tinc has a nice feature called local discovery, where if the endpoints can talk directly it will do that rather than routing packets out through my VPS.
Wireguard is the new hotness but it doesn’t do this. The only thing I really use my VPN for is to SSH/scp between my computers though, so solving this for SSH solves 99% of the problem.
Fortunately it’s easy:
Match originalhost pi exec "am-i-home" HostName 192.168.1.3 Host pi HostName 10.0.0.4
If I SSH to pi, it will run
am-i-home to decide whether to use the
local IP or the VPN IP. So you need to configure your router/VPN to use
am-i-home just checks whether I’m connected by ethernet or on my home
#! /bin/sh [ "$(cat /sys/class/net/eth0/carrier 2> /dev/null)" = "1" ] && exit [ "$(iwgetid -r)" = "homessid" ] && exit exit 1