[personal-ovpn] does this still work? kubernetes v1.25.3
lknite opened this issue · 3 comments
Using the community edition of openvpn client I can connect to the vpn and all looks well, but it doesn't do anything. I thought maybe I needed to enable ip_forwarding. It's enabled on all my worker nodes deployed using kubeadm. However, when I try to enable it I get read-only file system. I thought NET_ADMIN that you set should have done the trick, but doesn't seem to.
# sysctl -w net.ipv4.ip_forward=1
sysctl: error setting key 'net.ipv4.ip_forward': Read-only file system
Testing by trying to access google.com and attempting to nslookup using server '8.8.8.8'.
I've used ssh connected to localhost:2222 and configured it to setup a dynamic socks5 proxy on localhost:9999.
Snippit from client config:
comp-lzo no
proto tcp
socks-proxy localhost 9999
connect-retry-max 1
#route 127.0.0.1 255.255.255.255 127.0.0.1 default
#route 127.0.0.1 255.255.255.255 net_gateway default
remote <personal_ovpn_ip> 1194 tcp
... everything else is the same from ovpn_getclient ...
values.yaml
personal-ovpn:
namespace: {"name":"openvpn"}
automatic:
enabled: true
externalHostname: 10.0.1.48
dnsServer: 10.0.0.2
service:
type: "LoadBalancer"
port: 1194
# to limit network interaction to namespace only (can't see other pods), trafic with one 'f' is correct
limitTraficToNamespace: false
If this is the right fix, #5, then request add init container section to deploy template.
Thought I'd try to make an image with ip_forward enabled and tried the following:
$ cat Dockerfile
FROM kylemanna/openvpn
RUN sysctl net.ipv4.ip_forward
docker build .
...
Status: Downloaded newer image for kylemanna/openvpn:latest
---> 3d5a3627a7f6
Step 2/2 : RUN sysctl net.ipv4.ip_forward
---> Running in d59cb767b325
net.ipv4.ip_forward = 1
Seems the kylemanna/openvpn has ip_forward enabled by default ... so how is it being disabled?
https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/ ? allowedUnsafeSysctls ?