DO Ideas 2

Support Region to Region Private Network VPNs

Right now the regions have a limitation on source and destination IP checking. This is great to prevent spoofing.
However, in building out a larger installation and network, I would want to join together separate regions using secure tunnels that would allow machines to talk to their private interfaces across regions.

The VPN setup, ip forwarding and routing is all doable right now. However the source/destination checks prevent this from fully working.

It would be simple to still have source/destination check minus the known private IP ranges of the DO regions. This would allow customers to build out their own network of connected regions.

  • Jake Thompson
  • Sep 11 2018
  • Attach files
  • Jake Thompson commented
    September 11, 2018 16:55

    Just a note here, this does work today if you use NAT on each side of the tunnel, however that prevents direct host to host interaction. So in the scope of setting up something like cross region database servers, it would not be sufficient.

    Also, yes you can just connect this all over public IP addresses and firewall out everything else, but that is not a great option either.