Shiny

Deploy IPsec VPN server on Kubernetes

September 23, 2019 #kubernetes#vpn

NOTE: In general case, you should not setup the VPN server on the kubernetes. If you need the VPN services, you should create an independent instance of it or use cloud platform’s VPN service. Otherwise, you may have some security risk.

Steps

  1. Create vpn.yaml and replace vpn_ipsec_psk, vpn_user and vpn_password by your secret

    apiVersion: apps/v1beta2
    kind: StatefulSet
    metadata:
    name: vpn
    spec:
    selector:
     matchLabels:
       app: vpn
    serviceName: vpn
    replicas: 1
    template:
     metadata:
       labels:
         app: vpn
     spec:
       containers:
         - name: vpn
           image: hwdsl2/ipsec-vpn-server
           imagePullPolicy: Always
           securityContext:
             privileged: true
           ports:
             - containerPort: 500
               hostPort: 500
               name: vpn-isakmp
               protocol: UDP
             - containerPort: 4500
               hostPort: 4500
               name: vpn-ike
               protocol: UDP
           env:
             - name: "VPN_IPSEC_PSK"
               value: "vpn_ipsec_psk"
             - name: "VPN_USER"
               value: "vpn_user"
             - name: "VPN_PASSWORD"
               value: "vpn_password"
  2. Deploy to your cluster

    kubectl apply -f vpn.yaml
  3. Check your public IP of VPN server

    kubectl logs vpn-0

    And your will see below information

  4. Open your VPN client and connect to VPN to check it

References

  1. https://github.com/hwdsl2/docker-ipsec-vpn-server
  2. https://kubernetes.io/docs/concepts/configuration/overview/

Shiny

Experienced JavaScript / Node.js engineer & team lead.
Twitter Facebook Medium LinkedIn GitHub Email