minikube: Can't use Minikube on VPN

Is this a BUG REPORT or FEATURE REQUEST? (choose one): Bug Report

Minikube version (use minikube version): 0.16

Environment:

  • OS (e.g. from /etc/os-release): macOS
  • VM Driver (e.g. cat ~/.minikube/machines/minikube/config.json | grep DriverName): virtualbox AND vmwarefusion
  • ISO version (e.g. cat ~/.minikube/machines/minikube/config.json | grep ISO): file:///Users/bjones/.minikube/cache/iso/minikube-v1.0.6.iso
  • Install tools:
  • Others:

What happened: Creating and using minikube works fine. Open Cisco AnyConnect Secure Mobility Client (VPN client for work) and minikube no longer works. minikube start hangs, kubectl commands cannot reach the host.

What you expected to happen: Minikube should work while connected to a VPN

How to reproduce it (as minimally and precisely as possible):

  1. Create minikube off of VPN
  2. Connect to VPN
  3. Try to use minikube

Anything else do we need to know:

I’m also not able to create a minikube with minikube start while I’m on the VPN. When I try to create a minikube instance while connected to a VPN network I get the following error

E0207 10:00:19.260681    9862 start.go:96] Error starting host: Error creating host: Error creating machine: Error checking the host: Error checking and/or regenerating the certs: There was an error validating certificates for host "192.168.99.100:2376": dial tcp 192.168.99.100:2376: i/o timeout

I’ve tried using the --host-only-cidr 10.10.10.1/24 to avoid conflicts in IP ranges, but that didn’t help.

Here is the output of minikube start -v 7 when I have the VPN enabled and trying to connect to an existing minikube instance.

$ minikube start -v 7
Starting local Kubernetes cluster...
Found binary path at /usr/local/bin/minikube
Launching plugin server for driver vmwarefusion
Plugin server listening at address 127.0.0.1:57463
() Calling .GetVersion
Using API Version  1
() Calling .SetConfigRaw
() Calling .GetMachineName
(minikube) Calling .GetState
(minikube) DBG | executing: /Applications/VMware Fusion.app/Contents/Library/vmrun list
(minikube) Calling .Start
(minikube) DBG | executing: /Applications/VMware Fusion.app/Contents/Library/vmrun start /Users/bjones/.minikube/machines/minikube/minikube.vmx nogui
(minikube) DBG | Mounting Shared Folders...
(minikube) DBG | executing: /Applications/VMware Fusion.app/Contents/Library/vmrun -gu docker -gp tcuser runScriptInGuest /Users/bjones/.minikube/machines/minikube/minikube.vmx /bin/sh [ ! -d /Users ]&& sudo mkdir /Users; sudo mount --bind /mnt/hgfs//Users /Users || [ -f /usr/local/bin/vmhgfs-fuse ]&& sudo /usr/local/bin/vmhgfs-fuse -o allow_other .host:/Users /Users || sudo mount -t vmhgfs -o uid=$(id -u),gid=$(id -g) .host:/Users /Users
(minikube) Calling .GetConfigRaw
Waiting for SSH to be available...
Getting to WaitForSSH function...
(minikube) Calling .GetSSHHostname
(minikube) DBG | executing: /Applications/VMware Fusion.app/Contents/Library/vmrun list
(minikube) DBG | MAC address in VMX: 00:0c:29:5b:38:e2
(minikube) DBG | Trying to find IP address in configuration file: /Library/Preferences/VMware Fusion/vmnet1/dhcpd.conf
(minikube) DBG | Following IPs found map[00:50:56:c0:00:01:172.16.30.1]
(minikube) DBG | Trying to find IP address in configuration file: /Library/Preferences/VMware Fusion/vmnet8/dhcpd.conf
(minikube) DBG | Following IPs found map[00:50:56:c0:00:08:172.16.9.1]
(minikube) DBG | Trying to find IP address in leases file: /var/db/vmware/vmnet-dhcpd-vmnet1.leases
(minikube) DBG | Trying to find IP address in leases file: /var/db/vmware/vmnet-dhcpd-vmnet8.leases
(minikube) DBG | IP found in DHCP lease table: 172.16.9.131
(minikube) Calling .GetSSHPort
(minikube) Calling .GetSSHKeyPath
(minikube) Calling .GetSSHKeyPath
(minikube) Calling .GetSSHUsername
Using SSH client type: external
Using SSH private key: /Users/bjones/.minikube/machines/minikube/id_rsa (-rw-------)
&{[-F /dev/null -o PasswordAuthentication=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=no -o ControlPath=none docker@172.16.9.131 -o IdentitiesOnly=yes -i /Users/bjones/.minikube/machines/minikube/id_rsa -p 22] /usr/bin/ssh <nil>}
About to run SSH command:
exit 0
SSH cmd err, output: exit status 255:
Error getting ssh command 'exit 0' : Something went wrong running an SSH command!
command : exit 0
err     : exit status 255
output  :

Getting to WaitForSSH function...
(minikube) Calling .GetSSHHostname
(minikube) DBG | executing: /Applications/VMware Fusion.app/Contents/Library/vmrun list
(minikube) DBG | MAC address in VMX: 00:0c:29:5b:38:e2
(minikube) DBG | Trying to find IP address in configuration file: /Library/Preferences/VMware Fusion/vmnet1/dhcpd.conf
(minikube) DBG | Following IPs found map[00:50:56:c0:00:01:172.16.30.1]
(minikube) DBG | Trying to find IP address in configuration file: /Library/Preferences/VMware Fusion/vmnet8/dhcpd.conf
(minikube) DBG | Following IPs found map[00:50:56:c0:00:08:172.16.9.1]
(minikube) DBG | Trying to find IP address in leases file: /var/db/vmware/vmnet-dhcpd-vmnet1.leases
(minikube) DBG | Trying to find IP address in leases file: /var/db/vmware/vmnet-dhcpd-vmnet8.leases
(minikube) DBG | IP found in DHCP lease table: 172.16.9.131
(minikube) Calling .GetSSHPort
(minikube) Calling .GetSSHKeyPath
(minikube) Calling .GetSSHKeyPath
(minikube) Calling .GetSSHUsername
Using SSH client type: external
Using SSH private key: /Users/bjones/.minikube/machines/minikube/id_rsa (-rw-------)
&{[-F /dev/null -o PasswordAuthentication=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=no -o ControlPath=none docker@172.16.9.131 -o IdentitiesOnly=yes -i /Users/bjones/.minikube/machines/minikube/id_rsa -p 22] /usr/bin/ssh <nil>}
About to run SSH command:
exit 0
^C

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Comments: 25 (1 by maintainers)

Most upvoted comments

I know this is closed but I’m adding this comment to describe how we made this work:

  1. Set port forwarding for the minikube vm to forward port 8443 on 127.0.0.1 to port 8443 in the VM.

VBoxManage controlvm minikube natpf1 k8s-apiserver,tcp,127.0.0.1,8443,,8443

  1. Create a new kubectl context
kubectl config set-cluster minikube-vpn --server=https://127.0.0.1:8443 --insecure-skip-tls-verify
kubectl config set-context minikube-vpn --cluster=minikube-vpn --user=minikube

When on the VPN you can set kubectl to use the NAT’ed port:

kubectl config use-context minikube-vpn

When off the VPN you can use the normal minikube context:

kubectl config use-context minikube

Apparently you can use the same port forwarding for the MiniKube dashboard too

VBoxManage controlvm minikube natpf1 k8s-dashboard,tcp,127.0.0.1,30000,,30000

+92
thegridman on Jun 8, 2017

I updated minikube, sorry. I forgot to update the OP version. There doesn’t seem to be anything wrong with the running vm. I think the problem is related to networking from host to vm. When I disable my VPN I can interact with minikube just fine, but when the VPN is connected I get the following:

$ kubectl get pods
Unable to connect to the server: dial tcp 192.168.99.100:8443: i/o timeout

minikube dashboard just sits there waiting and never terminates.

minikube ssh works just fine on and off the VPN

+7
blockloop on Feb 7, 2017

@blockloop - I use Cisco AnyConnect as well, and at least my setup AnyConnect routes 192.168.96/19 through it’s tunnel - this is clobbering the default minikube network of 192.168.99/24. I tried using the --host-only-cidr flag to use a different network, but either that doesn’t work - or I did it wrong in some way (I suspect the later).

However - I was able to get this working by manually editing .minikube/machines/minikube/config.json and setting the following:

    "IPAddress": "10.254.254.100",
    "HostOnlyCIDR": "10.254.254.1/24",

I left all other values in there alone - just modifying the above two entries. With that set, I can start and stop minikube, and start and stop the VPN client, and everything always continues to work. (For this setup I’m using VirtualBox on a mac)

Note: my choice of 10.254.254/24 network was completely arbitrary, feel free to use whatever you prefer, as long as it isn’t something else (like anyconnect) isn’t already laying claim to.

+6
neilneely on May 4, 2017

Just posting here to help anyone else who has this problem. This works if you’re using a VPN with Secure Pulse (formerly Juniper Pulse I think) on macOS Just run the following command AFTER connecting to your VPN (it must be run everytime you reconnect to your VPN)

sudo route -nv delete -net 192.168.99.0/24 -interface vboxnet0 (Only if you’ve ran the below command before) sudo route -nv add -net 192.168.99.0/24 -interface vboxnet0

+4
nrichardson-nm on Mar 22, 2017

for anyone else that come across this, there is a discussion on xhyve (https://github.com/mist64/xhyve/issues/84), and the solution worked for me:

https://gist.github.com/mowings/633a16372fb30ee652336c8417091222

+4
duncanphillips on Mar 8, 2017

@neilneely I got a new job and don’t have AnyConnect anymore so I cannot test, but that looks legit.

+2
blockloop on May 4, 2017
Read more comments on GitHub
← minikube: Can't start minikube after initial install (could not unmarshal the JSON output of 'docker info')
minikube: certificate signed by unknown authority →