Okay machine ‘I am behind a VPN’ can be accessed locally: 10.1.1.20, with OpenVPN it is behind an external IP address, not mine
I set up a VPN to my local network: 10.10.10.50 is my IP when I am behind a VPN, when I try to access 10.1.1.20 it is not allowed, where other machines in the same network are ok.
This is due to the OpenVPN connection being active (when disabling OpenVPN, than all is ok), so trying to be able to allow the remote VPN access the machine.

Now I did 2 things and I believe the first command did it.

1. used a new route:
ip route add 10.10.10.0/24 (VPN) via 10.1.1.100 (router) dev eth0

and I used
2. iptables -A INPUT -s 10.10.10.50 -j ACCEPT (but this one did not work, but I will mention it .. you never know)

A lot of people use Fun_Plug to run alternative scripts on the CH3SNAS including the ability to run Debian from USB.

a few months back I donated 2 CH3SNAS to the people of Debian to make the CH3SNAS supported for the version ‘Lenny’ of Debian.

The following link will give you a complete install procedure to get rid off the normal CH3SNAS firmware and have the flash using an alternative firmware. Please note that this is not for pussies and certainly not for users without the ability to create a serial console and Linux knowledge

The alternative firmware will install an installer by default to partition and format your disks & install Debian’s Lenny. The only issue for me not using the firmware is that if your HDD is crashing you brick your device.

There must be someone working on putting OE in flash and then boot Debian with kexec, than the device could be saved or instead of putting OE in flash, put the installer in flash and something that will boot Debian. And if there is no disk, then boot the installer. It’s a nice idea, but it does not  exist currently (as I quote Martin Michlmayr  freely)If you have experience and you want to play: as long as the device is running, SSH is working and you can mount a USB stick you can refer to the original stock firmware by using this how-to

Above has been tested last week by me. A lot of of work has to be done by the Debian group to have more functions and recovery options enabled.

I only advise people to test it with a non production box and when you have enough experience.