which node to select.</p>
+<p>Simply click the relay button in the nodes list. Then, specify the nodes which it should relay. You can either enter the IP’s directly, select from a list, or click “Select All.”</p>
+<a class="reference internal image-reference" href="_images/ui-7.jpg"><img alt="Relay" class="align-center" src="_images/ui-7.jpg" style="width: 80%;"/></a>
+<p>If you choose “select all” this essentially turns your network into a hub-and-spoke network. All traffic now routes over the relay node. This can create a bottleneck and slow down your network, but in some scenarios may simplify network operations.</p>
+<p>After creation, you can change the list of relayed nodes by clicking “edit node” and editing the list (Field #12 below).</p>
+<a class="reference internal image-reference" href="_images/ui-5.jpg"><img alt="Relay" class="align-center" src="_images/ui-5.jpg" style="width: 40%;"/></a>



@@ -502,12 +452,12 @@ If you do not want DNS on your ext client conf files, simply leave it blank.</p>
            </a>
          
          
-            <a href="usage.html" title="Using Netmaker"
+            <a href="server-installation.html" title="Advanced Server Installation"
               class="md-flex md-footer-nav__link md-footer-nav__link--next"
               rel="next">
            <div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title"><span
                class="md-flex__ellipsis"> <span
-                class="md-footer-nav__direction"> Next </span> Using Netmaker </span>
+                class="md-footer-nav__direction"> Next </span> Advanced Server Installation </span>
            </div>
            <div class="md-flex__cell md-flex__cell--shrink"><i
                class="md-icon md-icon--arrow-forward md-footer-nav__button"></i>
--- a/docs/_build/html/search.html
+++ b/docs/_build/html/search.html
@@ -244,27 +244,6 @@
      <a href="getting-started.html" class="md-nav__link">Getting Started</a>
      
    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="client-installation.html" class="md-nav__link">Client Installation</a>
-      
-    
    </li>
    <li class="md-nav__item">
    
@@ -290,7 +269,35 @@
    <li class="md-nav__item">
    
    
-      <a href="usage.html" class="md-nav__link">Using Netmaker</a>
+      <a href="https://nm-k8s.readthedocs.io" class="md-nav__link">Kubernetes</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="client-installation.html" class="md-nav__link">Advanced Client Installation</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="usage.html" class="md-nav__link">External Guides</a>
      
    
    </li>
--- a/docs/_build/html/searchindex.js
+++ b/docs/_build/html/searchindex.js
--- a/docs/_build/html/support.html
+++ b/docs/_build/html/support.html
@@ -209,7 +209,7 @@
    <li class="md-nav__item">
    
    
-      <a href="about.html" class="md-nav__link">1. About</a>
+      <a href="about.html" class="md-nav__link">About</a>
      
    
    </li>
@@ -244,28 +244,7 @@
    <li class="md-nav__item">
    
    
-      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="client-installation.html" class="md-nav__link">Client Installation</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="external-clients.html" class="md-nav__link">Ingress GW + External Clients</a>
+      <a href="external-clients.html" class="md-nav__link">Ingress + External Clients</a>
      
    
    </li>
@@ -286,7 +265,35 @@
    <li class="md-nav__item">
    
    
-      <a href="usage.html" class="md-nav__link">Using Netmaker</a>
+      <a href="https://nm-k8s.readthedocs.io" class="md-nav__link">Kubernetes</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="client-installation.html" class="md-nav__link">Advanced Client Installation</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="usage.html" class="md-nav__link">External Guides</a>
      
    
    </li>
@@ -334,13 +341,11 @@
              <ul class="md-nav__list">
        <li class="md-nav__item"><a href="#faq" class="md-nav__link">FAQ</a><nav class="md-nav">
              <ul class="md-nav__list">
-        <li class="md-nav__item"><a href="#does-will-netmaker-support-x-operating-system" class="md-nav__link">Does/Will Netmaker Support X Operating System?</a>
-        </li>
-        <li class="md-nav__item"><a href="#how-do-i-install-the-netclient-on-x" class="md-nav__link">How do I install the Netclient on X?</a>
-        </li>
        <li class="md-nav__item"><a href="#is-netmaker-a-vpn-like-nordnpn" class="md-nav__link">Is Netmaker a VPN like NordNPN?</a>
        </li>
-        <li class="md-nav__item"><a href="#do-you-offer-any-enterprise-support" class="md-nav__link">Do you offer any enterprise support?</a>
+        <li class="md-nav__item"><a href="#do-you-have-an-exit-nodes-feature" class="md-nav__link">Do you have an ‘Exit Nodes’ feature?</a>
+        </li>
+        <li class="md-nav__item"><a href="#do-you-offer-any-business-or-enterprise-support" class="md-nav__link">Do you offer any business or enterprise support?</a>
        </li>
        <li class="md-nav__item"><a href="#why-the-sspl-license" class="md-nav__link">Why the SSPL License?</a>
        </li></ul>
@@ -401,13 +406,11 @@
              <ul class="md-nav__list">
        <li class="md-nav__item"><a href="#faq" class="md-nav__link">FAQ</a><nav class="md-nav">
              <ul class="md-nav__list">
-        <li class="md-nav__item"><a href="#does-will-netmaker-support-x-operating-system" class="md-nav__link">Does/Will Netmaker Support X Operating System?</a>
-        </li>
-        <li class="md-nav__item"><a href="#how-do-i-install-the-netclient-on-x" class="md-nav__link">How do I install the Netclient on X?</a>
-        </li>
        <li class="md-nav__item"><a href="#is-netmaker-a-vpn-like-nordnpn" class="md-nav__link">Is Netmaker a VPN like NordNPN?</a>
        </li>
-        <li class="md-nav__item"><a href="#do-you-offer-any-enterprise-support" class="md-nav__link">Do you offer any enterprise support?</a>
+        <li class="md-nav__item"><a href="#do-you-have-an-exit-nodes-feature" class="md-nav__link">Do you have an ‘Exit Nodes’ feature?</a>
+        </li>
+        <li class="md-nav__item"><a href="#do-you-offer-any-business-or-enterprise-support" class="md-nav__link">Do you offer any business or enterprise support?</a>
        </li>
        <li class="md-nav__item"><a href="#why-the-sspl-license" class="md-nav__link">Why the SSPL License?</a>
        </li></ul>
@@ -431,18 +434,8 @@

 <h2 id="faq">FAQ<a class="headerlink" href="#faq" title="Permalink to this headline">¶</a></h2>

-<h3 id="does-will-netmaker-support-x-operating-system">Does/Will Netmaker Support X Operating System?<a class="headerlink" href="#does-will-netmaker-support-x-operating-system" title="Permalink to this headline">¶</a></h3>
-<p>Netmaker is initially available on a limited number of operating systems for good reason: Every operating system is designed differently. With a small team, we can either focus on making Netmaker do a lot on a few number of operating systems, or a little on a bunch of operating systems. We chose the first option. You can view the System Compatibility docs for more info, but in general, you should only be using Netmaker on systemd linux right now.</p>
-<p>However, via “external clients”, any device that supports WireGuard can be added to the network.</p>
-<p>In future iterations will expand the operating system support for Netclient, and devices that must use the “external client” feature can switch to Netclient.</p>
-
-
-<h3 id="how-do-i-install-the-netclient-on-x">How do I install the Netclient on X?<a class="headerlink" href="#how-do-i-install-the-netclient-on-x" title="Permalink to this headline">¶</a></h3>
-<p>As per the above, there are many unsupported operating systems. You are still welcome to try, it is just an executable binary file after all. If the system is unix-based and has kernel WireGuard installed, netclient may very well mesh the device into the network. However, the service likely will encounter problems retrieving updates.</p>
-
-
 <h3 id="is-netmaker-a-vpn-like-nordnpn">Is Netmaker a VPN like NordNPN?<a class="headerlink" href="#is-netmaker-a-vpn-like-nordnpn" title="Permalink to this headline">¶</a></h3>
-<p>No. Netmaker makes Virtual Networks, which are technically VPNs, but different. It’s more like a corporate VPN, or a VPC (if you’re familiar with AWS).</p>
+<p>No. Netmaker makes Virtual Networks, which are technically VPNs, but different. It’s more like a corporate VPN, or a VPC (if you’re familiar with AWS). Netmaker is often compared to OpenVPN, Tailscale, or Nebula.</p>
 <p>If you’re looking to achieve self-hosted web browsing, with functionality similar to NordVPN, ExpressVPN, Surfshark, Tunnelbear, or Private Internet Access, this is probably not the project for you. Technically, you can accomplish this with Netmaker, but it would be a little like using a all-terrain vehicle for stock car racing.</p>
 <p>There are many good projects out there that support general internet privacy using WireGuard. Here are just a few of them:</p>
 <p><a class="reference external" href="https://github.com/trailofbits/algo">https://github.com/trailofbits/algo</a>
@@ -451,15 +444,18 @@
 <a class="reference external" href="https://github.com/mullvad/mullvadvpn-app">https://github.com/mullvad/mullvadvpn-app</a></p>


-<h3 id="do-you-offer-any-enterprise-support">Do you offer any enterprise support?<a class="headerlink" href="#do-you-offer-any-enterprise-support" title="Permalink to this headline">¶</a></h3>
-<p>If you are interested in enterprise support for your project, please contact <a class="reference external" href="mailto:info%40gravitl.com">info<span>@</span>gravitl<span>.</span>com</a>.</p>
+<h3 id="do-you-have-an-exit-nodes-feature">Do you have an ‘Exit Nodes’ feature?<a class="headerlink" href="#do-you-have-an-exit-nodes-feature" title="Permalink to this headline">¶</a></h3>
+<p>Please see the <a class="reference internal" href="egress-gateway.html"><span class="doc">Egress Gateway</span></a> documentation.</p>
+
+
+<h3 id="do-you-offer-any-business-or-enterprise-support">Do you offer any business or enterprise support?<a class="headerlink" href="#do-you-offer-any-business-or-enterprise-support" title="Permalink to this headline">¶</a></h3>
+<p>Yes, please contact <a class="reference external" href="mailto:info%40gravitl.com">info<span>@</span>gravitl<span>.</span>com</a> or visit <a class="reference external" href="https://gravitl.com/plans">https://gravitl.com/plans</a>.</p>


 <h3 id="why-the-sspl-license">Why the SSPL License?<a class="headerlink" href="#why-the-sspl-license" title="Permalink to this headline">¶</a></h3>
-<p>We thought long and hard about the license. Ultimately, we think this is the best way to support and ensure the health of the project long term. The community deserves something that is well-maintained, and in order to do that, eventually we need some financial support. We won’t do that by limiting the project, but we will offer some additional support, and hosted options for things people would end up paying for anyway (relay servers, load balancing support, backups).</p>
-<p>While SSPL is not an OSI-approved open source license, it let’s people generally run the project however they want, both for private use and business use, without running into the issue of someone else monetizing the project and making it financially untenable. We are working on making the guidelines clear, and will make sure that the license does not impact the communities ability to use and modify the project.</p>
-<p>If you have concerns about the license leading to project restrictions down the road, just know that there are other paid, closed-source/closed-core options out there, so beyond not wanting to follow that path, we also don’t think it’s a good idea economically either. We firmly believe that having the project open is not only right, but the best option.</p>
-<p>All that said, we will re-evaluate the license on a regular basis and determine if an OSI-approved license makes more sense. It’s just easier to move from SSPL to another license than vice-versa.</p>
+<p>As of now, we think the SSPL is the best way to ensure the long-term viability of the project, but we are regularly evaluating this to see if an OSI-approved license makes more sense.</p>
+<p>We believe the SSPL lets most people run the project the way they want, for both for private use and business use, while giving us a path to maintain viability. We are working to make sure the guidelines clear, and do not want the license to impact the community’s ability to use and modify the project.</p>
+<p>If you believe the SSPL will negatively impact your ability to use the project, please do not hesitate to reach out.</p>



--- a/docs/_build/html/ui-reference.html
+++ b/docs/_build/html/ui-reference.html
@@ -209,7 +209,7 @@
    <li class="md-nav__item">
    
    
-      <a href="about.html" class="md-nav__link">1. About</a>
+      <a href="about.html" class="md-nav__link">About</a>
      
    
    </li>
@@ -265,7 +265,7 @@
    <li class="md-nav__item">
    
    
-      <a href="external-clients.html" class="md-nav__link">Ingress GW + External Clients</a>
+      <a href="external-clients.html" class="md-nav__link">Ingress + External Clients</a>
      
    
    </li>
--- a/docs/_build/html/upgrades.html
+++ b/docs/_build/html/upgrades.html
@@ -209,7 +209,7 @@
    <li class="md-nav__item">
    
    
-      <a href="about.html" class="md-nav__link">1. About</a>
+      <a href="about.html" class="md-nav__link">About</a>
      
    
    </li>
@@ -244,28 +244,7 @@
    <li class="md-nav__item">
    
    
-      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="client-installation.html" class="md-nav__link">Client Installation</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="external-clients.html" class="md-nav__link">Ingress GW + External Clients</a>
+      <a href="external-clients.html" class="md-nav__link">Ingress + External Clients</a>
      
    
    </li>
@@ -286,7 +265,35 @@
    <li class="md-nav__item">
    
    
-      <a href="usage.html" class="md-nav__link">Using Netmaker</a>
+      <a href="https://nm-k8s.readthedocs.io" class="md-nav__link">Kubernetes</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="client-installation.html" class="md-nav__link">Advanced Client Installation</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="usage.html" class="md-nav__link">External Guides</a>
      
    
    </li>
@@ -320,11 +327,9 @@
              <ul class="md-nav__list">
        <li class="md-nav__item"><a href="#introduction" class="md-nav__link">Introduction</a>
        </li>
-        <li class="md-nav__item"><a href="#configuring-an-ingress-gateway" class="md-nav__link">Configuring an Ingress Gateway</a>
+        <li class="md-nav__item"><a href="#upgrade-the-server-netmaker" class="md-nav__link">Upgrade the Server (netmaker)</a>
        </li>
-        <li class="md-nav__item"><a href="#adding-clients-to-a-gateway" class="md-nav__link">Adding Clients to a Gateway</a>
-        </li>
-        <li class="md-nav__item"><a href="#configuring-dns-for-ext-clients-optional" class="md-nav__link">Configuring DNS for Ext Clients (OPTIONAL)</a>
+        <li class="md-nav__item"><a href="#upgrade-the-clients-netclient" class="md-nav__link">Upgrade the Clients (netclient)</a>
        </li></ul>
            </nav>
        </li>
@@ -341,21 +346,14 @@
    <li class="md-nav__item">
    
    
-      <a href="#configuring-an-ingress-gateway" class="md-nav__link">Configuring an Ingress Gateway</a>
+      <a href="#upgrade-the-server-netmaker" class="md-nav__link">Upgrade the Server (netmaker)</a>
      
    
    </li>
    <li class="md-nav__item">
    
    
-      <a href="#adding-clients-to-a-gateway" class="md-nav__link">Adding Clients to a Gateway</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="#configuring-dns-for-ext-clients-optional" class="md-nav__link">Configuring DNS for Ext Clients (OPTIONAL)</a>
+      <a href="#upgrade-the-clients-netclient" class="md-nav__link">Upgrade the Clients (netclient)</a>
      
    
    </li></ul>
@@ -407,11 +405,9 @@
              <ul class="md-nav__list">
        <li class="md-nav__item"><a href="#introduction" class="md-nav__link">Introduction</a>
        </li>
-        <li class="md-nav__item"><a href="#configuring-an-ingress-gateway" class="md-nav__link">Configuring an Ingress Gateway</a>
+        <li class="md-nav__item"><a href="#upgrade-the-server-netmaker" class="md-nav__link">Upgrade the Server (netmaker)</a>
        </li>
-        <li class="md-nav__item"><a href="#adding-clients-to-a-gateway" class="md-nav__link">Adding Clients to a Gateway</a>
-        </li>
-        <li class="md-nav__item"><a href="#configuring-dns-for-ext-clients-optional" class="md-nav__link">Configuring DNS for Ext Clients (OPTIONAL)</a>
+        <li class="md-nav__item"><a href="#upgrade-the-clients-netclient" class="md-nav__link">Upgrade the Clients (netclient)</a>
        </li></ul>
            </nav>
        </li>
@@ -428,53 +424,39 @@
 <h1 id="upgrades--page-root">Upgrades<a class="headerlink" href="#upgrades--page-root" title="Permalink to this headline">¶</a></h1>

 <h2 id="introduction">Introduction<a class="headerlink" href="#introduction" title="Permalink to this headline">¶</a></h2>
-<dl class="simple">
-<dt>Netmaker allows for “external clients” to reach into a network and access services via an Ingress Gateway. So what is an “external client”? An external client is any machine which cannot or should not be meshed. This can include:</dt><dd><ul class="simple">
-<li><p>Phones</p></li>
-<li><p>Laptops</p></li>
-<li><p>Desktops</p></li>
-</ul>
-</dd>
-</dl>
-<p>An external client is not “managed,” meaning it does not automatically pull the latest network configuration, or push changes to its configuration. Instead, it uses a generated WireGuard config file to access the designated <strong>Ingress Gateway</strong>, which <strong>is</strong> a managed server (running netclient). This server then forwards traffic to the appropriate endpoint, acting as a middle-man/relay.</p>
-<p>By using this method, you can hook any machine into a netmaker network that can run WireGuard.</p>
-<p>It is recommended to run the netclient where compatible, but for all other cases, a machine can be configured as an external client.</p>
-<p>Important to note, an external client is not <strong>reachable</strong> by the network, meaning the client can establish connections to other machines, but those machines cannot independently establish a connection back. The External Client method should only be used in use cases where one wishes to access resource running on the virtual network, and <strong>not</strong> for use cases where one wishes to make a resource accessible on the network. For that, use netclient.</p>
+<p>As of 0.9.4, upgrading Netmaker is a manual process. This is expected to be automated in the future, but for now is still a relatively straightforward process.</p>


-<h2 id="configuring-an-ingress-gateway">Configuring an Ingress Gateway<a class="headerlink" href="#configuring-an-ingress-gateway" title="Permalink to this headline">¶</a></h2>
-<p>External Clients must attach to an Ingress Gateway. By default, your network will not have an ingress gateway. To configure an ingress gateway, you can use any node in your network, but it should have a public IP address (not behind a NAT). Your Netmaker server can be an ingress gateway and makes for a good default choice if you are unsure of which node to select.</p>
-<a class="reference internal image-reference" href="_images/exclient1.png"><img alt="Gateway" class="align-center" src="_images/exclient1.png" style="width: 80%;"/></a>
+<h2 id="upgrade-the-server-netmaker">Upgrade the Server (netmaker)<a class="headerlink" href="#upgrade-the-server-netmaker" title="Permalink to this headline">¶</a></h2>
+<p>To upgrade the server, you only need to change the docker image versions:</p>
+<ol class="arabic simple">
+<li><p><cite>ssh root@my-server-ip</cite></p></li>
+<li><p><cite>docker compose down</cite></p></li>
+<li><p><cite>vi docker-compose.yml</cite></p></li>
+<li><p>Change gravitl/netmaker:&lt;version&gt; and gravitl/netmaker-ui:&lt;version&gt; to the new version.</p></li>
+<li><p>Save and close the file</p></li>
+<li><p><cite>docker-compose up -d</cite></p></li>
+</ol>


-<h2 id="adding-clients-to-a-gateway">Adding Clients to a Gateway<a class="headerlink" href="#adding-clients-to-a-gateway" title="Permalink to this headline">¶</a></h2>
-<p>Once you have configured a node as a gateway, you can then add clients to that gateway. Clients will be able to access other nodes in the network just as the gateway node does.</p>
-<a class="reference internal image-reference" href="_images/exclient2.png"><img alt="Gateway" class="align-center" src="_images/exclient2.png" style="width: 80%;"/></a>
-<p>After creating a client, you can edit the name to something more logical.</p>
-<a class="reference internal image-reference" href="_images/exclient3.png"><img alt="Gateway" class="align-center" src="_images/exclient3.png" style="width: 80%;"/></a>
-<p>Then, you can either download the configuration file directly, or scan the QR code from your phone (assuming you have the WireGuard app installed). It will accept the configuration just as it would accept a typical WireGuard configuration file.</p>
-<a class="reference internal image-reference" href="_images/exclient4.png"><img alt="Gateway" class="align-center" src="_images/exclient4.png" style="width: 80%;"/></a>
-<p>Example config file:</p>
-<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="p">[</span><span class="n">Interface</span><span class="p">]</span>
-<span class="n">Address</span> <span class="o">=</span> <span class="mf">10.7</span><span class="o">.</span><span class="mf">11.5</span><span class="o">/</span><span class="mi">32</span>
-<span class="n">PrivateKey</span> <span class="o">=</span> <span class="n">EJf6Yy51M</span><span class="o">/</span><span class="n">YDaZgedRpuxMmrqul35WfjmHvRZR1rQ0U</span><span class="o">=</span>
-
-<span class="p">[</span><span class="n">Peer</span><span class="p">]</span>
-<span class="n">PublicKey</span> <span class="o">=</span> <span class="n">m</span><span class="o">/</span><span class="n">RPuMVsbpgQ</span><span class="o">+</span><span class="n">RkxlgK2mG</span><span class="o">+</span><span class="n">dDFlzqn</span><span class="o">+</span><span class="n">ua2zJt8Wn7GA</span><span class="o">=</span>
-<span class="n">AllowedIPs</span> <span class="o">=</span> <span class="mf">10.7</span><span class="o">.</span><span class="mf">11.0</span><span class="o">/</span><span class="mi">24</span>
-<span class="n">Endpoint</span> <span class="o">=</span> <span class="mf">3.236</span><span class="o">.</span><span class="mf">60.247</span><span class="p">:</span><span class="mi">51822</span>
-<span class="n">PersistentKeepalive</span> <span class="o">=</span> <span class="mi">20</span>
-
-</pre></div>
-</div>
-<p>Your client should now be able to access the network! A client can be invalidated at any time by simply deleting it from the UI.</p>
-
-
-<h2 id="configuring-dns-for-ext-clients-optional">Configuring DNS for Ext Clients (OPTIONAL)<a class="headerlink" href="#configuring-dns-for-ext-clients-optional" title="Permalink to this headline">¶</a></h2>
-<p>If you wish to have a DNS field on your ext clients conf, simply edit the network field as shown below to 1.1.1.1 or 8.8.8.8 for example.
-If you do not want DNS on your ext client conf files, simply leave it blank.</p>
-<a class="reference internal image-reference" href="_images/extclient5.png"><img alt="Gateway" class="align-center" src="_images/extclient5.png" style="width: 80%;"/></a>
-<p>Important to note, your client automatically adds egress gateway ranges (if any on the same network) to it’s allowed IPs.</p>
+<h2 id="upgrade-the-clients-netclient">Upgrade the Clients (netclient)<a class="headerlink" href="#upgrade-the-clients-netclient" title="Permalink to this headline">¶</a></h2>
+<p>To upgrade the client, you must get the new client binary and place it in /etc/netclient. Depending on the new vs. old version, there may be minor incompatibilities (discussed below).</p>
+<ol class="arabic simple">
+<li><p>Vists <a class="reference external" href="https://github.com/gravitl/netmaker/releases/">https://github.com/gravitl/netmaker/releases/</a></p></li>
+<li><p>Find the appropriate binary for your machine.</p></li>
+<li><p>Download. E.x.: <cite>wget https://github.com/gravitl/netmaker/releases/download/vX.X.X/netclient-myversion</cite></p></li>
+<li><p>Rename binary to <cite>netclient</cite> and move to folder. E.x.: <cite>mv netclient-myversion /etc/netclient/netclient</cite></p></li>
+<li><p><cite>netclient –version</cite> (confirm it’s the correct version)</p></li>
+<li><p><cite>netclient pull</cite></p></li>
+</ol>
+<p>This last step helps ensure any newly added fields are now present. You may run into a “panic” based on missing fields and your version mismatch. In such cases, you can either:</p>
+<ol class="arabic simple">
+<li><p>Add the missing field to /etc/netclient/config/netconfig-yournetwork and then run “netclient checkin”</p></li>
+</ol>
+<p>or</p>
+<ol class="arabic simple" start="2">
+<li><p>Leave and rejoin the network</p></li>
+</ol>



--- a/docs/_build/html/usage.html
+++ b/docs/_build/html/usage.html
@@ -46,7 +46,7 @@
  
  
  
-    <title>Using Netmaker &#8212; Netmaker 0.9.4 documentation</title>
+    <title>External Guides &#8212; Netmaker 0.9.4 documentation</title>
    <link rel="stylesheet" type="text/css" href="_static/pygments.css" />
    <link rel="stylesheet" type="text/css" href="_static/material.css" />
    <script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script>
@@ -57,7 +57,7 @@
    <link rel="index" title="Index" href="genindex.html" />
    <link rel="search" title="Search" href="search.html" />
    <link rel="next" title="UI Reference" href="ui-reference.html" />
-    <link rel="prev" title="Relay Servers" href="relay-server.html" />
+    <link rel="prev" title="Integrating OAuth" href="oauth.html" />
  
   

@@ -94,7 +94,7 @@
      <div class="md-flex__cell md-flex__cell--stretch">
        <div class="md-flex__ellipsis md-header-nav__title" data-md-component="title">
          <span class="md-header-nav__topic">Netmaker Docs</span>
-          <span class="md-header-nav__topic"> Using Netmaker </span>
+          <span class="md-header-nav__topic"> External Guides </span>
        </div>
      </div>
      <div class="md-flex__cell md-flex__cell--shrink">
@@ -209,7 +209,7 @@
    <li class="md-nav__item">
    
    
-      <a href="about.html" class="md-nav__link">1. About</a>
+      <a href="about.html" class="md-nav__link">About</a>
      
    
    </li>
@@ -244,28 +244,7 @@
    <li class="md-nav__item">
    
    
-      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="client-installation.html" class="md-nav__link">Client Installation</a>
-      
-    
-    </li>
-    <li class="md-nav__item">
-    
-    
-      <a href="external-clients.html" class="md-nav__link">Ingress GW + External Clients</a>
+      <a href="external-clients.html" class="md-nav__link">Ingress + External Clients</a>
      
    
    </li>
@@ -286,24 +265,48 @@
    <li class="md-nav__item">
    
    
-    <input class="md-toggle md-nav__toggle" data-md-toggle="toc" type="checkbox" id="__toc">
-    <label class="md-nav__link md-nav__link--active" for="__toc"> Using Netmaker </label>
+      <a href="https://nm-k8s.readthedocs.io" class="md-nav__link">Kubernetes</a>
      
-      <a href="#" class="md-nav__link md-nav__link--active">Using Netmaker</a>
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="server-installation.html" class="md-nav__link">Advanced Server Installation</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="client-installation.html" class="md-nav__link">Advanced Client Installation</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="oauth.html" class="md-nav__link">Integrating OAuth</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+    <input class="md-toggle md-nav__toggle" data-md-toggle="toc" type="checkbox" id="__toc">
+    <label class="md-nav__link md-nav__link--active" for="__toc"> External Guides </label>
+    
+      <a href="#" class="md-nav__link md-nav__link--active">External Guides</a>
      
        
 <nav class="md-nav md-nav--secondary">
    <label class="md-nav__title" for="__toc">Contents</label>
  <ul class="md-nav__list" data-md-scrollfix="">
-        <li class="md-nav__item"><a href="#usage--page-root" class="md-nav__link">Using Netmaker</a><nav class="md-nav">
-              <ul class="md-nav__list">
-        <li class="md-nav__item"><a href="#external-tutorials" class="md-nav__link">External Tutorials</a><nav class="md-nav">
+        <li class="md-nav__item"><a href="#usage--page-root" class="md-nav__link">External Guides</a><nav class="md-nav">
              <ul class="md-nav__list">
        <li class="md-nav__item"><a href="#video-tutorials" class="md-nav__link">Video Tutorials</a>
        </li>
        <li class="md-nav__item"><a href="#written-tutorials" class="md-nav__link">Written Tutorials</a>
-        </li></ul>
-            </nav>
        </li></ul>
            </nav>
        </li>
@@ -313,7 +316,14 @@
    <li class="md-nav__item">
    
    
-      <a href="#external-tutorials" class="md-nav__link">External Tutorials</a>
+      <a href="#video-tutorials" class="md-nav__link">Video Tutorials</a>
+      
+    
+    </li>
+    <li class="md-nav__item">
+    
+    
+      <a href="#written-tutorials" class="md-nav__link">Written Tutorials</a>
      
    
    </li></ul>
@@ -382,15 +392,11 @@
 <nav class="md-nav md-nav--secondary">
    <label class="md-nav__title" for="__toc">Contents</label>
  <ul class="md-nav__list" data-md-scrollfix="">
-        <li class="md-nav__item"><a href="#usage--page-root" class="md-nav__link">Using Netmaker</a><nav class="md-nav">
-              <ul class="md-nav__list">
-        <li class="md-nav__item"><a href="#external-tutorials" class="md-nav__link">External Tutorials</a><nav class="md-nav">
+        <li class="md-nav__item"><a href="#usage--page-root" class="md-nav__link">External Guides</a><nav class="md-nav">
              <ul class="md-nav__list">
        <li class="md-nav__item"><a href="#video-tutorials" class="md-nav__link">Video Tutorials</a>
        </li>
        <li class="md-nav__item"><a href="#written-tutorials" class="md-nav__link">Written Tutorials</a>
-        </li></ul>
-            </nav>
        </li></ul>
            </nav>
        </li>
@@ -404,13 +410,10 @@
          <article class="md-content__inner md-typeset" role="main">
            
  
-<h1 id="usage--page-root">Using Netmaker<a class="headerlink" href="#usage--page-root" title="Permalink to this headline">¶</a></h1>
-<p>Netmaker has many different use cases, from a basic virtual network to an office gateway VPN to a Kubernetes underlay. It can be a bit overwhelming to figure out where to start. If you don’t find your use case here, but think Netmaker is a good fit, let us know!</p>
+<h1 id="usage--page-root">External Guides<a class="headerlink" href="#usage--page-root" title="Permalink to this headline">¶</a></h1>
+<p>Netmaker has many use cases, from a basic virtual network to an office gateway VPN to a Kubernetes underlay. It can be a bit overwhelming to figure out where to start. If you don’t find your use case here, but think Netmaker is a good fit, let us know!</p>

-<h2 id="external-tutorials">External Tutorials<a class="headerlink" href="#external-tutorials" title="Permalink to this headline">¶</a></h2>
-<p>Members of the community have created helpful tutorials for getting started with Netmaker. Below are some selected tutorials on different topics.</p>
-
-<h3 id="video-tutorials">Video Tutorials<a class="headerlink" href="#video-tutorials" title="Permalink to this headline">¶</a></h3>
+<h2 id="video-tutorials">Video Tutorials<a class="headerlink" href="#video-tutorials" title="Permalink to this headline">¶</a></h2>
 <ul class="simple">
 <li><p><a class="reference external" href="https://youtu.be/PWLPT320Ybo">Intro/Overview</a>: Tutorial on first-time usage, setting up a mesh network.</p></li>
 <li><p><a class="reference external" href="https://youtu.be/krCKBJhwwDk">Site-to-Site Gateway</a>: Tutorial on setting up site-to-site connections, allowing peers to access external networks via gateways.</p></li>
@@ -419,7 +422,7 @@
 </ul>


-<h3 id="written-tutorials">Written Tutorials<a class="headerlink" href="#written-tutorials" title="Permalink to this headline">¶</a></h3>
+<h2 id="written-tutorials">Written Tutorials<a class="headerlink" href="#written-tutorials" title="Permalink to this headline">¶</a></h2>
 <ul class="simple">
 <li><p><a class="reference external" href="https://itnext.io/how-to-deploy-a-single-kubernetes-cluster-across-multiple-clouds-using-k3s-and-wireguard-a5ae176a6e81">K3s Cross-cloud cluster</a>: Tutorial on setting up cross-cloud K3s clusters using Netmaker.</p></li>
 <li><p><a class="reference external" href="https://itnext.io/how-to-deploy-a-cross-cloud-kubernetes-cluster-with-built-in-disaster-recovery-bbce27fcc9d7">MicroK8s Cross-cloud cluster</a>: Tutorial on setting up cross-cloud MicroK8s clusters using Netmaker.</p></li>
@@ -429,7 +432,6 @@



-
          </article>
        </div>
      </div>
@@ -439,7 +441,7 @@
    <div class="md-footer-nav">
      <nav class="md-footer-nav__inner md-grid">
          
-            <a href="relay-server.html" title="Relay Servers"
+            <a href="oauth.html" title="Integrating OAuth"
               class="md-flex md-footer-nav__link md-footer-nav__link--prev"
               rel="prev">
              <div class="md-flex__cell md-flex__cell--shrink">
@@ -448,7 +450,7 @@
              <div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
                <span class="md-flex__ellipsis">
                  <span
-                      class="md-footer-nav__direction"> Previous </span> Relay Servers </span>
+                      class="md-footer-nav__direction"> Previous </span> Integrating OAuth </span>
              </div>
            </a>
          
--- a/docs/client-installation.rst
+++ b/docs/client-installation.rst
@@ -1,6 +1,6 @@
-====================
-Client Installation
-====================
+================================
+Advanced Client Installation
+================================

 This document tells you how to install the netclient on machines that will be a part of your Netmaker network, as well as non-compatible systems.

--- a/docs/conf.py
+++ b/docs/conf.py
@@ -70,4 +70,4 @@ html_sidebars = {
 # Add any paths that contain custom static files (such as style sheets) here,
 # relative to this directory. They are copied after the builtin static files,
 # so a file named "default.css" will overwrite the builtin "default.css".
-html_static_path = ['_static']
+# html_static_path = ['_static']
--- a/docs/egress-gateway.rst
+++ b/docs/egress-gateway.rst
@@ -5,68 +5,92 @@ Egress Gateway
 Introduction
 ===============

-Netmaker allows for "external clients" to reach into a network and access services via an Ingress Gateway. So what is an "external client"? An external client is any machine which cannot or should not be meshed. This can include:
-        - Phones
-        - Laptops
-        - Desktops
+.. image:: images/egress1.png
+   :width: 80%
+   :alt: Gateway
+   :align: center

-An external client is not "managed," meaning it does not automatically pull the latest network configuration, or push changes to its configuration. Instead, it uses a generated WireGuard config file to access the designated **Ingress Gateway**, which **is** a managed server (running netclient). This server then forwards traffic to the appropriate endpoint, acting as a middle-man/relay.
+Netmaker allows your clients to reach external networks via an Egress Gateway. The Egress Gateway is a netclient which has been deployed to a server or router with access to a given subnet.

-By using this method, you can hook any machine into a netmaker network that can run WireGuard.
+In the netmaker UI, that node is set as an "egress gateway." Range(s) are specified which this node has access to. Once created, all clients (and all new ext clients) in the network will be able to reach those ranges via the gateway.

-It is recommended to run the netclient where compatible, but for all other cases, a machine can be configured as an external client.
-
-Important to note, an external client is not **reachable** by the network, meaning the client can establish connections to other machines, but those machines cannot independently establish a connection back. The External Client method should only be used in use cases where one wishes to access resource running on the virtual network, and **not** for use cases where one wishes to make a resource accessible on the network. For that, use netclient.
-
-Configuring an Ingress Gateway
+Configuring an Egress Gateway
 ==================================

-External Clients must attach to an Ingress Gateway. By default, your network will not have an ingress gateway. To configure an ingress gateway, you can use any node in your network, but it should have a public IP address (not behind a NAT). Your Netmaker server can be an ingress gateway and makes for a good default choice if you are unsure of which node to select.
+Configuring an Egress Gateway is very straight forward. As a prerequisite, you must know what you are trying to access remotely. For instance:

-.. image:: images/exclient1.png
+- a VPC
+- a Kubernetes network
+- a home network
+- an office network
+- a data center
+
+After you have determined this, you must next deploy a netclient in a compatible location where the network is accessible. For instance, a Linux server or router in the office, or a Kubernetes worker node. This machine should be stable and relatively static (not expected to change its IP frequently or shut down unexpectedly).
+
+Next, you must determine which interface to use in order to reach the internal network. As an example, lets say there is a machine in the network at 10.10.10.2, and you have deployed the netclient on a different machine. You can run 
+
+.. code-block::
+
+   ip route get 10.10.10.2
+
+This should return the interface used to reach that address (e.x. "eth2")
+
+Finally, once you have determined the interface, the subnet, and deployed your netclient, you can go to your Netmaker UI and set the node as a gateway.
+
+.. image:: images/egress7.png
   :width: 80%
   :alt: Gateway
   :align: center

-Adding Clients to a Gateway
-=============================
+At this point simply insert the range(s) into the first field, and the interface name into the second field, and click "create".

-Once you have configured a node as a gateway, you can then add clients to that gateway. Clients will be able to access other nodes in the network just as the gateway node does.
-
-.. image:: images/exclient2.png
+.. image:: images/ui-6.jpg
   :width: 80%
   :alt: Gateway
   :align: center

-After creating a client, you can edit the name to something more logical.
+Netmaker will set iptables rules on the node, which will then implement these rules, allowing it to route traffic from the network to the specified range(s).

-.. image:: images/exclient3.png
+Use Cases
+============
+
+1) Remote Access
+-------------------
+
+A common scenario would be to combine this with an "Ingress Gateway" to create a simple method for accessing a home or office network. Such a setup would typically have only two nodes: the ingress and egress gateways. The Ingress Gateway should usually be globally accessible, which makes the Netmaker server itself a good candidate. This means you need only the netmaker server as the Ingress, and one additional machine (in the private network you wish to reach), as the Egress.
+
+.. image:: images/egress2.png
   :width: 80%
   :alt: Gateway
   :align: center

-Then, you can either download the configuration file directly, or scan the QR code from your phone (assuming you have the WireGuard app installed). It will accept the configuration just as it would accept a typical WireGuard configuration file.
+In some scenarios, a single node will act as both ingress and egress! For instance, you can enable acess to a VPC using your Netmaker server, deployed with a public IP. Traffic comes in over the public IP (encrypted of course) and then routes to the VPC subnet via the egress gateway.

-.. image:: images/exclient4.png
-   :width: 80%
+.. image:: images/egress3.png
+   :width: 50%
   :alt: Gateway
   :align: center

-Example config file: 
+2) VPN / NAT Gateway
+-----------------------

-.. literalinclude:: ./examplecode/myclient.conf
+Most people think of a VPN as a remote server that keeps your internet traffic secure while you browse the web, or as a tool for accessing internet services in another country,using a VPN server based in that country.

-Your client should now be able to access the network! A client can be invalidated at any time by simply deleting it from the UI.
+These are not typical use cases for Netmaker, but can be easily enabled.

-Configuring DNS for Ext Clients (OPTIONAL)
-============================================
+**The most important note is this: Do not use 0.0.0.0/0 as your egress gateway.** This is how you typically set up a "standard" VPN with WireGuard, however, it will not work with Netmaker. The Netclient specifically ignores gateways that overlap with local ranges (for efficiency ranges). 0.0.0.0 overlaps with everything, so it is always ignored.

-If you wish to have a DNS field on your ext clients conf, simply edit the network field as shown below to 1.1.1.1 or 8.8.8.8 for example.
-If you do not want DNS on your ext client conf files, simply leave it blank.
+Instead, use the following list of ranges:

-.. image:: images/extclient5.png
-   :width: 80%
+.. code-block::
+
+   0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/3,160.0.0.0/5,168.0.0.0/6,172.0.0.0/12,172.32.0.0/11,172.64.0.0/10,172.128.0.0/9,173.0.0.0/8,174.0.0.0/7,176.0.0.0/4,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4
+
+This list encompasses the standard "public" network ranges, and ignores the standard "private" network ranges.
+
+Simply paste this list into your "egress gateway ranges" and your clients should begin routing public-facing traffic over the gateway.
+
+.. image:: images/egress5.png
+   :width: 50%
   :alt: Gateway
   :align: center
-
-Important to note, your client automatically adds egress gateway ranges (if any on the same network) to it's allowed IPs.
--- a/docs/external-clients.rst
+++ b/docs/external-clients.rst
@@ -5,6 +5,11 @@ Ingress + External Clients
 Introduction
 ===============

+.. image:: images/ingress1.png
+   :width: 50%
+   :alt: Gateway
+   :align: center
+
 Netmaker allows for "external clients" to reach into a network and access services via an Ingress Gateway. So what is an "external client"? An external client is any machine which cannot or should not be meshed. This can include:
        - Phones
        - Laptops
--- a/docs/images/egress1.png
+++ b/docs/images/egress1.png
--- a/docs/images/egress2.png
+++ b/docs/images/egress2.png
--- a/docs/images/egress3.png
+++ b/docs/images/egress3.png
--- a/docs/images/egress5.png
+++ b/docs/images/egress5.png
--- a/docs/images/egress7.png
+++ b/docs/images/egress7.png
--- a/docs/images/ingress1.png
+++ b/docs/images/ingress1.png
--- a/docs/images/relay1.png
+++ b/docs/images/relay1.png
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -25,58 +25,69 @@ This documentation covers Netmaker's :doc:`installation <./server-installation>`

 **For Kubernetes-specific guidance, please see the** `Netmaker Kubernetes Documentation. <https://nm-k8s.readthedocs.io>`_

-.. :raw-html:`<br />`
-
-.. .. raw:: html
-..   :file: youtube-1.html
-
 About
 --------

+High-level information about what Netmaker is and how it works.
+
 .. toctree::
   :maxdepth: 2

   about
   
-A quick overview of Netmaker, explaining what it is, how it works, and why you should be using it.
+   architecture

-Architecture
---------------
+Getting Started
+------------------------------------

-A technical overview of Netmaker, including design decisions and limitations.
+How to install Netmaker and set up your first network.

 .. toctree::
   :maxdepth: 2

-   architecture
-
-Install
------------------------------------
-
-Choose the right install method for you.
-
-.. toctree::
-   :maxdepth: 1
-
   install

-Quick Start
---------------
-
-A quick start guide to getting up and running with Netmaker and WireGuard as quickly as possible.
-
-.. toctree::
-   :maxdepth: 2
-
   quick-start

-.. toctree::
-   :maxdepth: 2
-
   getting-started

-Server Installation
--------------------
+Ingress, Egress, and Relays
+------------------------------
+
+How to give machines outside of the Netmaker network access to network resources via an Ingress Gateway:
+
+.. toctree::
+   :maxdepth: 2
+   
+   external-clients
+
+How to give machines inside the Netmaker network access to external network resources via an Egress Gateway:
+
+
+.. toctree::
+   :maxdepth: 2
+   
+   egress-gateway
+
+How to make machines inside the network reachable if they are blocked by NAT/Firewall:
+
+.. toctree::
+   :maxdepth: 2
+   
+   relay-server
+
+Kubernetes Documentation
+---------------------------
+
+.. toctree::
+
+   Kubernetes <https://nm-k8s.readthedocs.io>
+   
+`Netmaker Kubernetes Documentation <https://nm-k8s.readthedocs.io>`_
+
+
+Advanced Server Installation
+-------------------------------

 A detailed guide to installing the Netmaker server (API, DB, UI, DNS), and configuration options.

@@ -85,6 +96,17 @@ A detailed guide to installing the Netmaker server (API, DB, UI, DNS), and confi
   
   server-installation

+Advanced Client Installation
+--------------------------------
+
+A detailed guide to installing the Netmaker agent (netclient) on devices and configuration options.
+
+.. toctree::
+   :maxdepth: 2
+   
+   client-installation
+
+
 Oauth Configuration
 --------------------

@@ -96,43 +118,7 @@ A simple guide to configuring OAuth for Netmaker.
   oauth


-Client Installation
--------------------
-
-A detailed guide to installing the Netmaker agent (netclient) on devices and configuration options.
-
-.. toctree::
-   :maxdepth: 2
-   
-   client-installation
-
-Ingress, Egress, and Relays
------------------------------
-
-**Ingress:** A guide on how to give machines outside of the Netmaker network access to network resources via an Ingress Gateway.
-
-.. toctree::
-   :maxdepth: 1
-   
-   external-clients
-
-**Egress:** A guide on how to give machines inside the Netmaker network access to external network resources via an Egress Gateway.
-
-
-.. toctree::
-   :maxdepth: 1
-   
-   egress-gateway
-
-**Relay:** A guide on how to make machines inside the network reachable if they are blocked by NAT/Firewall.
-
-.. toctree::
-   :maxdepth: 1
-   
-   relay-server
-
-
-Guides
+External Guides
 ----------------

 A handful of guides for use cases including site-to-site, Kubernetes, private DNS, and more.
@@ -157,8 +143,6 @@ API Reference

 A reference document for the Netmaker Server API, and example API calls for various use cases.

-**Coming Soon:** Swagger Documentation
-
 .. toctree::
   :maxdepth: 1

--- a/docs/relay-server.rst
+++ b/docs/relay-server.rst
@@ -5,68 +5,32 @@ Relay Servers
 Introduction
 ===============

-Netmaker allows for "external clients" to reach into a network and access services via an Ingress Gateway. So what is an "external client"? An external client is any machine which cannot or should not be meshed. This can include:
-        - Phones
-        - Laptops
-        - Desktops
+.. image:: images/relay1.png
+   :width: 80%
+   :alt: Relay
+   :align: center

-An external client is not "managed," meaning it does not automatically pull the latest network configuration, or push changes to its configuration. Instead, it uses a generated WireGuard config file to access the designated **Ingress Gateway**, which **is** a managed server (running netclient). This server then forwards traffic to the appropriate endpoint, acting as a middle-man/relay.
+Sometimes nodes are in hard-to-reach places. Typically this will be due to a CGNAT, Double NAT, or restrictive firewall. In such scenarios, a direct peer-to-peer connection with all other nodes might be impossible.

-By using this method, you can hook any machine into a netmaker network that can run WireGuard.
+For this reason, Netmaker has a Relay Server functionality. At any time you may designate a publicly reachable node (such as the Netmaker Server) as a Relay, and tell it which machines it should relay. Then, all traffic routing to and from that machine will go through the relay. This allows you to circumvent the above issues and ensure connectivity when direct measures do not work.

-It is recommended to run the netclient where compatible, but for all other cases, a machine can be configured as an external client.
-
-Important to note, an external client is not **reachable** by the network, meaning the client can establish connections to other machines, but those machines cannot independently establish a connection back. The External Client method should only be used in use cases where one wishes to access resource running on the virtual network, and **not** for use cases where one wishes to make a resource accessible on the network. For that, use netclient.
-
-Configuring an Ingress Gateway
+Configuring a Relay
 ==================================

-External Clients must attach to an Ingress Gateway. By default, your network will not have an ingress gateway. To configure an ingress gateway, you can use any node in your network, but it should have a public IP address (not behind a NAT). Your Netmaker server can be an ingress gateway and makes for a good default choice if you are unsure of which node to select.
+To create a relay, you can use any node in your network, but it should have a public IP address (not behind a NAT). Your Netmaker server can be a relay server and makes for a good default choice if you are unsure of which node to select.

-.. image:: images/exclient1.png
+Simply click the relay button in the nodes list. Then, specify the nodes which it should relay. You can either enter the IP's directly, select from a list, or click "Select All."
+
+.. image:: images/ui-7.jpg
   :width: 80%
-   :alt: Gateway
+   :alt: Relay
   :align: center

-Adding Clients to a Gateway
-=============================
+If you choose "select all" this essentially turns your network into a hub-and-spoke network. All traffic now routes over the relay node. This can create a bottleneck and slow down your network, but in some scenarios may simplify network operations.

-Once you have configured a node as a gateway, you can then add clients to that gateway. Clients will be able to access other nodes in the network just as the gateway node does.
+After creation, you can change the list of relayed nodes by clicking "edit node" and editing the list (Field #12 below).

-.. image:: images/exclient2.png
-   :width: 80%
-   :alt: Gateway
+.. image:: images/ui-5.jpg
+   :width: 40%
+   :alt: Relay
   :align: center
-
-After creating a client, you can edit the name to something more logical.
-
-.. image:: images/exclient3.png
-   :width: 80%
-   :alt: Gateway
-   :align: center
-
-Then, you can either download the configuration file directly, or scan the QR code from your phone (assuming you have the WireGuard app installed). It will accept the configuration just as it would accept a typical WireGuard configuration file.
-
-.. image:: images/exclient4.png
-   :width: 80%
-   :alt: Gateway
-   :align: center
-
-Example config file: 
-
-.. literalinclude:: ./examplecode/myclient.conf
-
-Your client should now be able to access the network! A client can be invalidated at any time by simply deleting it from the UI.
-
-Configuring DNS for Ext Clients (OPTIONAL)
-============================================
-
-If you wish to have a DNS field on your ext clients conf, simply edit the network field as shown below to 1.1.1.1 or 8.8.8.8 for example.
-If you do not want DNS on your ext client conf files, simply leave it blank.
-
-.. image:: images/extclient5.png
-   :width: 80%
-   :alt: Gateway
-   :align: center
-
-Important to note, your client automatically adds egress gateway ranges (if any on the same network) to it's allowed IPs.
--- a/docs/support.rst
+++ b/docs/support.rst
@@ -5,25 +5,10 @@ Support
 FAQ
 ======

-Does/Will Netmaker Support X Operating System?
--------------------------------------------------
-
-Netmaker is initially available on a limited number of operating systems for good reason: Every operating system is designed differently. With a small team, we can either focus on making Netmaker do a lot on a few number of operating systems, or a little on a bunch of operating systems. We chose the first option. You can view the System Compatibility docs for more info, but in general, you should only be using Netmaker on systemd linux right now.
-
-However, via "external clients", any device that supports WireGuard can be added to the network. 
-
-In future iterations will expand the operating system support for Netclient, and devices that must use the "external client" feature can switch to Netclient.
-
-How do I install the Netclient on X?
---------------------------------------
-
-As per the above, there are many unsupported operating systems. You are still welcome to try, it is just an executable binary file after all. If the system is unix-based and has kernel WireGuard installed, netclient may very well mesh the device into the network. However, the service likely will encounter problems retrieving updates.
-
-
 Is Netmaker a VPN like NordNPN?
 --------------------------------

-No. Netmaker makes Virtual Networks, which are technically VPNs, but different. It's more like a corporate VPN, or a VPC (if you're familiar with AWS).
+No. Netmaker makes Virtual Networks, which are technically VPNs, but different. It's more like a corporate VPN, or a VPC (if you're familiar with AWS). Netmaker is often compared to OpenVPN, Tailscale, or Nebula.

 If you're looking to achieve self-hosted web browsing, with functionality similar to NordVPN, ExpressVPN, Surfshark, Tunnelbear, or Private Internet Access, this is probably not the project for you. Technically, you can accomplish this with Netmaker, but it would be a little like using a all-terrain vehicle for stock car racing.

@@ -34,23 +19,25 @@ https://github.com/pivpn/pivpn
 https://github.com/subspacecloud/subspace
 https://github.com/mullvad/mullvadvpn-app

-Do you offer any enterprise support?
--------------------------------------
+Do you have an 'Exit Nodes' feature?
+---------------------------------------

-If you are interested in enterprise support for your project, please contact info@gravitl.com.
+Please see the :doc:`Egress Gateway <./egress-gateway>` documentation.
+
+Do you offer any business or enterprise support?
+---------------------------------------------------
+
+Yes, please contact info@gravitl.com or visit https://gravitl.com/plans.


 Why the SSPL License?
 ----------------------

-We thought long and hard about the license. Ultimately, we think this is the best way to support and ensure the health of the project long term. The community deserves something that is well-maintained, and in order to do that, eventually we need some financial support. We won't do that by limiting the project, but we will offer some additional support, and hosted options for things people would end up paying for anyway (relay servers, load balancing support, backups). 
+As of now, we think the SSPL is the best way to ensure the long-term viability of the project, but we are regularly evaluating this to see if an OSI-approved license makes more sense.

-While SSPL is not an OSI-approved open source license, it let's people generally run the project however they want, both for private use and business use, without running into the issue of someone else monetizing the project and making it financially untenable. We are working on making the guidelines clear, and will make sure that the license does not impact the communities ability to use and modify the project.
-
-If you have concerns about the license leading to project restrictions down the road, just know that there are other paid, closed-source/closed-core options out there, so beyond not wanting to follow that path, we also don't think it's a good idea economically either. We firmly believe that having the project open is not only right, but the best option.
-
-All that said, we will re-evaluate the license on a regular basis and determine if an OSI-approved license makes more sense. It's just easier to move from SSPL to another license than vice-versa.
+We believe the SSPL lets most people run the project the way they want, for both for private use and business use, while giving us a path to maintain viability. We are working to make sure the guidelines clear, and do not want the license to impact the community's ability to use and modify the project.

+If you believe the SSPL will negatively impact your ability to use the project, please do not hesitate to reach out.

 Contact
 ===========
--- a/docs/upgrades.rst
+++ b/docs/upgrades.rst
@@ -5,68 +5,36 @@ Upgrades
 Introduction
 ===============

-Netmaker allows for "external clients" to reach into a network and access services via an Ingress Gateway. So what is an "external client"? An external client is any machine which cannot or should not be meshed. This can include:
-        - Phones
-        - Laptops
-        - Desktops
+As of 0.9.4, upgrading Netmaker is a manual process. This is expected to be automated in the future, but for now is still a relatively straightforward process. 

-An external client is not "managed," meaning it does not automatically pull the latest network configuration, or push changes to its configuration. Instead, it uses a generated WireGuard config file to access the designated **Ingress Gateway**, which **is** a managed server (running netclient). This server then forwards traffic to the appropriate endpoint, acting as a middle-man/relay.
-
-By using this method, you can hook any machine into a netmaker network that can run WireGuard.
-
-It is recommended to run the netclient where compatible, but for all other cases, a machine can be configured as an external client.
-
-Important to note, an external client is not **reachable** by the network, meaning the client can establish connections to other machines, but those machines cannot independently establish a connection back. The External Client method should only be used in use cases where one wishes to access resource running on the virtual network, and **not** for use cases where one wishes to make a resource accessible on the network. For that, use netclient.
-
-Configuring an Ingress Gateway
+Upgrade the Server (netmaker)
 ==================================

-External Clients must attach to an Ingress Gateway. By default, your network will not have an ingress gateway. To configure an ingress gateway, you can use any node in your network, but it should have a public IP address (not behind a NAT). Your Netmaker server can be an ingress gateway and makes for a good default choice if you are unsure of which node to select.
+To upgrade the server, you only need to change the docker image versions:

-.. image:: images/exclient1.png
-   :width: 80%
-   :alt: Gateway
-   :align: center
+1. `ssh root@my-server-ip`
+2. `docker compose down`
+3. `vi docker-compose.yml`
+4. Change gravitl/netmaker:<version> and gravitl/netmaker-ui:<version> to the new version.
+5. Save and close the file
+6. `docker-compose up -d`

-Adding Clients to a Gateway
-=============================
+Upgrade the Clients (netclient)
+==================================

-Once you have configured a node as a gateway, you can then add clients to that gateway. Clients will be able to access other nodes in the network just as the gateway node does.
+To upgrade the client, you must get the new client binary and place it in /etc/netclient. Depending on the new vs. old version, there may be minor incompatibilities (discussed below).

-.. image:: images/exclient2.png
-   :width: 80%
-   :alt: Gateway
-   :align: center
+1. Vists https://github.com/gravitl/netmaker/releases/
+2. Find the appropriate binary for your machine.
+3. Download. E.x.: `wget https://github.com/gravitl/netmaker/releases/download/vX.X.X/netclient-myversion`
+4. Rename binary to `netclient` and move to folder. E.x.: `mv netclient-myversion /etc/netclient/netclient`
+5. `netclient --version` (confirm it's the correct version)
+6. `netclient pull`

-After creating a client, you can edit the name to something more logical.
+This last step helps ensure any newly added fields are now present. You may run into a "panic" based on missing fields and your version mismatch. In such cases, you can either:

-.. image:: images/exclient3.png
-   :width: 80%
-   :alt: Gateway
-   :align: center
+1. Add the missing field to /etc/netclient/config/netconfig-yournetwork and then run "netclient checkin"

-Then, you can either download the configuration file directly, or scan the QR code from your phone (assuming you have the WireGuard app installed). It will accept the configuration just as it would accept a typical WireGuard configuration file.
+or

-.. image:: images/exclient4.png
-   :width: 80%
-   :alt: Gateway
-   :align: center
-
-Example config file: 
-
-.. literalinclude:: ./examplecode/myclient.conf
-
-Your client should now be able to access the network! A client can be invalidated at any time by simply deleting it from the UI.
-
-Configuring DNS for Ext Clients (OPTIONAL)
-============================================
-
-If you wish to have a DNS field on your ext clients conf, simply edit the network field as shown below to 1.1.1.1 or 8.8.8.8 for example.
-If you do not want DNS on your ext client conf files, simply leave it blank.
-
-.. image:: images/extclient5.png
-   :width: 80%
-   :alt: Gateway
-   :align: center
-
-Important to note, your client automatically adds egress gateway ranges (if any on the same network) to it's allowed IPs.
+2. Leave and rejoin the network
--- a/docs/usage.rst
+++ b/docs/usage.rst
@@ -1,16 +1,12 @@
-==============
-Using Netmaker
-==============
+=================
+External Guides
+=================

-Netmaker has many different use cases, from a basic virtual network to an office gateway VPN to a Kubernetes underlay. It can be a bit overwhelming to figure out where to start. If you don't find your use case here, but think Netmaker is a good fit, let us know!
-
-External Tutorials
-==================
-
-Members of the community have created helpful tutorials for getting started with Netmaker. Below are some selected tutorials on different topics.
+Netmaker has many use cases, from a basic virtual network to an office gateway VPN to a Kubernetes underlay. It can be a bit overwhelming to figure out where to start. If you don't find your use case here, but think Netmaker is a good fit, let us know!

 Video Tutorials
---------------
+==================
+
 * `Intro/Overview <https://youtu.be/PWLPT320Ybo>`_: Tutorial on first-time usage, setting up a mesh network.
 * `Site-to-Site Gateway <https://youtu.be/krCKBJhwwDk>`_: Tutorial on setting up site-to-site connections, allowing peers to access external networks via gateways.
 * `IPv6 and Private DNS <https://youtu.be/b4diaKWUcXI>`_: Tutorial on dual-stack IPv6 in Netmaker and Private DNS management (separate topics).
@@ -18,7 +14,8 @@ Video Tutorials


 Written Tutorials
-----------------
+==================
+
 * `K3s Cross-cloud cluster <https://itnext.io/how-to-deploy-a-single-kubernetes-cluster-across-multiple-clouds-using-k3s-and-wireguard-a5ae176a6e81>`_: Tutorial on setting up cross-cloud K3s clusters using Netmaker.
 * `MicroK8s Cross-cloud cluster <https://itnext.io/how-to-deploy-a-cross-cloud-kubernetes-cluster-with-built-in-disaster-recovery-bbce27fcc9d7>`_: Tutorial on setting up cross-cloud MicroK8s clusters using Netmaker.
 * `Secure access to private services <https://afeiszli.medium.com/how-to-enable-secure-access-to-your-hosted-services-using-netmaker-and-wireguard-1b3282d4b7aa>`_: Tutorial on setting up secure Nextcloud with Netmaker.