Gravitl (YC W22) – VPN Platform Based on WireGuard

Hi HN, this is Alex and Dillon from Gravitl, based in the mountains of Asheville, North Carolina. We built Netmaker (, a virtual networking platform for cross-cloud computing and Kubernetes. It’s secure, automated, and extremely fast.

Networking across environments is hard and slow. WireGuard can solve this, but it’s tough to run at scale. WireGuard is a fast and efficient VPN protocol that is growing quickly in popularity. Linus Torvalds called it a “work of art,” and it was added to the Linux kernel in 2020. It now runs on most major operating systems.

We created Netmaker to automate WireGuard-based networks at scale. It opens up a bunch of use cases that are otherwise infeasible. With Netmaker, our users are managing edge networks, connecting fleets of unmanned aerial drones, and cloud-bursting k8s clusters for machine learning.

Alex got the idea for Netmaker while he was in New Mexico, staying in the desert to escape the pandemic. We were trying to run a distributed Kubernetes cluster. Our goal was to create a cloud provider with no infrastructure, using compute provided by users. To start, we bought a couple raspberry pis and some cloud VM's, hooked them all together, and ran a k3s cluster across them using WireGuard.

We realized we needed a mesh VPN to do this at scale. None of the existing options gave us everything we needed, so we built Netmaker. We put it on GitHub, and it became so popular that we decided to work on Netmaker exclusively.

Netmaker works on a client-server model ( A central config server tells each machine where its peers are and how to reach them. The local client automates network settings and DNS on each machine. The result is a flexible virtual network that stays in sync whenever machines are added, removed, or there is a change in state.

Without Netmaker this is challenging, because WireGuard requires reconfiguration whenever any peer in the network changes. In addition, the network can be blocked by factors like NAT, firewalls, and port availability. Netmaker anticipates and solves for these factors, while being compatible across Mac, Linux, Windows, and FreeBSD.

There are other solutions out there with similarities, but we’ve got some key distinctions. After all, we created Netmaker out of necessity, because the other solutions didn’t meet our requirements. First off, Netmaker is super fast because it can use kernel WireGuard. There are some other WireGuard-based solutions like Tailscale, but they use userspace WireGuard, which is much, much slower.

Second, Netmaker is tailored towards the cloud and Kubernetes. Stuff like OpenVPN was built before the cloud became a go-to deployment strategy.

Finally, Netmaker is fully self-hostable. A lot of existing options are SaaS, but our users want control of any servers that are routing their traffic or managing their virtual networks.

As for what’s next, with Dillon at the lead, we’re putting in a lot of work to overhaul the code base, implement community-driven features, and pull Netmaker towards a “pure WireGuard” vision. We're planning an enterprise release in the coming months which will have a few features that businesses need at scale, without taking away from the free community version. In the meantime, we have a simple support subscription for the existing community edition:

We’re always looking for ways to do things better. If you have thoughts, we’d love to hear them, and if you’re doing anything cool with WireGuard that could be relevant to our project, we’d love to hear that too. We’ve also got a community on Discord you’re welcome to join at any time:

Thanks for reading, and Happy New Year!

Get Top 5 Posts of the Week

best of all time best of today best of yesterday best of this week best of this month best of last month best of this year best of 2022 best of 2021 yc w23 yc s22 yc w22 yc s21 yc w21 yc s20 yc w20 yc s19 yc w19 yc s18 yc w18 yc all-time 3d algorithms animation android [ai] artificial-intelligence api augmented-reality big data bitcoin blockchain book bootstrap bot css c chart chess chrome extension cli command line compiler crypto covid-19 cryptography data deep learning elexir ether excel framework game git go html ios iphone java js javascript jobs kubernetes learn linux lisp mac machine-learning most successful neural net nft node optimisation parser performance privacy python raspberry pi react retro review my ruby rust saas scraper security sql tensor flow terminal travel virtual reality visualisation vue windows web3 young talents

andrey azimov by Andrey Azimov