Self hosted and scalable VPN for Kubernetes based on WireGuard.
WireGuard is a secure network tunnel, operating at layer 3, implemented as a kernel virtual network interface for Linux, which aims to replace both IPsec for most use cases, as well as popular user space and/or TLS-based solutions like OpenVPN, while being more secure, more performant, and easier to use
For more information please take a look at Whitepaper
Currently WireGuard does not support cross platform client running in userspace. It is planned to release several userspace implementations in safe languages like Go and Rush.
CoreOS does not support WireGuard:
Current: Proof of Concept, client and server are working
Phase 1: Easy deployment on Kubernetes, better configuration
Phase 2: Web UI integrated with SSO using oauth2_proxy
Phase 3: Client running in userspace, integration with Kubernetes
There are various ways of installing Kubewire. Please take a look at getting-started section for more details.
If creating a new link returns
# ip link add dev wg0 type wireguard
RTNETLINK answers: Operation not supported
you probably miss the wireguard-dkms and wireguard-tools packages on host.
If DNS resoultion doesn't work, check
cat /etc/resolv.conf
If network is unreachable remove wireguard network interface
ip link del dev wg0
In case of any concerns or real vulnerability do not hesitate to open an issue.
If you have any idea for an improvement or found a bug don't hesitate to open an issue or just make a pull request!