I'm not sure, but it is possible that the 2 default gateways could be causing the problem. Is one of them your VPN tunnel and the other the uplink (WAN)? And is this all behind another router relative to the internet (internet > router > LEDE router)?
Other thoughts -- if you have the OpenVPN option 'redirect gateway def1' defined (either explicitly in the client config file or specified by the options pushed by the server upon connection), it might be messing up the ability to route outside the tunnel.
So a few options...
if you have the time/flexibility to start over from scratch, that might be a good idea to help ensure that every configuration option you set is known and you can test each step along the way. If you do that, start just by creating 2 VLANs, no VPN. Make sure that each VLAN can connect to the internet via the WAN and that you can 'break' one of them by removing the forwarding from that specific LAN > WAN. Then setup the VPN and allow forwarding from that same LAN > VPN (but don't reinstate that LAN's forwarding to WAN). This should force the LAN traffic through the tunnel. If the other VLAN breaks in the process, it is a routing issue caused by the OpenVPN tunnel (possibly that redirect directive).
Check out this [VPN policy based routing package]([VPN policy based routing package](https://forum.openwrt.org/t/openvpn-wireguard-policy-based-routing-web-ui/1422/50)) -- I haven't tried it, but it might do what you need.
yes you are correct, 1 is for VPN and one is for vlan5 to get internet.
and yes you are again correct another router is behind the lede router. the router behind the lede router connects to the internet.
i have already tried the start again approach, and the results were:
the vpn breaks the other vlans connection to the internet, but pings are possible.
if i add the second default gateway for vlan5, it gives vlan5 internet but breaks inter-vlan connectivity.
I had already checked out the VPN based policy routing, but i couldn't get it to do what i needed so at this point i wiped the router clean and started again.
i think i might reinstall this again and give it another try.
Sounds to me like the VPN becomes the default/mandatory route out of the router... likely related to a redirect gateway def1 directive. If you can override this (remove it from the client or override in your local config), you may be able to get this to work. Check this article for some possible methods of doing just that (I haven't tried this, though).
Again with the same results as above, i even changed the 64.0.0.0 to 10.0.0.0 to reflect my VPN ip range and still no luck, though i think this last one could be the one. just need to somehow get it to redirect vlan5 to wan and vlan10 to vpn, the question is how
with both above methods i could ping cross vlans.
Well, I guess the good news is that this confirms that the OpenVPN route is what was causing problems with the non-VPN VLAN (the good part being that there is nothing wrong with the basic LEDE VLAN config). Hopefully this is the last hurdle.
I will have to think about this for a bit, but my guess is that you'll want to allow the route to be established (the push/pull), but then modify the routing table once the route new is established such that the routes are properly set for the individual VLANs rather than globally.
Since you are actually behind another router, there are two brute-force methods of handling this process:
Just use the 'outer' router (the one attached to your internet service) as the non-VPN network.
Use a third router (i.e. a second one connected to your main WAN router) to serve the non-VPN network. You could actually set it up as a VLAN and merge them together into a single device or trunk line, if it is needed.
Don't know of you mean another LEDE forum here, or another site.
However, if you post the same question on a different site, you should post a link to the thread here on the other site, and the other site's thread here.
Helps to eliminate confusion, and keeps eveyone informed on what's going on.