I want to run OpenVPN on my managed cluster. OpenVPN uses UDP, and this generates some problems. First of all, I can’t use the DO load balancer (it only relays TCP/HTTP). Secondly for some reason DO floating IP seems to not work with UDP either.

My first idea was simply to get a floating IP, point it to one of the nodes, and everything will be ok (maybe I could write up a small automation script to auto reassign that IP on the node-pool). I could connect to the droplet IP, but can not connect to the floating IP. But I could ssh to both.

Right now, I simply pointed my domain to one of the worker’s IP, and started a VPN server on all of the nodes, with binding the node’s port. It “works” now, but if the droplets are added/removed to the cluster and I get unlucky I need to reassign the domain to one of the new IPs. Also somehow my home router needs a manual reconnect after an IP change which is really unfortunate.

I’m open to any elegant solution :)

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

2 answers

Sorry, this could be a dead-end but I feel like I saw something relevant when I was setting up a local Raspberry Pi Kubernetes cluster. I used Ubuntu and MicroK8s:


Specifically, you might be able follow the microk8s approach as a template to manually set up a load balancer on your DO cluster nodes.

I hope that helps, let us know if you find a definitive solution!

  • It is not about I can’t configure a UDP load balancer in my cluster (nginx-ingress can be configured to forward UDP pockets). The problem is that I can’t get a public IP which forwards UDP pockets. The DO load balancer and the DO floating IP seems to only forward TCP connections.

Hey @tg44,

At present LoadBalancer provided by the DigitalOcean does not support UDP protocol. So, if you need a LoadBalancer for your UDP-based application then it will not serve the purpose.

Also, nodes will be recycled and their IP address will not be persisted making it not ideal for a nodeport service either. 

Product team always look for such feature request and product feedback, I request you to vote/add on the idea here and subscribe for updates:https://ideas.digitalocean.com/ideas/DO-I-310 
This page to help gauge demand for new features, so adding it, or adding your vote, will help us to prioritize when we can implement this feature. Your patience and understanding in this regard will be highly appreciated.

Best Regards,
Purnima Kumari
Developer Support Engineer II- DigitalOcean

Submit an Answer