IBM Cloud Docs
Why aren't my VPN gateways or virtual server instances communicating?

Why aren't my VPN gateways or virtual server instances communicating?

When a connection is created successfully, the VPN service adds a 0.0.0.0/0 via <VPN gateway private IP> route into the default routing table of the VPC. However, this new route can cause routing issues.

  • Virtual server instances in different subnets cannot communicate with each other.
  • If the VPN gateway is in a subnet that uses the default routing table, it creates a route loop and the VPN gateway cannot communicate with the on-premises VPN gateway.

This issue occurs only when the peer CIDR is 0.0.0.0/0.

To address these routing issues:

  • If the virtual server instances in different subnets cannot communicate with each other, create a route with Delegate type for each subnet.

  • If the VPN gateway is in a subnet that uses the default routing table, complete these steps:

    • Create a dedicated subnet for the VPN gateway.
    • Create a dedicated custom routing table.
    • Associate the dedicated subnet with the dedicated custom routing table.