Join Log in
Score:0
NetTypicalGuy avatar Server

Kubernetes Wireguard VPN tunneling home-lan with cloud-server error

cn flag
NetTypicalGuy

Problem

I am currently trying to VPN tunnel nodes of my LAN with a node outside of my LAN (Inside a data center). For that, i was trying to use K3S. Sadly i cant ping the worker (inside lan) over the master (outside lan). Pinging between worker nodes work (both inside lan).

Reproduce

To install k3s i used the command curl -sfL https://get.k3s.io | sh -s - --flannel-backend=none --disable traefik whilst also to remove flannel and disable traefik.

To install calico i downloaded the manifest via curl https://docs.projectcalico.org/manifests/calico.yaml -O and edited the conf list to allow ip_forwarding:

{
  "name": "k8s-pod-network",
  "cniVersion": "0.3.1",
  "plugins": [
    {
      "type": "calico",
      "log_level": "info",
      "log_file_path": "/var/log/calico/cni/cni.log",
      "datastore_type": "kubernetes",
      "nodename": "NODE_NAME",
      "mtu": 0,
      "ipam": {
          "type": "calico-ipam"
      },
      "policy": {
          "type": "k8s"
      },
      "kubernetes": {
          "kubeconfig": "/etc/cni/net.d/calico-kubeconfig"
      },
      "container_settings": { "allow_ip_forwarding": true }
    },
    {
      "type": "portmap",
      "snat": true,
      "capabilities": {"portMappings": true}
    },
    {
      "type": "bandwidth",
      "capabilities": {"bandwidth": true}
    }
  ]
}

And executed the command sudo sysctl net.ipv4.ip_forward=1 on every node.

To enable Wireguard, i farely followed the instructions on https://docs.projectcalico.org/security/encrypt-cluster-pod-traffic and installed wireguard via
apt-get install wireguard
on every node, downloaded calicoctl via
curl -o calicoctl -O -L "https://github.com/projectcalico/calicoctl/releases/download/v3.20.2/calicoctl"
and made it executable with
chmod +x calicoctl.
After that i enabeled Wireguard with the command
./calicoctl patch felixconfiguration default --type='merge' -p '{"spec":{"wireguardEnabled":true}}'.

After that, i installed the nginx-ingress with the yaml manifest
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.0.4/deploy/static/provider/cloud/deploy.yaml.
I joined every node inside my lan to the master outside of my lan with
curl -sfL https://get.k3s.io | K3S_URL=https://IP:6443 K3S_TOKEN=TOKEN sh -
Every node had a VPN-tunnel ip adress and pods were run on the vpn adresses. The internal-ip of every node was its own ip adress (nodes inside my lan got ip-adress of the lan and the ones outside lan got public ip adresses).

218
0 + 0
ip
k3s
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.