SSH from external network to device running a VPN client

D_a_n · 6 May 2020 15:05

I’ve been struggling to fix an issue of mine for the last couple days now and was hoping I could get some help.

I am running DietOS on a raspberry pi. I can SSH to the pi from the same local network using the local IP address. I can also SSH from outside of the local network when the OpenVPN client isn’t running using the public IP address and port forwarding, however when it is running and connected to a 3rd party paid VPN server, I cannot connect to the pi as it appears to be on a different external IP due to the VPN.

I think I understand this is because the pi is trying to return the SSH data back through the VPN which isn’t being accepted as it’s coming back from a different IP.

Is there a way I can get around this?

Thanks

trendy · 6 May 2020 21:56

You could try to use policy based routing, that means to route based on some policy and not the destination IP.
That means you’ll have to mark the SSH packets on mangle table of iptables, for packets with source tcp/22, then use this mark to create a rule to route this packet with another routing table, and finally create a new routing table with only the regular ISP gateway.

D_a_n · 7 May 2020 09:25

I’ve managed to get it working for now by creating a ZeroTier network that is active when the VPN client is also active. Not sure if it’s the best solution but it works for now.