This might just be me but wasn't sure if you might have run into this during your implementation. I am having an issue where I can only get to the VPN from the node that it currently is on. So for example, other nodes can't access the podIP of the VPN, which they can for other pods in the cluster. When I don't have OpenVPN running, I can access the pod, so I think it is something with the OpenVPN configuration, maybe not allowing the other nodes to connect in some way. This might just be me, but just in case wanted to submit something here. Thanks!

Hi Steven,

your problem is a bit unclear. Can you please walk me through your clusters' network configuration and the steps you executed to deploy openvpn?

I am having an issue where I can only get to the VPN from the node that it currently is on.

The VPN should be exposed as nodePort service. If you can only access openvpn on the nodePort on the worker that's currently running the openvpn pod you might have a problem with your overlay network and/or kube-proxy.

So for example, other nodes can't access the podIP of the VPN, which they can for other pods in the cluster.
When I don't have OpenVPN running, I can access the pod,

Please specify 'access' (preferably with command examples) because i don't know how to help when i don't understand what you're trying to do.

I sent you a message on slack - we're in different timezones but i'd like to help you get up & running.

Thanks for the quick response, and I responded to you in Slack.

I have a cluster in GCE and I have a cluster of services/pods/etc

What I noticed is that when I added a loadbalancer in there, I actually had to modify the forwarding to only route to the node that the VPN lived on. So then I started debugging why the other nodes didn't know about the VPN pod. So then I just started going to the other nodes in my cluster, I have about 15 nodes in my cluster. When I ping the IP address of the VPN pod from the node that the container lives on, then I am able to get a response. However, when I go to another node in the cluster and I try to ping the podIP it doesn't respond. So in this instance, I am not going through the service layer in this instance, something in the vpnPOD is preventing access to its IP address. If I just start the VPN pod (without OpenVPN started) I can ping the podIP, so I have narrowed it down to something in OpenVPN, just been struggling with figuring that out.

We discussed on slack and discovered that $OVPN_NETWORK was configured to use the host IP network, thus creating a route conflict. Case closed 😆!

Thanks for using kube-openvpn!