Interestingly enough nanovms published an article going over exactly what chatGPT thought was impossible, running a vpn inside a unikernel. Creating a VPN Gateway with a Unikernel running WireGuard
I mentioned chatGPT, because I’m no expert in any of this, and to add some color I’ll explain how I got here.
I wanted a network layer solution for being able block access to certain websites. Think services like BlockSite & LeechBlockNG. Figured spinning up a VPN server with an allowlist should do the job. I’ve been in serverless land for some time and tried to see how this idea might fit into this model. Performance and security being top of mind, I was brought to NanoVms.
But from my research I was under the impression that a VPN gateway within a unikernel was impossible due to the lack of access to low level network level APIs. This article, through a series of patches was able to achieve a vpn within a unikernel. At the end of the article is mentions that IP masquerading is on the roadmap.
A couple of questions,
- Where can I see this Roadmap
- Would IP masquerading make it so that these patches done in this tutorial unnecessary?
- Is the idea of a serverless VPN possible with unikernls? If so, how so?