From c16e928920a608c9f3cd109ebf2d90e67de33055 Mon Sep 17 00:00:00 2001
From: Markus Rudy <mr@edgeless.systems>
Date: Fri, 24 Nov 2023 11:38:54 +0100
Subject: [PATCH] dev-docs: add 'things to try' section to VPN howto

---
 dev-docs/howto/vpn/helm/README.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/dev-docs/howto/vpn/helm/README.md b/dev-docs/howto/vpn/helm/README.md
index 9832fa94c20..08b25e40203 100644
--- a/dev-docs/howto/vpn/helm/README.md
+++ b/dev-docs/howto/vpn/helm/README.md
@@ -18,6 +18,20 @@ This Helm chart deploys a VPN server to your Constellation cluster.
 
 3. Follow the post-installation instructions displayed by the CLI.
 
+## Things to try
+
+Ask CoreDNS about its own service IP:
+
+```sh
+dig +notcp @10.96.0.10 kube-dns.kube-system.svc.cluster.local
+```
+
+Ask the Kubernetes API server about its wellbeing:
+
+```sh
+curl --insecure https://10.96.0.1:6443/healthz
+```
+
 ## Architecture
 
 The VPN server is deployed as a `StatefulSet` to the cluster. It hosts the VPN frontend component, which is responsible for relaying traffic between the pod and the on-prem network, and the routing components that provide access to Constellation resources. The frontend supports IPSec and Wireguard.