Can I set static routes on droplets for 172.16.x.x to another droplet running a VPN connected to an external private network?

February 17, 2018 758 views
Networking Ubuntu 16.04

I would like to install a vpn on a droplet and connect it to an AT&T private network with the 172.16.x.x ip range and then have other droplets route traffic to the vpn droplet. I know you can usually put this "up route add -net 172.16.0.0 netmask 255.240.0.0 gw 10.x.x.x" in an ubuntu /etc/network/interfaces and have it route traffic to that server which then because of the VPN would send it to the AT&T private network. I have read a lot of things that make me believe this may not be allowed on your private net.

2 Answers

Some Clarification on this issue would be nice.
I have been having the same issue and came to the same result but no clear statement form DO on this matter.
This would be quite good to be sure that we are not doing some mistake in our setups.

Kind regards
Gradlon

I just landed here after some Googling around searching for anyone with the same issue. I have extensively documented my findings on this Reddit post: https://www.reddit.com/r/PFSENSE/comments/bs2lby/pfsense_sitetosite_openvpn_not_routing_properly/

DigitalOcean is definitely filtering something on their side given that packets routed to a different LAN via the internal interface are never reaching anywhere (confirmed by multiple tcpdump instances running not only the droplet but also my pfSense installation).

I have openend a support ticket asking them about this, but still didn't get an answer.

Have another answer? Share your knowledge.