I can't ssh to Raspi when VPN is connected - Firewall issue?

  • Hello,

    I have VPN tunnel to my home network, so I can watch my media from anywhere. Recently I encountered an issue, which will be hard to describe...

    Long story short: when connected to VPN I can't connect to my Raspberry Pi 4 from local network.

    For example:

    LAN 1 - Home where NAS is located

    LAN 2 - At my parents

    Raspberry Pi 4 connects with VPN Manager to LAN 1.

    I cannot SSH to my raspi from LAN2.

    I presume its some Firewall or VPN client settings. Never had an issue like this with any of the rest raspies I have at use.

    Can someone help to go around this?

  • We are not a VPN company, and also the Kodi application or LibreELEC 'OS' does not require a VPN to run properly.

    So whatever you have yourself entangled in, it'll be up to you to solve it.

    There is one big thread on VPN usage on this forum, and that's about all the help you will get.

  • Raspberry Pi 4 connects with VPN Manager to LAN 1.

    I cannot SSH to my raspi from LAN2.

    I think that what happens to you is normal and it has always happened to me. If the VPN server is installed on the router then it only supports incoming connections from the internet. If the VPN server is installed on a home network device then it can only be accessed from the internet using nat on the router or from the home network using the home network address for the server device.

    I have not used VPN servers for more than a year, now I use zerotier from a CG-NAT operator network that is difficult to access from the internet, that is, if you ask me what my public IP address is, I will answer that I do not have any because it is always very temporary, but everything works thanks to zerotier, within the home network and also from anywhere. I could say that I have a domain that works at home (home network and another virtual domain ( that works from anywhere on the internet, within LibreELEC. At LibreELEC startup I establish the interconnection forwarding rules between subnets with simple 'iptables' commands.

    With another device connected to zerotier from anywhere, including my home, my LibreELEC server address is always the same, and I don't need any DDNS service.

    This would also be valid for your case, sharing the zerotier virtual domain with a device located in your parents' house.

    Edited once, last by elonesna ().