Baseguard
Getting Started

First Network

Set up your first Baseguard mesh network

This guide walks you through setting up a complete Baseguard network with multiple devices and access controls.

Overview

By the end of this guide, you will have:

  • An organization configured in the console
  • Multiple devices connected to the mesh
  • Basic access control rules in place
  • Tested connectivity between devices

Step 1: Create an Organization

Organizations are the top-level container for your network, providing isolated IP space, access control, and user management.

Using the Console

  1. Log in to the Baseguard console
  2. Click the organization selector in the header
  3. Click New Organization
  4. Enter the organization name (e.g., "Acme Corp")
  5. Click Create Organization

The IPv4 CIDR and DNS domain are automatically assigned. The default 100.64.0.0/10 uses the Carrier-Grade NAT range to avoid conflicts with private networks.

Step 2: Add Your First Device

On your first device, install Baseguard and connect:

baseguard connect

If this is your first time, you'll see an authorization URL. Open it in your browser and click Authorize.

Your device is now part of the mesh network!

Step 3: Add More Devices

Repeat the process on additional devices:

# On Device 2
baseguard connect
# Authorize via browser if prompted
# On Device 3
baseguard connect
# Authorize via browser if prompted

Verify All Devices

On any device, check the network status:

baseguard status

You should see all connected devices:

NODE              OVERLAY IP      STATUS    TYPE    ENDPOINT              RX        TX
----              ----------      ------    ----    --------              --        --
my-laptop (local) 100.64.0.1      -         -       -                     0         0
dev-server        100.64.0.2      online    P2P     203.0.113.10:42273    0         0
prod-server       100.64.0.3      online    P2P     198.51.100.5:42273    0         0

Step 4: Create Tags

Tags help organize devices and create access control rules. Create tags like "development", "production", or "database" in the console under Access Control > Tags, then assign them to your nodes.

Step 5: Configure Access Control

New organizations start with a default "allow all" rule. For production, replace it with specific network rules that define which tags can communicate on which ports.

Step 6: Test Connectivity

Ping Test

From one device, ping another:

ping 100.64.0.2

SSH Test

If you have SSH configured and ACLs allow it:

ssh user@100.64.0.2

Service Test

Test connectivity to specific services:

# Test database connection
nc -zv 100.64.0.3 5432

# Test web server
curl http://100.64.0.2:8080

Next Steps

Congratulations! You've set up your first Baseguard network. Continue learning:

Quick Start

Connect your first device in under 2 minutes

Core Concepts

Understand how Baseguard works

On this page

OverviewStep 1: Create an OrganizationUsing the ConsoleStep 2: Add Your First DeviceStep 3: Add More DevicesVerify All DevicesStep 4: Create TagsStep 5: Configure Access ControlStep 6: Test ConnectivityPing TestSSH TestService TestNext Steps