By manelio
I’ve configured an IPSec tunnel between my droplet in DO and the network of one of my clients.
All seems is working ok, but when the tunnel is up I’m not able to ping other droplets private IP (10.133.121.35, same datacenter):
Routing table doesn’t change doens’t matter the tunnel is up or down:
default via 206.189.0.1 dev eth0 proto static
10.18.0.0/16 dev eth0 proto kernel scope link src 10.18.0.27
10.133.0.0/16 dev eth1 proto kernel scope link src 10.133.121.34
169.254.43.16/30 dev Tunnel1 proto kernel scope link src 169.254.43.18
172.31.0.0/16 dev Tunnel1 scope link metric 100
206.189.0.0/20 dev eth0 proto kernel scope link src 206.189.5.144
Tunnel down (ping and traceroute ok):
traceroute to 10.133.121.35 (10.133.121.35), 30 hops max, 60 byte packets
1 10.133.121.35 (10.133.121.35) 1.872 ms 1.836 ms *
Tunnel up (cant’t ping DO private network, traceroute shows the route changed)
sudo ipsec start
sudo ipsec status
Security Associations (1 up, 0 connecting):
Tunnel1[1]: ESTABLISHED 48 minutes ago, 206.189.5.144[206.189.5.144]...52.209.55.24[52.209.55.24]
Tunnel1{1}: REKEYED, TUNNEL, reqid 1, expires in 11 minutes
Tunnel1{1}: 0.0.0.0/0 === 0.0.0.0/0
Tunnel1{2}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c55c34c7_i c6781168_o
Tunnel1{2}: 0.0.0.0/0 === 0.0.0.0/0
traceroute to 10.133.121.35 (10.133.121.35), 30 hops max, 60 byte packets
1 * * *
2 10.82.68.63 (10.82.68.63) 10.901 ms 10.82.68.53 (10.82.68.53) 1.208 ms 10.82.68.55 (10.82.68.55) 1.449 ms
3 138.197.250.102 (138.197.250.102) 1.418 ms 138.197.250.100 (138.197.250.100) 1.566 ms 138.197.250.116 (138.197.250.116) 1.514 ms
4 * * *
This is my IPSec config:
config setup
uniqueids = no
conn Tunnel1
auto=start
left=%defaultroute
leftid=206.189.5.144
right=52.209.55.24
type=tunnel
leftauth=psk
rightauth=psk
keyexchange=ikev1
ike=aes128-sha1-modp1024
ikelifetime=8h
esp=aes128-sha1-modp1024
lifetime=1h
keyingtries=%forever
leftsubnet=0.0.0.0/0
rightsubnet=0.0.0.0/0
dpddelay=10s
dpdtimeout=30s
dpdaction=restart
mark=100
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Using Strongswan to connect to two VPCs within DigitalOcean. If I use the Digital Ocean droplet firewall it blocks ping traffic between two droplets, one in each VPC - even when I leave the firewall completely open (TCP/UDP/ICMP allowed from all addresses in both directions). When I drop the DO firewall it works - I can leave the UFW on.
Trying to figure out what the DO firewall is doing.
Did you figure this out?
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.