-
Notifications
You must be signed in to change notification settings - Fork 240
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Epic] VPN support #1087
Comments
No timeframe is given as issues are encountered while implementing |
Planned to be reviewed again. |
@guillaumerose Do you have any suggestions on how to tackle this? |
Docker Desktop solves this by using vpnkit. vpnkit runs as user on the host and connects to a small daemon inside the VM using named pipes/vsock. The daemon in the VM is in fact a tap interface. The daemon transfers all the traffic to vpnkit so that vpnkit handles all the traffic as the user. In this architecture, vpnkit is a client because of issue with vsock on older version of Windows. It could be reversed now. |
I started an experiment in https://github.com/guillaumerose/gvisor-tap-vsock. It reproduces vpnkit without ocaml code. For the moment, it's more a toolkit to solve the VPN issue than the solution itself. |
We should break down work in new tasks as the spike has concluded. Some time ago we noted what was needed:
I know it is boring, but let's break up tasks and assign to platforms. This will aid in testing, as we know what is implemented and perhaps even handover some of the work. |
crc-org/snc#234 addresses the first two points. |
First bits are in master branch. It can be used on the 3 platforms. How to test it:
What is still missing:
What can be improved:
|
which means |
bump |
VPN support is available by default on macOS and Linux. Still, we are missing end-to-end tests for this. |
No description provided.
The text was updated successfully, but these errors were encountered: