How to set default route for the VPN

Posted April 10, 2019 7.4k views
VPNUbuntu 16.04

I have been able to set up a site-to-site IPSec/IKEV1 VPN between a CISCO gear and my droplet at DO. The VPN is up. But there is not traffic. When I do a simple ping on the remote Private IP from my droplet, I get nothing:

PING ( 56(84) bytes of data.
--- ping statistics ---
21 packets transmitted, 0 received, 100% packet loss, time 20159ms

But if I try to ping the remote Private IP by specifying the interface to use as *eth1, I can reach it smoothly :

ping -I eth1
PING ( from 10.XXX.XXX.XXX eth1: 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=63 time=169 ms
64 bytes from icmp_seq=2 ttl=63 time=168 ms
--- ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 168.838/169.150/169.462/0.312 ms

How can I solve that ?
It feels like when I’m trying to reach out, the default interface is eth0.
Is there a way to change the default interface ? or is there a configuration that can help me tell that all the packets that are coming from my private IP of the droplet must pass trough eth1 ?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
2 answers


This is a great question. I really like nixCraft’s guide for adding routes, and I think it can help you in your situation:

I think the most noteworthy part of their guide is where they give the example for “Route all traffic via gateway connected via eth0 network interface.” I would paste it here but they deserve the ad revenue from a visit :)


Thanks very much. That answer helped me pinpoint correctly where was my mistakes implementing that VPN. I ended up implementing the routing with iptables : “`iptables -t nat -A POSTROUTING -j SNAT -o eth0 –destination 192.168.XXX.XXX –to-source 10.MYP.RIV.ATE