Thanks @16F84, however I did not make myself clear. They will only allow our router to access the school network if I filter all connection to the router.
The school will not see those MACs since they are all behind the NAT, however I need to present to them that I'm doing that.
The solution you proposed regards the WAN interface, which is not the problem. I must filter (allow) LAN and radio0 connection by MAC. In other words, If an unauthorized person plugs his notebook with ethernet cable, but his MAC is not in the whitelist, he will not be able to connect.
LuCI-->Network-->Wireless-->edit SSID-->MAC-Filter-->Allow listed only
...and then further to that you may want to disable masquerading on your WAN firewall to show the net admin what clients are connected - that I am not to sure about as you are disabling major security features etc. - you may want to confirm that with them / get a second opinion.
Sorry, I didn't explain correctly. I have a VPN server running inside Openwrt. When I connect (externally) to the Openwrt, I can access LAN but my internet connection is not redirected. My internet connection is blocked.