I have been able to set up a site-to-site IPSec/IKEV1 VPN between a CISCO gear and my droplet at DO. The VPN is up. But there is not traffic. When I do a simple ping on the remote Private IP from my droplet, I get nothing:
ping 192.168.100.213
PING 192.168.100.213 (192.168.100.213) 56(84) bytes of data.
^C
--- 192.168.100.213 ping statistics ---
21 packets transmitted, 0 received, 100% packet loss, time 20159ms
But if I try to ping the remote Private IP by specifying the interface to use as *eth1, I can reach it smoothly :
ping 192.168.100.213 -I eth1
PING 192.168.100.213 (192.168.100.213) from 10.XXX.XXX.XXX eth1: 56(84) bytes of data.
64 bytes from 192.168.100.213: icmp_seq=1 ttl=63 time=169 ms
64 bytes from 192.168.100.213: icmp_seq=2 ttl=63 time=168 ms
^C
--- 192.168.100.213 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 168.838/169.150/169.462/0.312 ms
How can I solve that ? It feels like when I’m trying to reach out, the default interface is eth0. Is there a way to change the default interface ? or is there a configuration that can help me tell that all the packets that are coming from my private IP of the droplet must pass trough eth1 ?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Accepted Answer
Greetings!
This is a great question. I really like nixCraft’s guide for adding routes, and I think it can help you in your situation:
https://www.cyberciti.biz/faq/linux-route-add/
I think the most noteworthy part of their guide is where they give the example for “Route all traffic via 192.168.1.254 gateway connected via eth0 network interface.” I would paste it here but they deserve the ad revenue from a visit :)
Jarland
Thanks very much. That answer helped me pinpoint correctly where was my mistakes implementing that VPN. I ended up implementing the routing with iptables : ```iptables -t nat -A POSTROUTING -j SNAT -o eth0 --destination 192.168.XXX.XXX --to-source 10.MYP.RIV.ATE
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Full documentation for every DigitalOcean product.
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.
New accounts only. By submitting your email you agree to our Privacy Policy
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.