Why can't I access my classic virtual server instance privately after I configure route propagation for VPN gateways?

After adding Transit Gateway connections to interconnect VPC and classic, and enabling route advertisement to Transit Gateway, I still cannot access my virtual server instances on classic through its private IP address even though the site-to-site VPN connection is up and running.

By default, your classic virtual server instance is configured to route through the public interface and doesn't know how to route traffic to the private network on-premises or remote.

Follow the steps to resolve this issue:

1. Navigate to Classic Infrastructure > Devices and locate the virtual server instance.

2. Use your preferred way of virtual server management to access your classic virtual server instance through its public IP address.

3. In the Network details table, find the gateway of the private interface by hovering over the information icon of the IP address.

4. Add a route to specify the destination CIDR and the gateway IP. As an example, in the following command for Linux, 10.240.5.0/24 is the CIDR of your network on-premises and 10.188.170.65 is the gateway of the private IP address.

   ip route add 10.240.5.0/24 via 10.188.170.65
   

For more details about adding routes on different operating systems, see How do I add the new routing for an operating system?.