FortiClient VPN in a pod — Kubernetes

Introduction

Based on instruction how to run FortiClient VPN on Ubuntu, I decided to show you how to containerize it and run in a pod.

Dockerfile

Before we start, download forticlient-sslvpn_4.4.2333-1_amd64.deb to your machine.

<YOUR_DIRECTORY> there should be your .deb file and start.sh

Copy start.sh from here

FROM ubuntu:16.04
COPY <YOUR_DIRECTORY> /vpn/
RUN apt-get update && \
    apt-get install -y && \
    apt-get install /vpn/forticlient-sslvpn_4.4.2333-1_amd64.deb -y && \
    apt-get install ppp expect -y && \
    /opt/forticlient-sslvpn/64bit/helper/setup && \
    chmod +x /vpn/start_vpn.sh
CMD [ “/vpn/start.sh” ]

Pod

Now in your containers section add your vpn container.

- name: vpn
  image: <YOUR_IMAGE>
  stdin: true
  tty: true
  securityContext:
    privileged: true
    capabilities:
      add:
        - NET_ADMIN
  env:
    - name: VPN_HOST
      value: "Your host"
    - name: VPN_USER
      value: "Your user"
    - name: VPN_PASS
      value: "Your password"

Apply your configuration and look at your logs. You should see something like this.

STATUS::Login succeed
STATUS::Starting PPPd
STATUS::Initializing tunnel
STATUS::Connecting to server
STATUS::Connected
Press Ctrl-C to quit
STATUS::Tunnel running

It’s mean that everything is fine and all others containers in this pod can access resources through vpn.