• Stars
    star
    1,102
  • Rank 42,105 (Top 0.9 %)
  • Language
    OCaml
  • License
    Apache License 2.0
  • Created over 8 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A toolkit for embedding VPN capabilities in your application

VPN-friendly networking devices for HyperKit

Build Status (OSX)

Binary artefacts are built by CI:

VPNKit diagram

VPNKit is a set of tools and services for helping HyperKit VMs interoperate with host VPN configurations.

Building on Unix (including Mac)

First install wget, opam, pkg-config, and dylibbundler using your package manager of choice.

If you are an existing opam user then you can either build against your existing opam package universe, or the custom universe contained in this repo. To use the custom universe, ensure that you unset your OPAMROOT environment variable:

unset OPAMROOT

To set up the OCaml build environment, type:

make ocaml

To install the OCaml dependencies, type:

make depends

To build:

make

When the build succeeds the vpnkit.exe binary should be available in the current directory.

Building on Windows

First install the OCaml environment with Cygwin. Note that although the Cygwin tools are needed for the build scripts, Cygwin itself will not be linked to the final executable.

Inside the OCaml64 (Cygwin) shell, unset the OPAMROOT environment and build by:

unset OPAMROOT
make

The first build will take a little longer as it will build all the package dependencies first.

When the build succeeds the vpnkit.exe binary should be available in the current directory.

Running with hyperkit

First ask vpnkit to listen for ethernet connections on a local Unix domain socket:

vpnkit --ethernet /tmp/ethernet --debug

Next ask com.docker.hyperkit to connect a NIC to this socket by adding a command-line option like -s 2:0,virtio-vpnkit,path=/tmp/ethernet. Note: you may need to change the slot 2:0 to a free slot in your VM configuration.

Why is this needed?

Running a VM usually involves modifying the network configuration on the host, for example by activating Ethernet bridges, new routing table entries, DNS and firewall/NAT configurations. Activating a VPN involves modifying the same routing tables, DNS and firewall/NAT configurations and therefore there can be a clash -- this often results in the network connection to the VM being disconnected.

VPNKit, part of HyperKit attempts to work nicely with VPN software by intercepting the VM traffic at the Ethernet level, parsing and understanding protocols like NTP, DNS, UDP, TCP and doing the "right thing" with respect to the host's VPN configuration.

VPNKit operates by reconstructing Ethernet traffic from the VM and translating it into the relevant socket API calls on OSX or Windows. This allows the host application to generate traffic without requiring low-level Ethernet bridging support.

Design

Licensing

VPNKit is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.

Contributions are welcome under the terms of this license. You may wish to browse the weekly reports to read about overall activity in the repository.

More Repositories

1

moby

The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
Go
68,400
star
2

buildkit

concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit
Go
8,112
star
3

hyperkit

A toolkit for embedding hypervisor capabilities in your application
C
3,604
star
4

swarmkit

A toolkit for orchestrating distributed systems at any scale. It includes primitives for node discovery, raft-based consensus, task scheduling and more.
Go
3,345
star
5

libnetwork

networking for containers
Go
2,156
star
6

datakit

Connect processes into powerful data pipelines with a simple git-like filesystem interface
OCaml
1,076
star
7

spdystream

Go
146
star
8

docker-ci-zap

Go
110
star
9

ipvs

IPVS networking for containers (package derived from moby/libnetwork)
Go
97
star
10

tool

Temporary repository for the moby assembly tool used by the Moby project
Go
74
star
11

sys

Go
71
star
12

libentitlement

Entitlements library for high level control of container permissions
Go
66
star
13

term

Go
65
star
14

mobywebsite

website for the moby project
HTML
31
star
15

tsc

Moby Technical Steering Committee
22
star
16

containerd

This is a limited-use, moby-specific, temporary "fork" of containerd -- not the (active) upstream containerd project!
Go
21
star
17

locker

This is a direct pull from https://github.com/moby/moby/tree/master/pkg/locker
Go
19
star
18

docker-signal

Utility for signalling a docker daemon running on Windows to dump its stacks in the case of a deadlock
Go
12
star
19

patternmatcher

Go
12
star
20

pubsub

Go
10
star
21

busybox

Dockerfile for a Windows busybox image
Dockerfile
10
star
22

docker-image-spec

Docker Image Specification v1
Go
6
star
23

datakit.logs

CI state for DataKit CI
4
star
24

docker-tdmgcc

TDM-GCC x64 Windows compilers for Docker CI
2
star