Open fabn opened 4 years ago
I know this is a very old issue, but I ran into it as well, and I solved it by creating an init
container that sets IP forwarding on the pod.
I know this is a very old issue, but I ran into it as well, and I solved it by creating an
init
container that sets IP forwarding on the pod.
Interesting, could you please share your setup?
Sure, I've built an OpenVPN 2.5 Docker image that is running as a deployment pod on Kubernetes 1.22 with a busybox init
containter that sets net.ipv4.ip_forward=1
. I've a configmap entry that pushes "route 10.11.1.0 255.255.255.0"
which is my private subnet. It works both with or without redirect-gateway def1
(the difference being that my client's default GW would change, but I can still access my private subnet either way).
I have a working configuration for this image initially generated with this configuration command:
Everything was working on plain docker (actually with rancher1 as orchestrator) and when I connect to vpn from outside I'm able to ping and access any service in
192.168.5.0/24
which is the main purpose of having this VPN.Now I'm moving everything to kubernetes (plus rancher2) and I migrated old volume to a kubernetes deployment with the same specs as before. I've just changed VPN subnet to be able to have both images running in parallel:
I'd expect everything works as before, however I'm not able to interact with
192.168.5.0/24
network anymore.I spent a lot of time in debugging this but I wasn't able to make it working. I compared line by line client output and it's identical (except for the networks used), so the issue must be in server configuration.
Here's server log in the old image (working)
And here's the debug log of the new image
I think the issue should be in this error in the new image
However if I run iptables after the container is started I can see those rules
Also another strange thing is in this lines:
Any hint?