diff --git a/.ci/build_packages.sh b/.ci/build_packages.sh
index eba2e0d31..7a4f6d7cd 100755
--- a/.ci/build_packages.sh
+++ b/.ci/build_packages.sh
@@ -61,7 +61,7 @@ case $format in
     version=0.2.0-1
     pkg_dir="firezone-${version}.x86_64"
     pkg_file="${pkg_dir}.rpm"
-    final_pkg_file="${pkg_dir}.${MATRIX_IMAGE/:*/}"
+    final_pkg_file="${pkg_dir}.${MATRIX_IMAGE/:*/}.rpm"
     image="ghcr.io/firezone/package-${MATRIX_IMAGE/:/_}:${GITHUB_SHA}"
 
     docker buildx build \
diff --git a/.ci/functional_test.sh b/.ci/functional_test.sh
index 2fc34406e..9d4589793 100755
--- a/.ci/functional_test.sh
+++ b/.ci/functional_test.sh
@@ -1,44 +1,46 @@
 #!/usr/bin/env bash
-set -x
+set -ex
 
-sudo apt-get update
-sudo apt-get install -y -q postgresql \
-  wireguard iptables net-tools curl ca-certificates
-sudo systemctl start postgresql
-sudo dpkg -i *.deb
+vagrant up $MATRIX_OS
 
-echo "Enabling service"
-sudo systemctl start firezone
-
-# Wait for app to start
-# XXX: Remove sleeps
-sleep 10
-
-echo "Service status"
-sudo systemctl status firezone.service
-
-echo "Printing service logs"
-sudo journalctl -u firezone.service
-
-echo "Trying to load homepage"
-curl -i -vvv -k https://$(hostname):8800/
-
-echo "Printing SSL debug info"
-openssl s_client -connect $(hostname):8800 -servername $(hostname) -showcerts -prexit
-
-echo "Removing package"
-output=$(sudo apt-get remove --purge firezone)
-
-echo "Checking if config file was removed"
-if [ -e /etc/firezone/config.env ]; then
-  echo "Config removal issue"
-  exit 1
-fi
-
-echo "Checking if instructions were printed on how to remove database and secrets"
-if echo "$output" | grep 'Refusing to purge /etc/firezone/secret and drop database.'; then
-  echo "Instructions printed"
-else
-  echo "Instructions not printed!"
-  exit 1
-fi
+# sudo apt-get update
+# sudo apt-get install -y -q postgresql \
+#   wireguard iptables net-tools curl ca-certificates
+# sudo systemctl start postgresql
+# sudo dpkg -i *.deb
+#
+# echo "Enabling service"
+# sudo systemctl start firezone
+#
+# # Wait for app to start
+# # XXX: Remove sleeps
+# sleep 10
+#
+# echo "Service status"
+# sudo systemctl status firezone.service
+#
+# echo "Printing service logs"
+# sudo journalctl -u firezone.service
+#
+# echo "Trying to load homepage"
+# curl -i -vvv -k https://$(hostname):8800/
+#
+# echo "Printing SSL debug info"
+# openssl s_client -connect $(hostname):8800 -servername $(hostname) -showcerts -prexit
+#
+# echo "Removing package"
+# output=$(sudo apt-get remove --purge firezone)
+#
+# echo "Checking if config file was removed"
+# if [ -e /etc/firezone/config.env ]; then
+#   echo "Config removal issue"
+#   exit 1
+# fi
+#
+# echo "Checking if instructions were printed on how to remove database and secrets"
+# if echo "$output" | grep 'Refusing to purge /etc/firezone/secret and drop database.'; then
+#   echo "Instructions printed"
+# else
+#   echo "Instructions not printed!"
+#   exit 1
+# fi
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 863aa4848..411dd29bf 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -108,6 +108,20 @@ jobs:
   functional-test:
     needs: build
     runs-on: macos-latest # macos supports Virtualbox / Vagrant
+    env:
+      MATRIX_OS: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os:
+          - amazonlinux_2
+          - centos_7
+          - centos_8
+          - debian_10
+          - fedora_33
+          - fedora_34
+          - fedora_35
+          - ubuntu_18.04
+          - ubuntu_20.04
     steps:
       - uses: actions/checkout@v2
       - uses: actions/download-artifact@v2
diff --git a/Vagrantfile b/Vagrantfile
index b6bddec0b..2fc6bcb51 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -1,23 +1,43 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
+
+# This Vagrantfile is used for functional testing in the CI pipeline.
+# Github Actions supports vagrant on the macos host.
 Vagrant.configure('2') do |config|
-  config.vm.provider 'virtualbox' do |vbox|
-    # Speed up compiles
-    vbox.cpus = 4
+
+  config.vm.define "amazonlinux_2" do |vm|
+    vm.box = "bento/amazonlinux-2"
   end
 
-  config.vm.box = 'ubuntu/focal64'
-  config.vm.hostname = 'firezone.local'
+  config.vm.define "centos_7" do |vm|
+    vm.box = "generic/centos7"
+  end
 
-  # Web
-  config.vm.network 'forwarded_port', guest: 8800, host: 8800, protocol: 'tcp'
+  config.vm.define "centos_8" do |vm|
+    vm.box = "generic/centos8"
+  end
 
-  # VPN
-  config.vm.network 'forwarded_port', guest: 51820, host: 51820, protocol: 'udp'
+  config.vm.define "debian_10" do |vm|
+    vm.box = "generic/debian10"
+  end
 
-  # Disabling Ansible provisioner for now in favor of a vanilla Ubuntu VM.
-  # config.vm.provision 'ansible' do |ansible|
-  #   ansible.playbook = 'ansible/playbook.yml'
-  #   ansible.verbose = true
-  # end
+  config.vm.define "fedora_33" do |vm|
+    vm.box = "generic/fedora33"
+  end
+
+  config.vm.define "fedora_34" do |vm|
+    vm.box = "generic/fedora34"
+  end
+
+  config.vm.define "fedora_35" do |vm|
+    vm.box = "generic/fedora35"
+  end
+
+  config.vm.define "ubuntu_18.04" do |vm|
+    vm.box = "generic/ubuntu1804"
+  end
+
+  config.vm.define "ubuntu_20.04" do |vm|
+    vm.box = "generic/ubuntu2004"
+  end
 end