dietpi-vpn on different subnet

I have setup a new network environment. One where my main PC’s are on
My RPi running dietpi-vpn with PIA is on

It used to be in the same subnet and I could access it. Now, I cannot access it when the VPN is active. I can access the Pi when dietpi-vpn is not running. Other devices on that subnet are accessible too.

I’m missing something. I think I need to open up the Pi to local network, or at least to devices from a different subnet. But how is this best achieved? I do not want the other subnets to access the Pi, just the subnet.

Can anyone give me some tips or pointers as to what direction to look for?



But I’m a little bit confused, how you can reach the Pi from the different subnet without a static route.

Did you activate killswitch on dietpi-vpn?

No, I simply did a route up and down to start or stop Transmission.

I’m assuming my UDM-PRO connects different subnets. I’m still workingout the details on that. As I do not want other subnets to reach my main. I’ve not setup any static routes.

I did nothing special. I created different networks with different subnets. Assigned IP and networks to various devices. The LAN Network, the default one, seems to be able to reach every other subnet/netwerk without additional steps.

probably issue is due to the 2 different subnet. Maybe the VPN is passing whole traffinc into the tunnel which is not part of the local network/subnet

Oh it is because of the subnets. It works fine when the Pi is in the same subnet. Can ssh to it and load Sonarr and Radarr via de webinterface while the VPN is running. I just cannot access the same setup when it’s on a different subnet.

can you have a look. I guess routing would need to be adjusted to allow the 2nd local subnet.

Most likely there is no route for the other subnet via the main router, so when the VPN comes up packets are sent over the tunnel.
Run this with and without VPN:

ip -4 ro; ip -4 ru

Without VPN:

default via dev eth0 dev eth0 proto kernel scope link src
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default

With VPN: via dev tun0
default via dev eth0 dev tun0 proto kernel scope link src via dev tun0 dev eth0 proto kernel scope link src via dev eth0
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default

Add this in the vpn up script:

ip route add via dev eth0

And this in the vpn down:

ip route del via dev eth0

Thank you very much.

This is simple and effective. Cheers!