Hi everyone,
I’m trying to setup a VPN to access my cluster’s workloads without setting public endpoints.Service is deployed using the OpenVPN helm chart,
-
replacing L4 loadbalacer with a simple service discovery
-
edit configMap to allow TCP to go through the loadbalancer and reach the VPN What does / doesn’t work:
-
Cannot ping public servers
-
Cannot ping Kubernetes services or pods
-
Can ping openvpn cluster IP “10.42.2.11”
My files
vars.yml :
---
replicaCount: 1
nodeSelector:
openvpn: "true"
openvpn:
OVPN_K8S_POD_NETWORK: "10.42.0.0"
OVPN_K8S_POD_SUBNET: "255.255.0.0"
OVPN_K8S_SVC_NETWORK: "10.43.0.0"
OVPN_K8S_SVC_SUBNET: "255.255.0.0"
persistence:
storageClass: "local-path"
service:
externalPort: 444
Connection works, but I’m not able to hit any ip inside my cluster.
The only ip I’m able to reach is the openvpn cluster ip. openvpn.conf :
server 10.240.0.0 255.255.0.0
verb 3key /etc/openvpn/certs/pki/private/server.key
ca /etc/openvpn/certs/pki/ca.crt
cert /etc/openvpn/certs/pki/issued/server.crt
dh /etc/openvpn/certs/pki/dh.pemkey-direction 0
keepalive 10 60
persist-key
persist-tunproto tcp
port 443
dev tun0
status /tmp/openvpn-status.loguser nobody
group nogrouppush "route 10.42.2.11 255.255.255.255"push "route 10.42.0.0 255.255.0.0"push "route 10.43.0.0 255.255.0.0"push "dhcp-option DOMAIN-SEARCH openvpn.svc.cluster.local"
push "dhcp-option DOMAIN-SEARCH svc.cluster.local"
push "dhcp-option DOMAIN-SEARCH cluster.local"
client.ovpn
client
nobind
dev tunremote xxxx xxx tcp
CERTS CERTSdhcp-option DOMAIN openvpn.svc.cluster.local
dhcp-option DOMAIN svc.cluster.local
dhcp-option DOMAIN cluster.local
dhcp-option DOMAIN [online.net](http://online.net/)