scubbo
/
helm-charts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
109 Commits
4 Branches
0 Tags
1.5 MiB
 
 
 
Tag: Branch: Tree: main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
helm-charts/charts/proton-vpn
History
Jack Jackson e0536fd808
Add ProtonVPN 		11 months ago
..
charts Add ProtonVPN 11 months ago
templates Add ProtonVPN 11 months ago
Chart.yaml Add ProtonVPN 11 months ago
README.md Add ProtonVPN 11 months ago
values.yaml Add ProtonVPN 11 months ago

README.md

Implements this guide. Note that I only tested this with OpenVPN, not Wireguard.

Dependencies

Cert-manager

Depends on the CRDs installed as part of cert-manager, which apparently will not be installed if that chart is a dependency of this one - so it's installed manually in its own directory.

If you need to install it manually, run helm repo add jetstack https://charts.jetstack.io; helm repo update; helm install --create-namespace -n security jetstack/cert-manager cert-manager --set installCRDs=true

Secrets

Note that the names of both of these secrets are arbitrary (though the keys within them are not) - the expected names are set in values.yaml.

Config file

Depends on the existence of a secret called openvpn-config, with a key vpnConfigfile that contains the appropriate config file. Download it from here and upload it with:

kubectl -n proton-vpn create secret generic openvpn-config --from-file=vpnConfigfile=<path_to_config_file>

OpenVPN creds

Fetch from here (note - these are different from your ProtonVPN credentials!), then upload with:

kubectl -n proton-vpn create secret generic openvpn-creds --from-literal="VPN_AUTH=<username>;<password>"

Note that you can (apparently!) append various suffices to the OpenVPN username to enable extra features if you are a paying member:

  • <username>+f1 as username to enable anti-malware filtering
  • <username>+f2 as username to additionally enable ad-blocking filtering
  • <username>+nr as username to enable Moderate NAT

I haven't tested - use at your own risk! Probably best to get a functioning connection working before messing around with extra features.

update-resolv-conf

TODO: (Not sure if this is required for all servers...) This is required by the ProtonVPN OpenVPN configuration (line 124)

Debugging

GATEWAY_IP=';; connection timed out; no servers could be reached'

As per here, "try setting the NOT_ROUTED_TO_GATEWAY_CIDRS: with your cluster cidr and service cidrs". The way to find those values is described here

More info

Some OpenVPN server configurations rely on a script at /etc/openvpn/update-resolv-conf.sh, which isn't provided by default. It looks like it's been replaced with /etc/openvpn/up.sh and .../down.sh - you should be able to manually edit the .ovpn file to reference those scripts instead.

If you really need the original file - get it from here and provide it in a ConfigMap:

curl -s https://raw.githubusercontent.com/alfredopalhares/openvpn-update-resolv-conf/master/update-resolv-conf.sh -o /tmp/update-resolv-conf

Debugging image

Useful tools to install:

apt update -y
apt install -y traceroute net-tools iputils-ping dnsutils

References