Skip to content
A toolkit for embedding VPN capabilities in your application
OCaml Go C Shell Other
Branch: master
Clone or download
djs55 Merge pull request #496 from ebriney/libmux_no_logs_on_closed_pipe
Remove `is being closed.` logs in proxystream when copying
Latest commit 0b84b86 Nov 19, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.circleci circleci: use a patched opam.rb Feb 5, 2019
c Introduce e2e test between vpnkit and tap-vsockd Aug 7, 2019
docs Describe how to play with the transparent HTTP proxy Jun 1, 2017
go remove `is being closed.` logs in proxystream when copying Nov 18, 2019
pkg Add support for topkg Aug 17, 2017
repo opam: hvsock depends on base64 < 3.0.0 Jul 19, 2019
reports dev reports: draft for week 22, now featuring the HTTP libraries as well Jun 2, 2017
scripts CI: manually install test dependencies of vpnkit Jun 7, 2018
src dns: if UDP response is over 512 bytes, truncate and set TC Mar 20, 2019
.dockerignore Add basic .dockerignore Jan 2, 2019
.gitignore Improve .gitignore Jul 31, 2017
.ocp-indent Use `ocp-indent -i` to format all the files in that repo Jul 24, 2017
.travis.yml Introduce e2e test between vpnkit and tap-vsockd Aug 7, 2019
CHANGES.md Update CHANGES.md for v0.3.0 Feb 6, 2019
CONTRIBUTING.md Add contributing guidelines May 18, 2016
Dockerfile Dockerfile: use a fixed alpine and OCaml version Jul 19, 2019
LICENSE Add an Apache 2.0 license May 18, 2016
MAINTAINERS remove yomimono from maintainers Jun 9, 2017
Makefile Introduce e2e test between vpnkit and tap-vsockd Aug 7, 2019
README.md Improve build instructions in README.md Jan 9, 2018
appveyor.yml Switch to OCaml 4.07.0 Sep 26, 2018
vpnkit.descr Add `vpnkit.descr`: a description for the opam package Aug 17, 2017
vpnkit.opam Attempt to fix the Dockerfile build Nov 16, 2019

README.md

VPN-friendly networking devices for HyperKit

Build Status (OSX)

Binary artefacts are built by CI:

VPNKit diagram

VPNKit is a set of tools and services for helping HyperKit VMs interoperate with host VPN configurations.

Building on Unix (including Mac)

First install wget, opam and pkg-config using your package manager of choice.

If you are an existing opam user then you can either build against your existing opam package universe, or the custom universe contained in this repo. To use the custom universe, ensure that you unset your OPAMROOT environment variable:

unset OPAMROOT

To build, type

make

The first build will take a little longer as it will build all the package dependencies first.

When the build succeeds the vpnkit.exe binary should be available in the current directory.

Building on Windows

First install the OCaml environment with Cygwin. Note that although the Cygwin tools are needed for the build scripts, Cygwin itself will not be linked to the final executable.

Inside the OCaml64 (Cygwin) shell, unset the OPAMROOT environment and build by:

unset OPAMROOT
make

The first build will take a little longer as it will build all the package dependencies first.

When the build succeeds the vpnkit.exe binary should be available in the current directory.

Running with hyperkit

First ask vpnkit to listen for ethernet connections on a local Unix domain socket:

vpnkit --ethernet /tmp/ethernet --debug

Next ask com.docker.hyperkit to connect a NIC to this socket by adding a command-line option like -s 2:0,virtio-vpnkit,path=/tmp/ethernet. Note: you may need to change the slot 2:0 to a free slot in your VM configuration.

Why is this needed?

Running a VM usually involves modifying the network configuration on the host, for example by activating Ethernet bridges, new routing table entries, DNS and firewall/NAT configurations. Activating a VPN involves modifying the same routing tables, DNS and firewall/NAT configurations and therefore there can be a clash -- this often results in the network connection to the VM being disconnected.

VPNKit, part of HyperKit attempts to work nicely with VPN software by intercepting the VM traffic at the Ethernet level, parsing and understanding protocols like NTP, DNS, UDP, TCP and doing the "right thing" with respect to the host's VPN configuration.

VPNKit operates by reconstructing Ethernet traffic from the VM and translating it into the relevant socket API calls on OSX or Windows. This allows the host application to generate traffic without requiring low-level Ethernet bridging support.

Design

Licensing

VPNKit is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.

Contributions are welcome under the terms of this license. You may wish to browse the weekly reports to read about overall activity in the repository.

You can’t perform that action at this time.