Dietpi-vpn unable to connect externally - possible?

Good afternoon,

Firstly - thank you so much for an AMAZING piece of software, withing a few days of idle tinkering I’ve set up so much. The forums have been invaluable in troubleshooting issues but there is one I am not sure whether this is by design. You always sound so patient replying, it must be frustrating sometimes so I will try to be concise and provide all info I can for you. Sorry in advance for when I don’t :wink:

Brief summary as you’re busy people.

Running jellyfin, qbittorent , pi-vpn (nordvpn), nginx (reverse proxy) and jackett.

VPN connects fine, shows correct vpn address. On the local network I can browse to local IP webgui for jellyfin and qbittorrent without issue.

I’ve been trying to set up remote access through nginx. I have setup port forwarding on my router for both nginx and direct jellyfin (to test where issue lies, eventually will just be nginx) and both were refusing connection via IP address or dynamic dns url when connecting externally (via mobile data on phone).

Port forwarding to another machine on the LAN works fine.

On a last ditch I turned off the vpn and suddenly I can connect to jellyfin and nginx externally without issue.

I was under the impression that external connections on the native external IP (aka not VPN address) should still work - on my home pc I have a vpn but can still connect using the none vpn address.

  1. Should this work or am I mistaken?
  2. I was unable to find any solutions to check for logs etc, can you point me in the right direction?

Thank you for your time

This is a little bit as expected as whole outgoing traffic is routed to the VPN interface. Means, incoming request are received from the local network interface, but the answer is end back using VPN tunnel. This way the client is not able to get thinks together, hence the particular service is not reachable. Yeah, it’s quite a high-level explanation and might not 100% correct technically but its hopefully understandable :smiley:

Theoretically you would need to exclude traffic from VPN interface. Have a look to our forum. There should be similar requet.

Thank you for taking the time to explain Joulinar. It’s reassuring to know I’m looking at the right rabbit hole before I jump down it.