Find the VPN server and the relevant router UUID
# get VPN connection ID
openstack vpn ipsec site connection list | grep foo
openstack vpn ipsec site connection list --long | grep <project_id>
VPN_CONNECTION_ID=142dc25f-13bb-4fda-b093-edf13df98ed8
openstack vpn ipsec site connection show ${VPN_CONNECTION_ID}
VPN_SERVICE_ID=$(openstack vpn ipsec site connection show ${VPN_CONNECTION_ID} -c 'VPN Service' -f value)
openstack vpn service show ${VPN_SERVICE_ID}
# get router ID
ROUTER_ID=$(openstack vpn service show ${VPN_SERVICE_ID} -c Router -f value)
echo "ROUTER_ID=${ROUTER_ID}"
Find the ctl Node where the active router is running
openstack port list --device-owner network:router_gateway -f value -c binding_host_id --router ${ROUTER_ID}
# OR run on all ctl nodes run
ip netns exec qrouter-<router_id> ip a s
Connect to that ctl node and "jump" in its neutron-l3-agent docker container
ssh ${CONTROL_NODE}
docker exec -u root -ti neutron_l3_agent bash
4. Enable file logging in strongswan configuration