Question

Can I set static routes on droplets for 172.16.x.x to another droplet running a VPN connected to an external private network?

Posted February 17, 2018 907 views
Networking Ubuntu 16.04

I would like to install a vpn on a droplet and connect it to an AT&T private network with the 172.16.x.x ip range and then have other droplets route traffic to the vpn droplet. I know you can usually put this “up route add -net 172.16.0.0 netmask 255.240.0.0 gw 10.x.x.x” in an ubuntu /etc/network/interfaces and have it route traffic to that server which then because of the VPN would send it to the AT&T private network. I have read a lot of things that make me believe this may not be allowed on your private net.

Add a comment
daved4a0be6ebef361d1e7c00f
By:
daved4a0be6ebef361d1e7c00f
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

2 answers
gradlon March 27, 2019

Some Clarification on this issue would be nice.
I have been having the same issue and came to the same result but no clear statement form DO on this matter.
This would be quite good to be sure that we are not doing some mistake in our setups.

Kind regards
Gradlon

Reply Report
rsaffixng May 27, 2019

I just landed here after some Googling around searching for anyone with the same issue. I have extensively documented my findings on this Reddit post: https://www.reddit.com/r/PFSENSE/comments/bs2lby/pfsense_sitetosite_openvpn_not_routing_properly/

DigitalOcean is definitely filtering something on their side given that packets routed to a different LAN via the internal interface are never reaching anywhere (confirmed by multiple tcpdump instances running not only the droplet but also my pfSense installation).

I have openend a support ticket asking them about this, but still didn’t get an answer.

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help