A comprehensive solution for deploying Twingate Exit Networks to create a DIY, globally-distributed VPN for personal use.
β οΈ Internal Use Only: This project can only be used for personal or internal use. Please do not use this project or Twingate to offer a commercial VPN service. Also note that bandwidth usage through Twingate infrastructure is subject to Twingate's Fair Use Policy.
This repository provides multiple deployment options for creating VPN Exit Networks with Twingate's zero-trust networking technology:
- π§ͺ Minikube: Local development and testing environment
- π DigitalOcean Droplets: Small scale deployments
- βΈοΈ DigitalOcean Kubernetes: Enterprise level implementation
β οΈ Important: To access Exit Networks, you need a plan that includes Exit Networks, such as Twingate Home or Twingate Enterprise. Exit Networks are not available on the free Starter plan. Learn more about Twingate plans.
β
Multi-Platform Support: Deploy on droplets, Kubernetes clusters, or locally
β
Zero-Trust Security: No inbound ports open - all access is via Twingate
β
Global Distribution: Multi-region deployment capabilities
| Platform | Use Case | Cost |
|---|---|---|
| Minikube | Development, testing | π° Free |
| DigitalOcean Droplets | Personal, cost-effective | π° Low |
| DigitalOcean Kubernetes | Enterprise, orchestration | π°π° Medium |
π‘ Choose One Option: These are separate, independent deployment methods - not components that work together. Select the single option that best matches your specific needs and use case.
- Perfect for: Learning, development, testing configurations
- Choose if: You want to experiment locally before committing to cloud resources
- Pros: Free, fast iteration, safe testing environment. Can be used used as a free Exit Network
- Cons: Local only, not suitable for production traffic
- Perfect for: Personal VPN, small teams, cost-conscious deployments
- Choose if: You want simple, reliable, cost-effective Exit Networks
- Pros: Lowest cost, simple architecture, production-ready
- Cons: Manual scaling, requires some Linux knowledge for troubleshooting
- Perfect for: Large organizations, access to cluster resources, complex deployments
- Choose if: You need enterprise features and have Kubernetes expertise
- Pros: Access to cluster resources, high availability, advanced orchestration
- Cons: Higher cost, complexity, requires Kubernetes knowledge
βββββββββββββββββββ ββββββββββββββββββββ βββββββββββββββββββ
β User Device β β Twingate Cloud β β Exit Network β
β βββββΊβ βββββΊβ β
β Twingate Client β β Zero-Trust β β Connector β
βββββββββββββββββββ β Controller β βββββββββββββββββββ
ββββββββββββββββββββ
- Terraform >= 1.0
- Twingate Home or other subscription plan that includes Exit Networks (not available on Starter plan)
- Twingate account with API access
- Platform-specific requirements (see individual folders)
Select ONE option that fits your needs:
| Best for Beginners | Best for Production | Best for Development |
|---|---|---|
| DigitalOcean Droplets | DigitalOcean Kubernetes | Minikube |
| Simple, cost-effective | Orchestration, enterprise | Local testing |
Note: These are independent deployment methods. Don't try to use multiple options together - pick the one that best matches your requirements.
- API Token: Twingate Admin Console β Settings β API
- Network Name: Your tenant name (e.g.,
company.twingate.comβcompany) - Exit Network ID: Create an Exit Network in Twingate Admin Console
Choose your platform and follow the detailed README in each folder:
# For Minikube (recommended for beginners / local development)
cd minikube
./deploy.sh
# For DigitalOcean Droplets (cost effective / personal use)
cd digital_ocean/droplet
cp terraform.tfvars.example terraform.tfvars
# Edit terraform.tfvars with your credentials
terraform init
terraform apply
# For DigitalOcean Kubernetes (Enterprise)
cd digital_ocean/kubernetes
cp terraform.tfvars.example terraform.tfvars
# Edit terraform.tfvars with your credentials
terraform init
terraform apply
diy-vpn/
βββ README.md # This file
βββ digital_ocean/ # DigitalOcean deployments
β βββ droplet/ # Direct droplet deployment
β β βββ main.tf # Core Terraform configuration
β β βββ variables.tf # Input variables
β β βββ outputs.tf # Output values
β β βββ terraform.tfvars.example
β β βββ templates/ # Cloud-init templates
β β βββ README.md # Detailed droplet guide
β βββ kubernetes/ # Kubernetes cluster deployment
β βββ main.tf # Cluster configuration
β βββ deploy.tf # Deployment automation
β βββ variables.tf # Input variables
β βββ outputs.tf # Output values
β βββ terraform.tfvars.example
β βββ config/ # Generated configurations
β βββ README.md # Detailed Kubernetes guide
βββ helm/ # Reusable Helm chart
β βββ Chart.yaml # Chart metadata
β βββ values.example.yaml # Example configuration
β βββ templates/ # Kubernetes templates
β βββ charts/ # Chart dependencies
β βββ README.md # Helm chart documentation
βββ minikube/ # Local development
βββ deploy.sh # Deployment script
βββ cleanup.sh # Cleanup script
βββ values.yaml # Helm values
βββ values-example.yaml # Example configuration
βββ README.md # Minikube guide
DigitalOcean Regions:
- North America: NYC1, NYC2, NYC3, SFO1, SFO2, SFO3, TOR1
- Europe: AMS2, AMS3, LON1, FRA1
- Asia Pacific: SGP1, BLR1, SYD1
Current as of October 2025. Refer to DigitalOcean for the most current list.
| Issue | Solution | Reference |
|---|---|---|
| Connector offline | Check API tokens and network connectivity | Droplet README |
| Terraform state conflicts | Use separate state files per environment | Kubernetes README |
| Helm deployment fails | Verify cluster connectivity and dependencies | Helm README |
| Minikube issues | Check Docker and resource allocation | Minikube README |
- π Twingate Documentation
- π¬ Twingate Community
- π Report Issues
- Clone the repository
- Create a feature branch
- Test your changes locally with Minikube
- Submit a pull request
Copyright (C) Twingate Inc.
This project is licensed under AGPL-3.0-only.
π Ready to deploy your DIY VPN? Choose your platform above and follow the detailed guides in each folder!