A terminal user interface (TUI) application for managing VPN exit nodes on a Tailscale network using DigitalOcean droplets.
yVPN simplifies the creation and management of distributed VPN exit nodes. It provisions DigitalOcean droplets preconfigured as Tailscale exit nodes, giving you on-demand VPN endpoints in various geographic locations.
- Interactive TUI - Clean terminal interface with keyboard navigation
- Scriptable CLI - JSON output for automation and scripting
- One-click provisioning - Create exit nodes in any DigitalOcean datacenter
- Automated setup - Droplets are fully configured via cloud-init (Tailscale installation, IP forwarding, NAT rules)
- SSH access - Run as an SSH server for remote management without local installation
- Exit node management - View, create, and delete exit nodes from a unified dashboard
- DigitalOcean API token (with read/write access)
- Tailscale API key
Download the latest binary for your platform from the Releases page.
# Linux
curl -LO https://github.com/bnsmcx/yvpn/releases/latest/download/yvpn-linux-amd64
chmod +x yvpn-linux-amd64
sudo mv yvpn-linux-amd64 /usr/local/bin/yvpn
# macOS (Apple Silicon)
curl -LO https://github.com/bnsmcx/yvpn/releases/latest/download/yvpn-darwin-arm64
chmod +x yvpn-darwin-arm64
sudo mv yvpn-darwin-arm64 /usr/local/bin/yvpn
# macOS (Intel)
curl -LO https://github.com/bnsmcx/yvpn/releases/latest/download/yvpn-darwin-amd64
chmod +x yvpn-darwin-amd64
sudo mv yvpn-darwin-amd64 /usr/local/bin/yvpngit clone https://github.com/bnsmcx/yvpn.git
cd yvpn
go build -o yvpn ./cmd/tuiRequires Go 1.21+.
Set your credentials as environment variables:
export DIGITAL_OCEAN_TOKEN=<your_digitalocean_token>
export TAILSCALE_API=<your_tailscale_api_key>yvpn tuiIf credentials aren't set, you'll be prompted to enter them on startup.
# List existing exit nodes
yvpn list
# List available datacenters
yvpn datacenters
# Create a new exit node
yvpn create nyc1
# Delete an exit node by ID
yvpn delete 12345
# JSON output for scripting
yvpn list --json
yvpn datacenters --json
yvpn create nyc1 --json
# Show version
yvpn --versionRun yVPN as an SSH server for remote access:
yvpn sshThis starts an SSH server on port 1337. Connect with:
ssh -p 1337 user@hostnamePass credentials via SSH environment variables.
| Key | Action |
|---|---|
n |
Create new exit node |
d |
Delete selected exit node |
↑/↓ |
Navigate list |
Enter |
Confirm selection |
Esc |
Go back / Cancel |
q |
Quit |
-
Create: Select a DigitalOcean datacenter. yVPN generates a temporary Tailscale auth key, provisions a droplet with cloud-init configuration, and waits for the node to appear on your tailnet.
-
Configure: The droplet automatically installs Tailscale, enables IP forwarding, configures iptables rules, and advertises itself as an exit node.
-
Enable: Once the droplet joins your tailnet, yVPN enables it as an exit node via the Tailscale API.
-
Use: Connect to your new exit node from any device on your tailnet.
yvpn/
├── cmd/
│ └── tui/ # Main application
│ ├── main.go # Entry point, SSH server
│ ├── cli.go # CLI commands
│ ├── dash.go # Dashboard view
│ ├── add.go # Create exit node screen
│ ├── delete.go # Delete exit node screen
│ ├── onboard.go # Credential input
│ └── style.go # UI styling
├── pkg/
│ ├── digital_ocean/ # DigitalOcean API wrapper
│ └── tailscale/ # Tailscale API wrapper
├── Dockerfile
├── go.mod
└── shell.nix # Nix development environment
nix-shellThis provides Go, Git, gopls, and development tools.
Exit nodes are created with:
- OS: Ubuntu 24.04 x64
- Size: s-1vcpu-1gb (1 vCPU, 1GB RAM)
- Tag:
yVPN
- Bubble Tea - TUI framework
- Lip Gloss - Styling
- Wish - SSH server
- godo - DigitalOcean API client
This project is licensed under the MIT License - see the LICENSE file for details.