Running two VPNs

Hi

I am having trouble setting up an openwrt travel router in the manner I want. Frankly, the results are frying my tiny mind. Days of googling are doing me no good, and it probably does not help that I have spent the last few years making a fool of myself with pfsense rather than openwrt. If anyone could point me in the right direction I would be really grateful.

I want to make a travel router do two things:

  1. provide clean internet from potentially unsafe access points (I am not looking to get through hotel captive portals - just use, say a normal wifi connection in an airbnb type setup where I do not trust the access point.

  2. Allow me to get to my office via an openvpn client connection.

So I have:

A. Set up one of the radios as a repeater to connect to the unsafe AP and provide internet. No problems.

B. Configured a nordvpn connection via n ovpn file for internet traffic (tun1)

C. Configured an openvpn connection to the office vpn server (tun0). Let's say that network is 192.168.40.*.

I have configured B and C via the openvpn tab on luci.I have follwed the general openvpn config guide and added these interfaces to the wan zone in the firewalls as directed. I have not configured network kill switch.

If I start the office connection, all is fine. I can ping machines in the office and access web services via a browser. I can also connect to the internet using the (un-vpned) repeater.

If I then start the nordvpn connection, then I access the internet via the nordvpn, but this is where it gets strange. With both vpns running, I can still ping office machines via the work vpn. I can ssh into them. However, using a web-browser, whilst I can connect to a very simple http server (say an apache 'it works!' page), as soon as I try to access any web service that appears to involve anything more complex (like suitecrm) it just times out.

I have tried putting in a static route to force the 192.168.40.* traffic through tun0 - no change.

No pbr is installed. I cannot get my head around this. It appears to be routing properly, but something is messing it up. I am no doubt doing something stupid.

Has anyone found any guides or does anyone have any experience in setting up two vpn connections running at the same time, with one a private and the other a commercial provider?

In short, all I want to do is:

All internet traffic that is not destined for 192.168.40.* to go through tun0. Everything for 0.0.0.0 to go through tun1.

Anyone's time in helping here is very much appreciated.