@PhilipDAth wrote: It looks like you have thee subnets, so test it first on a Digital Ocean machine with: ip route add 192.168.88.0/24 via 10.99.10.2 ip route add 10.255.255.0/24 via 10.99.10.2 ip route add 192.168.89.0/24 via 10.99.10.2 Assuming 10.99.10.2 is your StrongSwan machine. If after doing that you can ping the machine then add it to rc.local so it happens every boot. You'll need to be root to execute the above commands. I figured out why it wouldn't work. Strongswan does the routes automatically, but DigitalOcean (my provider) doesn't allow traffic from different source IP (other than a private IP) to be forwarded to private networks. In other words, the VM is reachable, but not the network behind it.
... View more
