Vpn - Tag - Lorenzo's Bloghttps://www.k8s.it/tags/vpn/Vpn - Tag - Lorenzo's BlogHugo -- gohugo.ioenMon, 18 Jul 2022 00:00:00 +0000YA VPN Service in Kuberneteshttps://www.k8s.it/posts/ya-vpn-service-in-kubernetes/Mon, 18 Jul 2022 00:00:00 +0000Lorenzo Girardihttps://www.k8s.it/posts/ya-vpn-service-in-kubernetes/

Why

I had my beloved IPsec setup based on strongswan running in Kubernetes for a while — you can read about that here. It worked fine. I wasn’t looking to change it. Then a colleague pointed out WireGuard’s overhead numbers and I got curious enough to evaluate it myself.

WireGuard is a modern VPN protocol that lives in the Linux kernel. It’s designed to be simple, fast, and have a minimal attack surface compared to IPsec or OpenVPN. The numbers people throw around are impressive, but I wanted to see them in practice.

]]>Kubernetes VPN Strongswan — IPsec with LDAP Authhttps://www.k8s.it/posts/kubernetes-strongswan/Tue, 11 Aug 2020 00:00:00 +0000Lorenzo Girardihttps://www.k8s.it/posts/kubernetes-strongswan/

How to Manage VPN in a Kubernetes Environment

Traditional IPsec-XAuth VPN manages credentials in flat files. Adding a user means editing a file and redeploying. Removing a user means the same. In a Kubernetes environment, that’s not acceptable.

This implementation integrates Strongswan with LDAP, turning VPN access into a standard directory operation — the same system that manages every other credential in the organization.

]]>