diff --git a/.github/workflows/smoke.yml b/.github/workflows/smoke.yml
new file mode 100644
index 0000000..71accea
--- /dev/null
+++ b/.github/workflows/smoke.yml
@@ -0,0 +1,34 @@
+name: smoke
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+jobs:
+
+  smoke:
+    name: Run 3 node smoke test
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Set up Go 1.13
+      uses: actions/setup-go@v1
+      with:
+        go-version: 1.13
+      id: go
+
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v1
+
+    - name: build
+      run: make
+
+    - name: setup docker image
+      working-directory: ./.github/workflows/smoke
+      run: ./build.sh
+
+    - name: run smoke
+      working-directory: ./.github/workflows/smoke
+      run: ./smoke.sh
+
+    timeout-minutes: 10
diff --git a/.github/workflows/smoke/.gitignore b/.github/workflows/smoke/.gitignore
new file mode 100644
index 0000000..796b96d
--- /dev/null
+++ b/.github/workflows/smoke/.gitignore
@@ -0,0 +1 @@
+/build
diff --git a/.github/workflows/smoke/Dockerfile b/.github/workflows/smoke/Dockerfile
new file mode 100644
index 0000000..db9b34f
--- /dev/null
+++ b/.github/workflows/smoke/Dockerfile
@@ -0,0 +1,5 @@
+FROM debian:buster
+
+ADD ./build /
+
+ENTRYPOINT ["/nebula"]
diff --git a/.github/workflows/smoke/build.sh b/.github/workflows/smoke/build.sh
new file mode 100755
index 0000000..71ca9de
--- /dev/null
+++ b/.github/workflows/smoke/build.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+set -e -x
+
+rm -rf ./build
+mkdir ./build
+
+(
+    cd build
+
+    cp ../../../../nebula .
+    cp ../../../../nebula-cert .
+    cp ../*.yml .
+
+    ./nebula-cert ca -name "Smoke Test"
+    ./nebula-cert sign -name "lighthouse1" -ip "192.168.100.1/24"
+    ./nebula-cert sign -name "host2" -ip "192.168.100.2/24"
+    ./nebula-cert sign -name "host3" -ip "192.168.100.3/24"
+)
+
+docker build -t nebula:smoke .
diff --git a/.github/workflows/smoke/host2.yml b/.github/workflows/smoke/host2.yml
new file mode 100644
index 0000000..68708d2
--- /dev/null
+++ b/.github/workflows/smoke/host2.yml
@@ -0,0 +1,31 @@
+pki:
+  ca: /ca.crt
+  cert: /host2.crt
+  key: /host2.key
+
+static_host_map:
+  "192.168.100.1": ["172.17.0.2:4242"]
+
+lighthouse:
+  am_lighthouse: false
+  interval: 60
+  hosts:
+    - "192.168.100.1"
+
+listen:
+  host: 0.0.0.0
+  port: 4242
+
+tun:
+  dev: nebula1
+
+firewall:
+  outbound:
+    - port: any
+      proto: any
+      host: any
+
+  inbound:
+    - port: any
+      proto: any
+      host: any
diff --git a/.github/workflows/smoke/host3.yml b/.github/workflows/smoke/host3.yml
new file mode 100644
index 0000000..66fb2cd
--- /dev/null
+++ b/.github/workflows/smoke/host3.yml
@@ -0,0 +1,31 @@
+pki:
+  ca: /ca.crt
+  cert: /host3.crt
+  key: /host3.key
+
+static_host_map:
+  "192.168.100.1": ["172.17.0.2:4242"]
+
+lighthouse:
+  am_lighthouse: false
+  interval: 60
+  hosts:
+    - "192.168.100.1"
+
+listen:
+  host: 0.0.0.0
+  port: 4242
+
+tun:
+  dev: nebula1
+
+firewall:
+  outbound:
+    - port: any
+      proto: any
+      host: any
+
+  inbound:
+    - port: any
+      proto: any
+      host: any
diff --git a/.github/workflows/smoke/lighthouse1.yml b/.github/workflows/smoke/lighthouse1.yml
new file mode 100644
index 0000000..2c5afd1
--- /dev/null
+++ b/.github/workflows/smoke/lighthouse1.yml
@@ -0,0 +1,25 @@
+pki:
+  ca: /ca.crt
+  cert: /lighthouse1.crt
+  key: /lighthouse1.key
+
+lighthouse:
+  am_lighthouse: true
+
+listen:
+  host: 0.0.0.0
+  port: 4242
+
+tun:
+  dev: nebula1
+
+firewall:
+  outbound:
+    - port: any
+      proto: any
+      host: any
+
+  inbound:
+    - port: any
+      proto: any
+      host: any
diff --git a/.github/workflows/smoke/smoke.sh b/.github/workflows/smoke/smoke.sh
new file mode 100755
index 0000000..591922c
--- /dev/null
+++ b/.github/workflows/smoke/smoke.sh
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+set -e -x
+
+docker run --name lighthouse1 --device /dev/net/tun:/dev/net/tun --cap-add NET_ADMIN --rm nebula:smoke -config lighthouse1.yml &
+sleep 1
+docker run --name host2 --device /dev/net/tun:/dev/net/tun --cap-add NET_ADMIN --rm nebula:smoke -config host2.yml &
+sleep 1
+docker run --name host3 --device /dev/net/tun:/dev/net/tun --cap-add NET_ADMIN --rm nebula:smoke -config host3.yml &
+sleep 1
+
+set +x
+echo
+echo " *** Testing ping from lighthouse1"
+echo
+set -x
+docker exec lighthouse1 ping -c1 192.168.100.2
+docker exec lighthouse1 ping -c1 192.168.100.3
+
+set +x
+echo
+echo " *** Testing ping from host2"
+echo
+set -x
+docker exec host2 ping -c1 192.168.100.1
+docker exec host2 ping -c1 192.168.100.3
+
+set +x
+echo
+echo " *** Testing ping from host3"
+echo
+set -x
+docker exec host3 ping -c1 192.168.100.1
+docker exec host3 ping -c1 192.168.100.2