3

Given two pods deployed on different nodes:

  1. myapp pod deployed on apps node
  2. wireguard pod deployed on vpn node, using a subnet like 172.16.30.0/16

I need myapp to be able to be able to route traffic to the wireguard peers (VPN clients) having IPs in the subnet 172.16.30.0/16, the traffic is mostly ICMP probes, SSH and iperf tests, the VPN clients are network devices managed via an application called OpenWISP.

I already enabled IP forwarding on the wireguard pode and VPN node, now I need to understand: how do I set up routes in a way that plays nicely with the Kubernetes networking model?

That is, I want to instruct the myapp pods to send traffic for the subnet used by wireguard (172.16.30.0/16) to the wireguard container so that the traffic is routed to the VPN clients.

Thanks in advance to anyone who will help.

nemesisdesign
  • 137
  • 7
  • Should the clients be on the same subnet? This seems a bit odd, because WireGuard is a layer3 VPN, which means you cannot bridge both VPN clients and the pods together, but rather you need to route the traffic between them. – Mohammed Noureldin Dec 29 '22 at 23:12

0 Answers0