OpenVPN - Separate AP

Morning Folks.

I did think about PBR, but really only needing access to the VPN whilst connected to a certain AP, and for any client.

So I have setup NordVPN with openVPN on Openwrt 23.05.4, which works correctly, when starting the connection, the Issue I have is the LAN does not have ANY access to the internet whilst its on (I require this not to be routed through the VPN, but the normal ISP), BUT the testVPN Access point, does have internet on the VPN

4 Interfaces -
LAN - 192.168.1.1/24,
OVPN - Unmanaged TUN,
SLAN - 192.168.10.1/24,
WAN - 10.0.0.2/24

Firewall
Lan -> Wan - Input Accept, Output Accept, FW Accept - Covered LAN, Forward Des WAN

WAN -> Reject - Input Reject, Output Accept, FW Reject - Covered WAN, Forward from Src - LAN

SLAN -> OPVN - Input Accept, Output Accept, FW Accept - Covered SLAN, FW to Dest - OVPN

OVPN -> Reject - Input Accept, Output Accept, FW Reject - Covered OVPN, FW Src - SLAN

Any ideas where I am going wrong? or anything look out of the obvious?

Is this “AP” a different piece of hardware relative to your main router, or are you referring to a dedicated SSID/network that should be routed via the vpn?

If your main router is running the vpn, you do need to use PBR. technically you could avoid it by creating your own routing tables, but PBR is much easier.

If you have a separate AP device (hardware) running the vpn and broadcasting a dedicated ssid for the con’s connection, it should not interfere with the normal lan operation.

Sorry should have clarified, just another SSID on the same router

Ok. Then PBR it is.