Why can't I establish VPN connectivity with the strongSwan Helm chart?
Classic infrastructure
When you check VPN connectivity by running kubectl exec $STRONGSWAN_POD -- ipsec status
, you don't see a status of ESTABLISHED
, or the VPN pod is in an ERROR
state or continues to crash and restart.
Your Helm chart configuration file has incorrect values, missing values, or syntax errors.
To establish VPN connectivity with the strongSwan Helm chart, you might need to check for several types of issues and change your configuration file accordingly. To troubleshoot your strongSwan VPN connectivity:
-
Test and verify the strongSwan VPN connectivity by running the five Helm tests that are in the strongSwan chart definition.
-
If you are unable to establish VPN connectivity after running the Helm tests, you can run the VPN debugging tool that is packaged inside of the VPN pod image.
- Set the
STRONGSWAN_POD
environment variable.export STRONGSWAN_POD=$(kubectl get pod -l app=strongswan,release=vpn -o jsonpath='{ .items[0].metadata.name }')
- Run the debugging tool.
The tool outputs several pages of information as it runs various tests for common networking issues. Output lines that begin withkubectl exec $STRONGSWAN_POD -- vpnDebug
ERROR
,WARNING
,VERIFY
, orCHECK
indicate possible errors with the VPN connectivity.
- Set the