Then you need:
One lan2 zone covering the second interface lan2 which is connected to the second wifi. One vpn zone covering the vpn interface. Allow forwarding on the firewall from lan2 to vpn zone.
Also you need to do source based routing and you have 3 options:
- mwan3 package
- pbr package
- a set of rules/routes for each internet connection.
The easier is option 2. You need to set as gateway for the lan the wan interface and for lan2 the vpn.