first up to get traffic passed selectively, based on the application and regardless of the destination, through the VPN or not you'll need to set up policy routing. i *haven't* done this yet, but it can be done. in a nutshell, all traffic not port 22...
