IP Whitelist in K3S does not see VPN IPs

osiris · December 15, 2022, 10:21am

I'm trying to IP whitelist some services in K3S. Restricting to LAN addresses works fine after setting externalTrafficPolicy to local in the Traefik service. However, when traffic comes in over VPN, the whitelisting doesn't work and the connecting client's WAN address is shown in the access logs. VPN is set to send all traffic.

I'm thinking this could be something to do with depth, but I can't find any annotations for that...

nickcaballero · January 11, 2024, 12:28am

I'm having the same issue when using OpenVPN (using TUN - clients are mobile devices so TAP is not an option). Found this other post but it doesn't seem like they found a solution.

Topic		Replies	Views
Restricting traefik to listen on specif network interface Traefik v2 kubernetes-ingress	2	1505	February 22, 2023
IP Whitelist & VPNs Traefik v2 docker , middleware	5	4753	August 5, 2020
Problems with the whitelist in GKE Traefik v2 kubernetes-ingress , middleware	4	1437	February 3, 2021
ClientAddr shows internal IP with externalTrafficPolicy set to Local Traefik v2 kubernetes-ingress	1	733	November 5, 2023
traefik white list did not work as expect Traefik v2 kubernetes-ingress	1	318	September 30, 2021

IP Whitelist in K3S does not see VPN IPs

Related topics