Why isn't the service route for my VPN gateway correct?
For a policy-based VPN gateway, service routes are propagated to routing tables that have VPN gateway
selected for the Accepts routes from
attribute. These routes have names that are prefixed with ibm-vpn-gateway-
.
You might find that these service routes are not correct. For example, the Next hop
is not the same as the private IP of your active gateway member. In this case, traffic is broken even if the VPN connection is Active
.
The VPN gateway service keeps monitoring the health of each VPN gateway. When a fault is detected, the service tries to recover the VPN gateway automatically. The recovery process might fail and cause inaccurate routes to remain.
Follow these steps to fix the service routes:
- From your browser, open the IBM Cloud console and log in to your account.
- Select the Navigation Menu , then click Infrastructure > Network > Routing tables.
- Select your VPC from the VPC drop-down menu.
- Click the routing table to open its details page, then click Edit.
- Clear the VPN gateway checkbox in the Accepts routes from (optional) section and click Save. Service routes propagated by the VPN gateway are removed.
- Click Edit again.
- Select VPN gateway in the Accepts routes from (optional) section and click Save. Service routes propagated by the VPN gateway are generated.