Cloud Routers

A Cloud Router is a virtualized router running on a VM in NetActuate's infrastructure. You do not have direct SSH or console access to the underlying VM — it is managed by NetActuate. Cloud Routers can also run on bare metal if higher throughput is required.

Navigate to Networking → Cloud Routing → Cloud Routers to create and manage Cloud Routers. Create a router by selecting a plan size, then configure it through the sections below.

Interfaces

Interfaces define how other devices connect to the Cloud Router. Four interface types are available.

WireGuard

Encrypted VPN-style tunnel for connecting VMs, another Cloud Router, or a remote network (e.g., home or office) over the public internet. Configure the interface IP address and WireGuard port.

Note: WireGuard is layer-3 only — it does not support broadcast traffic (ARP). If you need layer-2 protocols, use GRE.

GRE Tunnel

Encapsulates traffic and supports lower-level protocols that WireGuard cannot carry. GRE can also be run inside a WireGuard tunnel for encrypted GRE. Configuration fields:

Endpoint address — the public IP of the remote side, or a WireGuard peer IP if nesting GRE inside WireGuard
Key — filters GRE traffic to separate multiple tunnels
MTU — reduce from the default to account for tunnel overhead

Dummy Interface

A loopback-style interface used to advertise a network via BGP. One dummy interface per router.

Ethernet (VLAN)

Connects the Cloud Router to a specific VLAN, enabling BGP peering with an external provider (e.g., AWS Direct Connect). The VLAN is added as an additional NIC to the Cloud Router VM.

Note: Ethernet interfaces require a VLAN to be provisioned by NetActuate operations first. Contact support to set this up. When no Ethernet interfaces are available, the portal will display a message to contact NetActuate.

Routing

Static Routes

Add a network prefix and specify the next hop — either an interface name or the peer IP of a tunnel. Static routes are the starting point for most configurations.

Static routes are automatically redistributed into BGP if BGP is configured on the router.

BGP

Configure BGP sessions with neighbors (peers) for automated route exchange. BGP fields include:

Local ASN — the ASN assigned to this Cloud Router
Peer address — the IPv4 address of the BGP neighbor
Remote ASN — the neighbor's ASN
Source address — optional; the local IP to source BGP traffic from
Prefix rules — import and export filters to control which routes are accepted or advertised
IPv4/IPv6 toggles — enable or disable route exchange for each address family

BGP is for advanced setups where automated route exchange is needed — for example, establishing a session with AWS or connecting to another provider's network.

NAT Rules

Network Address Translation rules. Only needed when connecting two networks that have overlapping private IP ranges. Most configurations will not require NAT.

VRFs

Virtual Routing and Forwarding allows separate routing tables for multi-tenant or isolated routing scenarios. Advanced use case — most setups use the default VRF only.

Note: Magic Mesh only works with the default VRF.

NTP

Configure time servers for the Cloud Router. Most setups will not need to change the defaults.

DHCP

DHCP server configuration. Only works with Ethernet interfaces. Edge case — most setups will not use this.

Magic Mesh — automated mesh network connecting multiple Cloud Routers
How-To Guide — step-by-step WireGuard and Magic Mesh setup
Cloud (VPC) — isolated private cloud environments

Need Help?

Contact support@netactuate.com or open a support ticket from the portal.

Interfaces​

WireGuard​

GRE Tunnel​

Dummy Interface​

Ethernet (VLAN)​

Routing​

Static Routes​

BGP​

NAT Rules​

VRFs​

NTP​

DHCP​

Related Sections​

Need Help?​