3

I have a Raspberry Pi server (rpi) with a static internal IP using a VPN service. My router has a static public IP and I have the NAT set up to forward SSH traffic to the rpi as I have other devices on the network.

fictitious IP numbers.

I am able to SSH into the rpi server remotely (out of my network) when no VPN is used. I am able to SSH into the rpi internally (in my network) when the VPN is used. I am not able to remotely SSH into the rpi when the VPN is used.

I have seen other questions that are similar but I'm such a novice I couldn't quite understand fully what was explained or ascertain if the situation was the same as mine.

I don't believe I'm using a firewall on the server but am relying on the router to block connections and using NAT to forward connections. I don't understand what iproute is for or on which machine it should be configured.

Iogictable
  • 129

2 Answers2

0

You can do policy-based routing and using the fact that, when you access the RPi without going through the VPN, outgoint packets will use 192.168.1.4 as source because the incoming packets used 192.168.1.4 as destination.

See this answer on another thread: https://unix.stackexchange.com/a/23345

Dylan
  • 520
0

Your Raspberry Pi has a direct connection to its local subnet 192.168.1.0/24, but the VPN ads a new route to 0.0.0.0/0, over the local default gateway. Therefore, packets back to the PC over the Internet uses the VPN route even when the incoming connection comes through the local gateway.

You could

  • add a new static route to the netblock of the PC via the router or
  • forward port 22 to another machine on your LAN, and connect to your Raspberry Pi from that machine, instead.
Esa Jokinen
  • 52,963
  • 3
  • 95
  • 151