dietpi-vpn on different subnet

I have setup a new network environment. One where my main PC’s are on 192.168.200.0/24.
My RPi running dietpi-vpn with PIA is on 192.168.202.0/24.

It used to be in the same subnet and I could access it. Now, I cannot access it when the VPN is active. I can access the Pi when dietpi-vpn is not running. Other devices on that subnet are accessible too.

I’m missing something. I think I need to open up the Pi to local network, or at least to devices from a different subnet. But how is this best achieved? I do not want the other subnets to access the Pi, just the 192.168.200.0/24 subnet.

Can anyone give me some tips or pointers as to what direction to look for?

Cheers!

This:

https://serverfault.com/questions/854027/how-to-set-up-a-vpn-in-a-different-subnet

But I’m a little bit confused, how you can reach the Pi from the different subnet without a static route.

Did you activate killswitch on dietpi-vpn?

No, I simply did a route up and down to start or stop Transmission.

I’m assuming my UDM-PRO connects different subnets. I’m still workingout the details on that. As I do not want other subnets to reach my main. I’ve not setup any static routes.

I did nothing special. I created different networks with different subnets. Assigned IP and networks to various devices. The LAN Network, the default one, seems to be able to reach every other subnet/netwerk without additional steps.

probably issue is due to the 2 different subnet. Maybe the VPN is passing whole traffinc into the tunnel which is not part of the local network/subnet

Oh it is because of the subnets. It works fine when the Pi is in the same subnet. Can ssh to it and load Sonarr and Radarr via de webinterface while the VPN is running. I just cannot access the same setup when it’s on a different subnet.

trendy
can you have a look. I guess routing would need to be adjusted to allow the 2nd local subnet.

Most likely there is no route for the other subnet via the main router, so when the VPN comes up packets are sent over the tunnel.
Run this with and without VPN:

ip -4 ro; ip -4 ru

Without VPN:

default via 192.168.202.100 dev eth0
192.168.202.0/24 dev eth0 proto kernel scope link src 192.168.202.103
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default

With VPN:

0.0.0.0/1 via 10.4.110.1 dev tun0
default via 192.168.202.100 dev eth0
10.4.110.0/24 dev tun0 proto kernel scope link src 10.4.110.68
128.0.0.0/1 via 10.4.110.1 dev tun0
192.168.202.0/24 dev eth0 proto kernel scope link src 192.168.202.103
212.102.57.142 via 192.168.202.100 dev eth0
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default

Add this in the vpn up script:

ip route add 192.168.200.0/24 via 192.168.202.100 dev eth0

And this in the vpn down:

ip route del 192.168.200.0/24 via 192.168.202.100 dev eth0

Thank you very much.

This is simple and effective. Cheers!