Finally FIXED!!!
I have a LinkSys WRT190ACS router. My goal was to create 2 vlans (ports 1+2-VLAN5-192.168.5.1 and ports 3+4VLAN10192.168.10.1 – with wifi ssids for each VLAN) and have normal internet running VLAN5 and VPN (nordvpn) internet running through VLAN10.
I managed to create the 2 vlans and assign DHCP’s and create ssid’s easy enough and all worked well. Unitl I tried to setup the VPN which I had a right game with, but in the end I managed to get it working by, downloading the .ovpn file from the vpn providers site, change the extention to .conf copied into etc/openvpn folder with the secret file containing the username and password. Restarted and the VPN was working great.
With the firewall rules set for VLAN10 traffic to go via VPN it was up and running, VLAN10 was VPN’d, but then I noticed DNS being leaked, this was fixed by adding the VPN providers DNS server addresses in VLAN10’s interface advanced DHCP settings.
With that all sorted, when I would have the VPN up on VLAN10 I would get no internet on VLAN5. After days and days of searching the interwebs, I found I need to set a default ip route by adding the following commands under the startup section, for my setup,
ip route add default via 192.168.0.1 table 10
ip rule add from 192.168.5.2 table 10
initially I tried, ip rule add from 192.168.5.0/24 table 10 but this would cause DNS issues and I would have to put in google dns servers for the internet to work, another issue I had with 192.168.5.0/24 was I could no longer ping 192.168.5.1 subnet. I am sure the is a perfectly reasonable explanation and may an easier way to do it, but what I did was simply add a rule for each ip address from 2-50 (my DHCP range) and by doing this and leaving out the address 192.168.5.1 I did not any longer need to use the google dns and could also ping both vlans (this is what I wanted).
I also edited the vpn .conf file and removed a command "pull" - whether this did anything or not i am unsure, but it didnt affect the vpn or dns leak results.
So now I have enabled adblocker and it works great on the non VPN VLAN, but not on the VPN VLAN – but I think I will open a new thread for that issue.
Just thought, for other newbies like me who come across this type of setup/issues the above maybe of help. I must say I don’t know much about this all as I am new, and there probably is a easier way to achieve what I needed, but this is all know and have only got it to work through persistence and luck. Just putting the above out there to help others, as others helped me and pointed me in the right direction.
Thanks all.
update: i manage to block ads on the vpn side simply by getting DNS servers from my VPN provider that block ads and prevent DNS leaks - i believe i got lucky on this one.