Why can't I establish VPN connectivity with the strongSwan Helm chart?

Classic infrastructure

When you check VPN connectivity by running oc exec $STRONGSWAN_POD -- ipsec status, you don't see a status of ESTABLISHED, or the VPN pod is in an ERROR state or continues to crash and restart.

Your Helm chart configuration file has incorrect values, missing values, or syntax errors.

To establish VPN connectivity with the strongSwan Helm chart, you might need to check for several types of issues and change your configuration file accordingly. To troubleshoot your strongSwan VPN connectivity:

1. Test and verify the strongSwan VPN connectivity by running the five Helm tests that are in the strongSwan chart definition.

2. If you are unable to establish VPN connectivity after running the Helm tests, you can run the VPN debugging tool that is packaged inside of the VPN pod image.

   1. Set the STRONGSWAN_POD environment variable.

      export STRONGSWAN_POD=$(oc get pod -l app=strongswan,release=vpn -o jsonpath='{ .items[0].metadata.name }')
      

   2. Run the debugging tool.

      oc exec $STRONGSWAN_POD -- vpnDebug
      

      The tool outputs several pages of information as it runs various tests for common networking issues. Output lines that begin with ERROR, WARNING, VERIFY, or CHECK indicate possible errors with the VPN connectivity.