Map multiple VPN servers on OpenWrt to VLANs

Route 3 Vpn routers to 3 Vlan

I have 3 OpenVpn servers installed on a TP-Link Archer C7. I also created 3 Vlans (10,20,30). Is it possible to assign VPN-Server1 to Vlan10 and Vpn-Server2 to Vlan20 and ..... so that the corresponding VLAN can be reached from the Windows client via the Internet?
I've been trying different settings for a long time now. Suddenly it works with one vpn server, but not with the other and suddenly nothing works anymore.
The hardware is a: TP-Link Archer C7 v5
OpenWrt is: 21.02.1 r16325-88151b8303 / LuCI openwrt-21.02 branch git-21.295.67054-13df80d
Kernel version: 5.4.154

My knowledge of OpenWrt is very modest.
Can someone show me how best to proceed?

I configured the VPN as TCP and Tap

Thank your for doing the translation.

Good day
I've made it a little further now with OpenWrt V19.07.9.
I made 2 tap servers via tcp and attached them to the Lan or VLAN with a bridge each. The VLan and the Lan are in the same firewall zone. Via the Vpn-Server1 (Lan) I can ping all existing participants on the IP range ( of the Lan and also access them. With the VPN-Server2 (Vlan) I can ping all existing devices in the IP range of the Vlan (, but I cannot access the devices. At least the Wrt router should be accessible via But the message comes up: The requested URL /webpages/error.html was not found on this server.
The VPN client always receives a corresponding IP address from the DHCP range via the bridge.
The Wrt router is behind another router (NAT) with the address The notebook from which the VPN connection is tested is also in the same LAN. The VPN connection is established directly on the IP 1194. > so it can't be either

Please tell me where to look and where I might be able to give a hint

Hello everybody

I'm a little further. The VPN connections with the assignment to the VLANs work. But now I have the problem that every time the WRT router is restarted, the OpenVpn server is always assigned a different tap. The VPN-Server1 times tap0, times tap1, the next time tap3 etc. How can the VPN-Servers be permanently assigned to the taps?


I found that out myself too.