12 - VPN Addon Setup¶
- Ensure internet for the container is working PRIOR to adding the VPN connection
- Obtain either a Wireguard Configuration or a OpenVPN configuration file
- Wireguard ends in a .conf
- OpenVPN ends in a .ovpn
- Know both your kubernetes LAN and your personal LAN
Preparing Configuration Files¶
- Delete the entire line that contains "DNS"
- Remove ALL mentions of IPv6
- Usually after the IPv4 addresses
::/0is the IPv6 syntax.
Here is an example Wireguard configuration. Note the Deleted IPv6 addresses, and Deleted DNS line.
[Interface] PrivateKey = cFuYkobFFgdfghdffdghdfghdfghdfgh Address = 10.64.48.226/32 [Peer] PublicKey = Casdfgsdfghsdfghsdfghsdfghs AllowedIPs = 0.0.0.0/0 Endpoint = 22.214.171.124:51820
Ignore any keys, public private, psk etc. We have not had any issue keeping all keys within a configuration.
Add the two following lines to your configuration
pull-filter ignore "ifconfig-ipv6 "
pull-filter ignore "route-ipv6 "
These two lines will ensure IPv6 is ignored, which is vital for a stable VPN connection.
Note The two added lines Here is an example OpenVPN configuration
client dev tun proto udp remote us-denver.privacy.network 1198 resolv-retry infinite nobind persist-key persist-tun cipher aes-128-cbc auth sha1 tls-client remote-cert-tls server pull-filter ignore "ifconfig-ipv6 " pull-filter ignore "route-ipv6 " auth-user-pass compress verb 1 reneg-sec 0 <crl-verify> -----BEGIN X509 CRL----- MIIFqzCCBJOgAwIBAgIJAKZ7D5Yv87qDMA0GCSqGSIb3DQEBDQUAMIHoMQswCQYD YDQ8z9v+DMO6iwyIDRiU -----END X509 CRL----- </crl-verify> <ca> -----BEGIN CERTIFICATE----- MIIFqzCCBJOgAwIBAgIJAKZ7D5Yv87qDMA0GCSqGSIb3DQEBDQUAMIHoMQswCQYD YDQ8z9v+DMO6iwyIDRiU -----END CERTIFICATE----- </ca> disable-occ
The next step enable the addon in our edit configuration
- Scale GUI
- Installed Applications
- Find the app you want, Click the top 3 dots to the right of your application
- Scroll to the bottom until you see
- Click the dropdown under
- Choose Wireguard or OpenVPN
- Type in your Credentials for your vpn provider.
- Check "Enable Killswitch"
Configure Killswitch Excluded IPv4 networks
AddFor EACH network.
172.16.0.0/16is the default Kubernetes Network, you want this in your killswitch so kubernetes can still communicate with the application
192.168.0.0/24is my personal LAN, this needs to be in there so YOU can communicate with the container
- Finally, Add the filepath where you saved your modified configuration file