Can I set static routes on droplets for 172.16.x.x to another droplet running a VPN connected to an external private network?

February 17, 2018 758 views
Networking Ubuntu 16.04
daved4a0be6ebef361d1e7c00f
By:
daved4a0be6ebef361d1e7c00f

I would like to install a vpn on a droplet and connect it to an AT&T private network with the 172.16.x.x ip range and then have other droplets route traffic to the vpn droplet. I know you can usually put this "up route add -net 172.16.0.0 netmask 255.240.0.0 gw 10.x.x.x" in an ubuntu /etc/network/interfaces and have it route traffic to that server which then because of the VPN would send it to the AT&T private network. I have read a lot of things that make me believe this may not be allowed on your private net.

Log In to Comment
2 Answers
gradlon March 27, 2019

Some Clarification on this issue would be nice.
I have been having the same issue and came to the same result but no clear statement form DO on this matter.
This would be quite good to be sure that we are not doing some mistake in our setups.

Kind regards
Gradlon

Reply
rsaffixng May 27, 2019

I just landed here after some Googling around searching for anyone with the same issue. I have extensively documented my findings on this Reddit post: https://www.reddit.com/r/PFSENSE/comments/bs2lby/pfsense_sitetosite_openvpn_not_routing_properly/

DigitalOcean is definitely filtering something on their side given that packets routed to a different LAN via the internal interface are never reaching anywhere (confirmed by multiple tcpdump instances running not only the droplet but also my pfSense installation).

I have openend a support ticket asking them about this, but still didn't get an answer.

Reply
Have another answer? Share your knowledge.

Related Questions