Skip to content
NetDefense Docs

Networks

A NetDefense network is a WireGuard overlay that turns several devices into a routable mesh. You choose an overlay CIDR, mark devices as HUB or SPOKE, and NetDefense generates the WireGuard configuration for every member during the next sync. Read the concept overview in VPN Networks.

Networks list

Section titled “Networks list”

NDWeb Networks list showing two WireGuard overlay networks with CIDR, members, links, and auto-connect status

Each row is one overlay network:

ColumnMeaning
NameClick to open the network.
Overlay CIDRThe private subnet WireGuard hands out to peers. Immutable after creation.
MembersHow many devices are joined.
LinksHow many explicit peer-to-peer links are defined (in addition to auto-connect).
Auto-Connect HubsGreen check if HUBs auto-mesh with each other.

A progress bar above the table shows your plan’s network-count quota (e.g. 2 / 5). Each row’s menu has Settings, Sync members, and Delete.

Create a network

Section titled “Create a network”

NDWeb Create Network form with name, overlay CIDR, auto-connect hubs toggle, auto-firewall rules toggle, default listen port, MTU, and keepalive

+ Create Network opens the form. Required fields:

  • Name — used in URLs and on the device.
  • Overlay CIDR — the WireGuard subnet. Cannot be changed later.

Optional:

  • Auto-Connect Hubs — when on, every HUB member automatically peers with every other HUB. Off means you wire HUB-to-HUB links manually.
  • Auto-Firewall Rules — when on, NetDefense emits OPNsense pass rules on the wireguard interface so peers can reach each other’s published subnets. Off keeps the firewall policy entirely under your control.
  • Default Listen Port, Default MTU, Default Keepalive — defaults applied to every member’s WireGuard interface unless overridden per peer.

Network detail

Section titled “Network detail”

NDWeb network detail page for "net-test-1" with members card, topology graph, and tabs for Members/Connections/Prefixes

The header has the network’s name and a Settings button (edits the metadata set during creation, minus the immutable CIDR).

The summary strip lists the eight key fields at a glance: CIDR, auto-connect, auto-firewall, members, links, listen port, MTU, keepalive.

Below it, four tabs:

  • Topology — a graph view of the mesh. HUB members get an orange ring, SPOKE members get a green ring. Solid lines are explicit links; dashed lines are automatic edges from Auto-Connect or Auto-Firewall.
  • Members (N) — table of joined devices with their overlay IP, role (HUB/SPOKE), and listen port. Add or remove members here.
  • Connections (N) — table of explicit peer-to-peer links you’ve defined. Add a link to force a peering that auto-connect wouldn’t create on its own.
  • Prefixes — the additional CIDRs each member announces to the mesh (typically a LAN behind the firewall).