Usage i.c.m. vpn

[cobrowserAlex]

I am having trouble getting the cluster to work with our vpn ON. When I turn the vpn off all works fine, but I need the vpn to access a private regis try which is behind this vpn connection.
The process is stucka at: Waiting for Kubernetes cluster to be ready. This can take a few minutes...
We added 192.168.0.0/16 to NOT use vpn, but probably I need to add some more routes to get it working.
Ping, ssh and traceroute seem to return sane output:

$ traceroute 192.168.64.5
traceroute to 192.168.64.5 (192.168.64.5), 64 hops max, 52 byte packets
 1  192.168.64.5 (192.168.64.5)  0.430 ms  0.326 ms  0.371 ms
$ ping 192.168.64.5
PING 192.168.64.5 (192.168.64.5): 56 data bytes
64 bytes from 192.168.64.5: icmp_seq=0 ttl=64 time=0.255 ms
64 bytes from 192.168.64.5: icmp_seq=1 ttl=64 time=0.345 ms
^C
--- 192.168.64.5 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.255/0.300/0.345/0.045 ms
$ ssh 192.168.64.5
The authenticity of host '192.168.64.5 (192.168.64.5)' can't be established.
ED25519 key fingerprint is SHA256:/AJqX7ZOEvwGB8nsrDqxF8myOmstKVczRMUq26IJ6sA.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.64.5' (ED25519) to the list of known hosts.
[email protected]'s password:

curl-ing the api-server fails:

$ curl http://192.168.64.4:8080
curl: (7) Failed to connect to 192.168.64.4 port 8080: Connection refused

When I run the 'up' command without vpn all works fine, but the nodes are not able to reach the private registry when I connect the vpn.

I realize this is not an issue with the project, but I'd really appreciate some help/hints with this.

[rimusz]

@cobrowserAlex I use openvpn client to connect to Google Cloud, I will play with it when I'm back from my business trip.

[cobrowserAlex]

Thanks @rimusz

[cobrowserAlex]

@rimusz any progress? I have run some tests with kmachine which uses a virtualbox VM and nat networking and there all seems to work out of the box. Is coreos-osx using bridged networking perhaps?

I'd really like to use kube-solo/kube-cluster if possible...

[rimusz]

@cobrowserAlex I have tried to connect to the VM on Google Cloud from kube-solo, of course I did add the route to it inside kube-solo and kube-solo cannot see VM on Google Cloud.

And yes coreos-vm/kube-solo/kube-cluster all use bridged networking as this is how corectl/xhyve works

[cobrowserAlex]

Thanks, so it doesn't work for you either? "kube-solo and kube-solo cannot see VM on Google Cloud"

To help in getting to the bottom of this: where would I add the route?

[rimusz]

Need to play with it more, but not sure if xhyve allows that, will consult with @AntonioMeireles about it

[rimusz]

@AntonioMeireles ping

[AntonioMeireles]

@cobrowserAlex afaict going along this - machyve/xhyve#84 (comment) should get you there...

please confirm and thanks for your patience!

[cobrowserAlex]

Thanks @AntonioMeireles I wil give it a try!