DigitalOcean

Report this

What is the reason for this report?
Question

How to connect droplets to a VPN

Posted on May 20, 2021
VPN
Networking
Tim Oladoyinbo

By Tim Oladoyinbo

I have a droplet running strong swan VPN which I installed using this guide: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-18-04-2. Everything works ok as I can telnet into the remote server with its private IP from the droplet running the strong swan VPN.

I have also set up the same droplet as the VPC gateway using this guide https://docs.digitalocean.com/products/networking/vpc/resources/droplet-as-gateway/

The issue I’m currently facing now is that I cannot telnet into the remote server from droplets that are in the same VPC as the VPN server. I think I would need to connect the droplets to the VPN server but I’m not sure how to go about that. Any help is appreciated.



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
alexdo
alexdo
May 27, 2023

You will need to configure the iptables rules and enable IP forwarding on the VPN server.

First, enable IP forwarding by editing the /etc/sysctl.conf file and uncommenting or adding the following line:

net.ipv4.ip_forward=1

Apply the changes with the command:

  1. sudo sysctl -p

Next, set up iptables rules to forward traffic from your other droplets to the VPN server. Replace eth1 with your private network interface and eth0 with your public network interface:

  1. sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

  2. sudo iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

  3. sudo iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

Ensure that you save the iptables rules and configure them to persist across system reboots. You can follow the iptables guide on Ubuntu for more details.

If your droplets are not already in the same VPC as the VPN server, you can follow this guide on how to use VPCs with DigitalOcean.

For further information about configuring StrongSwan, consult the IKEv2 VPN Server Setup tutorial

Hope that this helps!

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.