I'm going around in circles here and I find so many posts on the matter that either conflict each other or have images of a gui version very different to the current latest. Having spent about 2 days on this already I have admitted I need some advice.
So I have a mesh in my house, and have bought a Homehub-5 OpenWrt router to compliment it as a "VPN AP Hotspot".
The Homehub is connected to my existing WiFi for internet access on the 5ghz band. I have followed this guide (https://openwrt.org/docs/guide-user/network/wifi/relay_configuration) and set the 2ghz for client use.
So I now have a working 'repeater' but one which has its own IP range and broadcasts on its own (appended _VPN) SSID.
Clients connecting to this AP get an IP address in the new range, they have internet access using this new SSID AP. All good so far.
However. What I want is to have OpenVPN to manage a VPN connection to surfshark. I want all clients using this AP to only be able to access 'internet' via the VPN tunnel.
As it stands, while I have installed the VPN requirements and have an active connection using my surfshark config, my clients are still routing out via the core network and exposing my actual external IP.
I seem to need to replace the routes or rules somehow to ensure that routing to the internet from this new AP is ONLY possible via the VPN connection. But as I said, having tried a few similar guides I find myself unabe to get this to work properly.
I would very much appreciate any guidance.
Thank you in advance!