I don’t require it as it’s allowed where I live for personal use ^^

But you would require a sidecar pod from whatever vpn and use a given config by your vpn provider then redirect all pod traffic through your sidecar but I think some images of transmission have it all included.

I have added an edit but before you posted this so let me answer here (you can check the edit also if you feel like it)

Basically I use traefik and cert manager to retreieve star SSL certs (*.domain.com) for all the domains I own, as those are done via DNS-01 challenges you don’t need your server to be accessible via internet.

The VPN is then pointing at adguard for its DNS and adguard points my star domains to traefik which then redirect to each services with the star certificate

EDIT: external services such as the VPN itself is also redirected via Traefik using external services objects so my VPN can sit outside the cluster (in my trueNAS machine) but still have an SSL cert

Oh yeah it is a nightmare to get started (IMO) due to their own wording for most of the stuff I have added an edit if you want to check a bit more of how I have setup stuff maybe some questions will be answered there…

I have added an edit (but you will see on the last point a full on guide is started but god it is not the most funny part to do!)

I have added an edit I hope it answers questions you might have (feel free to let me know if you have more)

I have added an edit I hope it answers questions you might have (feel free to let me know if you have more)

I have added an edit I hope it answers questions you might have (feel free to let me know if you have more)