amkartashov/gf-k8s
1
0
Fork 0
mirror of https://github.com/amkartashov/gf-k8s.git synced 2026-01-11 01:49:44 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

vpn: fix incoming connections routing

Browse source
This commit is contained in:
Andrey Kartashov 2022-03-19 23:28:05 +07:00
parent 970f7be74b
commit 06695bd03a
4 changed files with 34 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
apps/system/vpn/daemonset.yaml
View file

@ -26,6 +26,10 @@ spec:
- name: vpn-conf - name: vpn-conf
configMap: configMap:
name: vpn-conf name: vpn-conf
- name: vpn-scripts
configMap:
name: vpn-scripts
defaultMode: 0555
- name: vpn-creds - name: vpn-creds
secret: secret:
secretName: vpn-creds secretName: vpn-creds
@ -41,6 +45,12 @@ spec:
- /vpn/vpn.conf - /vpn/vpn.conf
- --auth-user-pass - --auth-user-pass
- /vpn/creds - /vpn/creds
- --script-security
- "2"
- --up
- /vpn-scripts/up.sh
- --down
- /vpn-scripts/down.sh
securityContext: securityContext:
privileged: true privileged: true
capabilities: capabilities:
@ -55,5 +65,8 @@ spec:
mountPath: /vpn/creds mountPath: /vpn/creds
subPath: creds subPath: creds
readOnly: true readOnly: true
- name: vpn-scripts
mountPath: /vpn-scripts
readOnly: true
- mountPath: /dev/net/tun - mountPath: /dev/net/tun
name: dev-net-tun name: dev-net-tun

4
apps/system/vpn/kustomization.yaml
View file

@ -7,3 +7,7 @@ configMapGenerator:
- name: vpn-conf - name: vpn-conf
files: files:
- vpn.conf=Fastestvpn_ovpn/UDP_Files/Sweden2-UDP.ovpn - vpn.conf=Fastestvpn_ovpn/UDP_Files/Sweden2-UDP.ovpn
- name: vpn-scripts
files:
- up.sh=scripts/up.sh
- down.sh=scripts/down.sh

9
apps/system/vpn/scripts/down.sh Normal file
View file

@ -0,0 +1,9 @@
#!/bin/sh
# see https://community.openvpn.net/openvpn/wiki/Concepts-PolicyRouting-Linux
sudo ip rule delete from 192.168.1.8/32 table 42
sudo ip rule delete from 10.244.0.0/16 table 42
sudo ip rule delete from 192.168.1.8/32 to 10.244.0.0/16 table main
sudo ip rule delete from 10.244.0.0/16 to 10.244.0.0/16 table main
sudo ip route flush table 42

8
apps/system/vpn/scripts/up.sh Executable file
View file

@ -0,0 +1,8 @@
#!/bin/sh
# see https://community.openvpn.net/openvpn/wiki/Concepts-PolicyRouting-Linux
ip route add table 42 default via 192.168.1.1
ip rule add from 192.168.1.8/32 table 42
ip rule add from 10.244.0.0/16 table 42
ip rule add from 192.168.1.8/32 to 10.244.0.0/16 table main
ip rule add from 10.244.0.0/16 to 10.244.0.0/16 table main