Skip to content
This repository has been archived by the owner on Feb 22, 2022. It is now read-only.

[stable/openvpn] Successfully connect, but no DNS #9080

Closed
jonasrmichel opened this issue Nov 7, 2018 · 1 comment
Closed

[stable/openvpn] Successfully connect, but no DNS #9080

jonasrmichel opened this issue Nov 7, 2018 · 1 comment

Comments

@jonasrmichel
Copy link

Is this a request for help?:
Yes, diagnostic help would be much appreciated.

Is this a BUG REPORT or FEATURE REQUEST? (choose one):

Bug report, though likely user error (custom configuration required I expect).

Version of Helm and Kubernetes:

$ helm version
Client: &version.Version{SemVer:"v2.11.0", GitCommit:"2e55dbe1fdb5fdb96b75ff144a339489417b146b", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.11.0", GitCommit:"2e55dbe1fdb5fdb96b75ff144a339489417b146b", GitTreeState:"clean"}

$ kubectl version
Client Version: version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.2", GitCommit:"bb9ffb1654d4a729bb4cec18ff088eacc153c239", GitTreeState:"clean", BuildDate:"2018-08-07T23:17:28Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.2", GitCommit:"bb9ffb1654d4a729bb4cec18ff088eacc153c239", GitTreeState:"clean", BuildDate:"2018-08-07T23:08:19Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"linux/amd64"}

Which chart:
stable/openvpn (3.10.0)

What happened:

  • Deployed the stable/openvpn (3.10.0) chart with default values to a multi-availability-zone AWS cluster
  • After creating a new client cert, am able to successfully connect
  • After connecting, no DNS servers available
    • Able to ping the openvpn pod, but nothing else

What you expected to happen:

  • Create a new client cert
  • Connect to OpenVPN server using cert
  • Network access to both cluster VPC and public internet

How to reproduce it (as minimally and precisely as possible):

  • Cluster setup
  • stable/openvpn 3.10.0 chart with default values installed within default namespace
  • create new client cert following stable/openvpn Usage instructions
  • connect to VPN using client cert
  • ping the openvpn pod (success)
  • ping any other pod in the cluster (failure)
  • ping a public domain (failure)
  • nslookup public domain (timeout)

Anything else we need to know:

  • Reproduced on Windows (Viscosity client), Linux (OpenVPN client), and MacOS (Tunnelblick client) with the same OpenVPN client cert
  • Reproduced with older version of the stable/openvpn chart (e.g., 2.0.2 which pushes a single DOMAIN dhcp-option versus one DOMAIN_SEARCH per host in /etc/resolv.conf)
@jonasrmichel
Copy link
Author

After some experimentation, I discovered these symptoms were a result of the version of Canal used in my cluster. I do not experience these problems using Canal <= 2.6.12, but do using Canal <= 3.0.0.

See kubernetes/kops#6068 for more information.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jonasrmichel