Posts: 31
Joined: Sat Mar 12, 2016 6:08 pm

Pi Access Point and Port Forwarding

Tue Dec 03, 2019 10:03 pm

Here is my current setup before the question (to keep my head is straight)
- Router connected to internet
- Raspberry Pi VPN access point connected (LAN) to the router
- Router internal IP of
- Pi internal IP of
So i cannot to the Pi if i want traffic to be routed through the VPN connected to my router.

Here's my puzzle...

I have devices permanently connected to the Pi VPN access point that i want to be able to discover devices permanently connected to the router.
A Kodi device is connected to the VPN but i want it to talk to my Philips Hue bridge connected to the router.
It seems more complicated than port forwarding...almost the reverse in fact.

Not a question specific to a raspberry pi forum but it does involve one.

Posts: 3864
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: Pi Access Point and Port Forwarding

Wed Dec 04, 2019 11:05 am

If it is the usual case, your VPN client resets the default route on the Pi to going via the VPN server.

So I surmise the Kodi box is talking into the tunnel. Once you've made an exception for the local network or Hue box destinations in the Pi's routing table, traffic would go outside the Pi and into the LAN instead of the tunnel. From there it has to be able to come back, thanks to a route in the Hue or the masquerading done previously in the Pi.

Traffic always goes via the most specific route.
Most specific to least, examples:
- (a single host)
- (a network)
- metric 300 (same network, lower priority route)
- (aka default, not specific at all)
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

Posts: 2
Joined: Sun Dec 01, 2019 4:06 am

Re: Pi Access Point and Port Forwarding

Wed Dec 04, 2019 4:49 pm

What type of VPN is it and what VPN client software are you running on the Pi? As epoc1970 mentioned the typical configuration of VPN clients is to route all traffic out via the VPN. You VPN client likely has some hooks in it so you can provide customer routing rules and specify that local network traffic should be routed out your ethernet interface.

Return to “Networking and servers”