Set up two LANs, one routed through WAN, one through VPN

I have a work PC that struggles to run its own VPN through the VPN on my router. I tried to set up an interface and a firewall zone for it, but can get only one of the interfaces working at any given time.

My set up (as it was):

interface br-lan (static IP with DHCP over ethernet ports, 2.4 and 5 GHz wlan), zone lan
interface wan (DHCP4), zone wan
interface tun0 (Unmanaged, OpenVPN), zone vpn

firewall setup was trivial:
zone lan accept-accept-accept, forward to vpn
zone wan reject-accept-reject, masq
zone vpn reject-accept-reject, masq

What I added:

separate wlan gwlan0
interface br-guestlan (static IP with DHCP over gwlan0), zone guestlan

firewall:
zone guestlan accept-accept-reject, forward to wan

After this only one of the interfaces (lan and guestlan) has internet access. Sometimes OpenWRT adds wan's gateway and lan and guestlan gateway (and then guestlan works), sometimes it doesn't and my OpenVPN actually manages to connect. Adding wan's gateway IP as guestlan's gateway IP manually doesn't help.

Am I on the right track at all, or am I using the wrong tools?

You need to do Policy Based Routing and you have 3 options:

1. mwan3 package
2. pbr package
3. a set of rules/routes for each internet connection.

What's the principal difference between the two packages? I also plan to add a route from WAN to my NAS in the future, which package won't conflict with that?

I'd suggest pbr, it is more friendly to new users.

I assume you mean port forward. No it won't.

I've installed PBR, and it works, but it only works with L2TP. OpenVPN says "Network unreachable" in the log. Is it because I've set PBR to route 192.168.2.1/24 (my guest LAN) to WAN, and 192.168.2.1 is the router itself?

This doesn't make sense. Set PBR to route 192.168.2.0/24 via wan.
The router will use the default gateway.

Yes, it was some misconfiguration on my side.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.