Accessing clients from k8s containers.

[jaredbischof]

Hello and thanks for sharing this project! I was wondering if it was possible to route all traffic for the client subnet from other containers thru the openvpn server. It would be useful to me if I could directly address the client IP's rather than mapping individual ports.

[pieterlange]

Yeah that would be useful but it would require some daemonset to make sure the entire subnet gets routed to the openvpn pod IP. If you find yourself needing to route to an entire subnet back over openvpn your needs probably extend outside of the scope of this project. (scaling up is an issue, as well as stateful high-availability).

I am currently able to run this in an A/B near-high-availability configuration but the setup of the clients is somewhat tedious. I will document this process some time soon.

I recommend looking at other options for routing entire subnets in because it probably means you need either:

• a decent amount of throughput
• high availability (rescheduled pods+openvpn connection reinitialization can take some time)

What (cloud?) environment are you running in?

(also, this is not a hard "no" and i'm willing to help you build this but i'm also trying to prevent you from building something dangerous/unstable)

[jaredbischof]

After considering your points, I think you're right. I would like to have high throughput and availability in the long term. I'm going to take a look at some enterprise solutions. Thanks for your response!