DD-WRT Remote SSH Access behind VPN
SSH access doesn’t work when OpenVPN client is enabled on DD-WRT.
Packages do arrive at the router if you try to SSH against the WAN IP, however, because all OUTPUT traffic is diverted through the VPN (interface tun0) SSH won’t succeed.
What’s missing is an OUTPUT rule on iptables to route traffic on port 22 through the vlan2 interface (that’s the interface connected directly to the internet).
First, create table 202 via the Gateway Ip on the Interface VLAN2:
$ ip route add default via $(nvram get wan_gateway) dev vlan2 table 202
Then apply the rule on table 202 to packages marked with 22.
$ ip rule add fwmark 22 table 202
Finally, tag with 22 every output package on port 22 not coming from any machine on the local network.
$ iptables -t mangle -I OUTPUT -p tcp --sport 22 -d ! 192.168.1.0/24 -j MARK --set-mark 22
Note that the last command skips packages from the local network in my case 192.168.1.0/24, reason being that when SSHing from a host in local, the packages should be routed through
br0 and not
First issue these commands in the command line of your router to ensure they work with you, if somehow they break your routing, a restart will clear them. Once you have made sure they work, you can add them to the firewall script of your router
Note that my config IP and port is different because I am not using the default values.