while your desired setup is not clear to me, i'm sure the vpn-pbr package and openvpn will satisfy your requirements.
what seems to trip people up, is the fundamentals around wlan and choosing the right underlying config for the policies to sit on top of.
basically, if you want to pbr "wlan" it needs to be isolated on L3. providing this exists, then try it and can come back with any specific issues you may have...
"DMZ" is ambiguous in the consumer router world because it has two meanings. The traditional "locked down subnet with specific one to one nat entries" and the simplified "NAT everything to somewhere"...
I created a firewall zone called VPN but still not really succesfull.
If I use the following config
LAN, -dest WAN&VPN, all accepted no masq no mss
WAN, -source LAN, input reject, output accept, forward reject, masq and mss
VPN, -source LAN, all accept, masq no mss
the intranet has internet and if I do traceroute to openwrt.org the first hop is always the PPPOE address and not the VPN IP
if I change LAN -dest VPN (remove dest wan) the router has internet but not the intranet
can't get my head around this issue...
Is it a problem or pre/postrouting? of Static route? NIC metric?
If I can support with the copy of some files please advise