Project delivery #2
Conversation
There was a problem hiding this comment.
Commits should be meaningful. COmmits which differ from the previous version just by a few words (maybe because of a typo) look confusing.
Please rewrite your commit history ("squash", https://github.com/wprig/wprig/wiki/How-to-squash-commits) with fewer commits, ideally just one.
| - name: exporter | ||
| image: kumina/openvpn-exporter | ||
| command: ["/bin/openvpn_exporter"] | ||
| args: ["-openvpn.status_paths", "/etc/openvpn-exporter/openvpn/openvpn-status.log"] |
There was a problem hiding this comment.
What about if this path does not exist on the target machine?
There was a problem hiding this comment.
The first part is the volume mount I created, while the openvpn/openvpn-status.log refers to a file that is present in the OpenVPN installation.
| IP forwarding needs to be set on the server machines for internet connectivity to work through the VPN gateway. | ||
| You can avoid routing Internet traffic through the VPN by setting `redirectGateway: false` or adding the line `pull-filter ignore "dhcp-option DNS"` to the client certificate. | ||
|
|
||
| ## TODO |
There was a problem hiding this comment.
I am definitely missing how we can create users that will use this VPN service. It is definitely a very important point given that, without that information, your service looks pretty much useless.
There was a problem hiding this comment.
It was state in the part that says
After the chart is deployed and the pod is ready, an OpenVPN certificate can be generated using the following commands:
which also contains the commands to run for generating the certificates for a new user.
| You can avoid routing Internet traffic through the VPN by setting `redirectGateway: false` or adding the line `pull-filter ignore "dhcp-option DNS"` to the client certificate. | ||
|
|
||
| ## TODO | ||
|
|
There was a problem hiding this comment.
I cannot find any explanation about how traffic is routed within the service. Do we have to enable the IP forwarding on the Pod? In either case (either YES or NO), why?
There was a problem hiding this comment.
Yes, ip forwarding needs to be set, otherwise traffic stops at the gateway. I added the functionality of setting it automatically when deploying (I point it out in the README section about the list of modification I made).
I have also added a pointer to an explanation of OpenVPN routing, if you think it can be useful I can elaborate a bit on OpenVPN routing in general.
dpstart
force-pushed
the
master
branch
3 times, most recently
from
3117251 to
c245fc8
Compare
Update README.md Update README.md Update README.md Update README.md Update README.md Update README.md Update README.md Update README.md Update README.md Update README.md Update README.md Update README.md Update README.md Update README.md Update README.md Update README.md
Update README.md Update README.md Update README.md Update README.md Update README.md Update README.md Update README.md Update README.md Update README.md Update README.md
Update README.md Update README.md Update README.md
Update README.md Update README.md Update README.md Update README.md
Added more detailed info aout certificate Add loadalancer info
Fixed typo Fix typo Added more detailed info aout certificate Fixed typo Fix typo
No description provided.