Can I set static routes on droplets for 172.16.x.x to another droplet running a VPN connected to an external private network?

I would like to install a vpn on a droplet and connect it to an AT&T private network with the 172.16.x.x ip range and then have other droplets route traffic to the vpn droplet. I know you can usually put this “up route add -net netmask gw 10.x.x.x” in an ubuntu /etc/network/interfaces and have it route traffic to that server which then because of the VPN would send it to the AT&T private network. I have read a lot of things that make me believe this may not be allowed on your private net.


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

I just landed here after some Googling around searching for anyone with the same issue. I have extensively documented my findings on this Reddit post:

DigitalOcean is definitely filtering something on their side given that packets routed to a different LAN via the internal interface are never reaching anywhere (confirmed by multiple tcpdump instances running not only the droplet but also my pfSense installation).

I have openend a support ticket asking them about this, but still didn’t get an answer.

Some Clarification on this issue would be nice. I have been having the same issue and came to the same result but no clear statement form DO on this matter. This would be quite good to be sure that we are not doing some mistake in our setups.

Kind regards Gradlon