If you want to send different protocols in different directions, I think you need to set up different routing tables and mark packets as to which forwarding table they should use. Remember that you cannot allow traffic to the VPN end point to travel up the VPN itself so you will probably want a specific route to the VPN server over the internet, adn your default route to poimnt over the VPN. Something like this below shoud pick out SSH packets for special routing. (I've not trid it). Numbers 42 (the routing table number) and 99 (the firewall mark) are numbers I chose at random.
Code:
# Make a new routing table with a different default route
ip route add default via 192.168.0.1 table 42
# Mark packets that need special routing
iptables -t mangle -A PREROUTING -p tcp --dport 22 -j MARK --set-mark 99
# Add a rule to use a differnt routing table for marked packets
ip rule add fwmark 99 table 42
Bookmarks