iptables: How to allow only SSH and VPN traffic?

I have a dedicated server with Ubuntu 14.10 installed. The server should connect to an OpenVPN server and the traffic should only go through the VPN, except for SSH traffic. My idea is to implement this with iptables, but I am not a specialist. What exactly should be handled with iptables? Supposing below are the basic conditions: 1. Allow only traffic through VPN. When my server loses connection to the VPN, there should be no traffic leak. 2. Allow SSH without VPN. I want to connect to my server with SSH and its normal IP from the server provider (but only SSH traffic). 3. Since I am not the only user of the VPN, I want to hide my server in the VPN from other computers. I started to create my iptables rules but it always blocks all my connections: # flush old rules iptables -F # accept SSH traffic with non vpn connection iptables -A INPUT -d X.X.X.X -p tcp --dport 22 -j ACCEPT iptables -A OUTPUT -s X.X.X.X -p tcp --sport 22 -j ACCEPT # block everything except my rules iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP # allow loopback iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # allow vpn iptables -A INPUT -j ACCEPT -p udp -s Y.Y.Y.Y --sport 1194 iptables -A OUTPUT -j ACCEPT -p udp -d Y.Y.Y.Y --dport 1194 X.X.X.X is the server IP from the provider. Y.Y.Y.Y is the IP of the VPN server. The rules always kick me out of my current SSH connection and I can't create new SSH connection, although it should accept traffic through the port 22.