SSH from external network to device running a VPN client

I’ve been struggling to fix an issue of mine for the last couple days now and was hoping I could get some help.

I am running DietOS on a raspberry pi. I can SSH to the pi from the same local network using the local IP address. I can also SSH from outside of the local network when the OpenVPN client isn’t running using the public IP address and port forwarding, however when it is running and connected to a 3rd party paid VPN server, I cannot connect to the pi as it appears to be on a different external IP due to the VPN.

I think I understand this is because the pi is trying to return the SSH data back through the VPN which isn’t being accepted as it’s coming back from a different IP.

Is there a way I can get around this?


You could try to use policy based routing, that means to route based on some policy and not the destination IP.
That means you’ll have to mark the SSH packets on mangle table of iptables, for packets with source tcp/22, then use this mark to create a rule to route this packet with another routing table, and finally create a new routing table with only the regular ISP gateway.

I’ve managed to get it working for now by creating a ZeroTier network that is active when the VPN client is also active. Not sure if it’s the best solution but it works for now.