VPN only guest wireless network or specific DHCP address

uci set network.vpn0=interface
uci set network.vpn0.ifname=tun0
uci set network.vpn0.proto=none
uci set network.vpn0.auto=1
uci set firewall.vpn=zone
uci set firewall.vpn.name=vpn
uci set firewall.vpn.network=vpn0
uci set firewall.vpn.input=ACCEPT
uci set firewall.vpn.forward=REJECT
uci set firewall.vpn.output=ACCEPT
uci set firewall.vpn.masq=1
uci set firewall.vpn_forwarding_lan_in=forwarding
uci set firewall.vpn_forwarding_lan_in.src=vpn
uci set firewall.vpn_forwarding_lan_in.dest=lan
uci set firewall.vpn_forwarding_lan_out=forwarding
uci set firewall.vpn_forwarding_lan_out.src=lan
uci set firewall.vpn_forwarding_lan_out.dest=vpn
uci commit network
/etc/init.d/network reload
uci commit firewall
/etc/init.d/firewall reload
Warning: Unable to locate ipset utility, disabling ipset support
...
echo > /etc/config/openvpn
uci set openvpn.myvpn=openvpn
uci set openvpn.myvpn.enabled=1
uci set openvpn.myvpn.dev=tun
uci set openvpn.myvpn.proto=udp
uci set openvpn.myvpn.verb=3
uci set openvpn.myvpn.ca=/etc/openvpn/ca.crt
uci set openvpn.myvpn.cert=/etc/openvpn/my-client.crt
uci set openvpn.myvpn.key=/etc/openvpn/my-client.key
uci set openvpn.myvpn.client=1
uci set openvpn.myvpn.remote_cert_tls=server
uci set openvpn.myvpn.remote="SERVER_IP_ADDRESS 1194"
uci commit openvpn
/etc/init.d/openvpn enable
/etc/init.d/openvpn start

uci add_list dhcp.lan.dhcp_option='6,8.8.8.8,8.8.4.4'
uci commit
uci set network.wan.peerdns='0'
uci del network.wan.dns
uci: Entry not found
uci add_list network.wan.dns='8.8.8.8'
uci add_list network.wan.dns='8.8.4.4'
uci commit
/etc/init.d/network reload
/etc/init.d/openvpn stop
/etc/init.d/openvpn start

br-lan Link encap:Ethernet HWaddr F8:D1:11:8D:BC:61
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fdbe:5978:742c::1/60 Scope:Global
inet6 addr: fe80::fad1:11ff:fe8d:bc61/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8377 errors:0 dropped:0 overruns:0 frame:0
TX packets:11499 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1499152 (1.4 MiB) TX bytes:6806137 (6.4 MiB)

br-vpn0 Link encap:Ethernet HWaddr FA:D1:11:8D:BC:62
inet6 addr: fe80::f8d1:11ff:fe8d:bc62/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:31 errors:0 dropped:0 overruns:0 frame:0
TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2330 (2.2 KiB) TX bytes:1512 (1.4 KiB)

eth0 Link encap:Ethernet HWaddr F8:D1:11:8D:BC:61
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8341 errors:0 dropped:15 overruns:0 frame:0
TX packets:10995 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1598961 (1.5 MiB) TX bytes:6580058 (6.2 MiB)
Interrupt:5

eth1 Link encap:Ethernet HWaddr F8:D1:11:8D:BC:63
inet addr:10.193.8.135 Bcast:10.193.8.255 Mask:255.255.255.0
inet6 addr: fe80::fad1:11ff:fe8d:bc63/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8863 errors:0 dropped:116 overruns:0 frame:0
TX packets:3797 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6374622 (6.0 MiB) TX bytes:1273043 (1.2 MiB)
Interrupt:4

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:73 errors:0 dropped:0 overruns:0 frame:0
TX packets:73 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6853 (6.6 KiB) TX bytes:6853 (6.6 KiB)

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.2 P-t-P:10.8.0.2 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:5 errors:0 dropped:0 overruns:0 frame:0
TX packets:83 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:386 (386.0 B) TX bytes:3541 (3.4 KiB)

wlan0 Link encap:Ethernet HWaddr F8:D1:11:8D:BC:62
inet6 addr: fe80::fad1:11ff:fe8d:bc62/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:179 errors:0 dropped:0 overruns:0 frame:0
TX packets:549 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:31460 (30.7 KiB) TX bytes:99075 (96.7 KiB)

wlan0-1 Link encap:Ethernet HWaddr FA:D1:11:8D:BC:62
inet6 addr: fe80::f8d1:11ff:fe8d:bc62/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:33 errors:0 dropped:0 overruns:0 frame:0
TX packets:51 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3002 (2.9 KiB) TX bytes:5578 (5.4 KiB)

Sun Jan 12 11:40:01 2020 daemon.notice openvpn(myvpn)[2000]: OpenVPN 2.3.6 mips-openwrt-linux-gnu [SSL (PolarSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Sep 13 2015
Sun Jan 12 11:40:01 2020 daemon.notice openvpn(myvpn)[2000]: library versions: PolarSSL 1.3.11, LZO 2.08
Sun Jan 12 11:40:01 2020 daemon.warn openvpn(myvpn)[2000]: WARNING: file '/etc/openvpn/my-client.key' is group or others accessible
Sun Jan 12 11:40:01 2020 daemon.notice openvpn(myvpn)[2000]: Socket Buffers: R=[163840->131072] S=[163840->131072]
Sun Jan 12 11:40:01 2020 daemon.notice openvpn(myvpn)[2000]: UDPv4 link local (bound): [undef]
Sun Jan 12 11:40:01 2020 daemon.notice openvpn(myvpn)[2000]: UDPv4 link remote: [AF_INET]MYVPN.IP:1194
Sun Jan 12 11:40:01 2020 daemon.notice openvpn(myvpn)[2000]: TLS: Initial packet from [AF_INET]MYVPN.IP:1194, sid=b99a2515 78a753b2
Sun Jan 12 11:40:01 2020 daemon.notice openvpn(myvpn)[2000]: VERIFY OK: depth=1, CN=ChangeMe
Sun Jan 12 11:40:01 2020 daemon.notice openvpn(myvpn)[2000]: Validating certificate key usage
Sun Jan 12 11:40:01 2020 daemon.notice openvpn(myvpn)[2000]: ++ Certificate has key usage 00a0, expects 00a0
Sun Jan 12 11:40:01 2020 daemon.notice openvpn(myvpn)[2000]: VERIFY KU OK
Sun Jan 12 11:40:01 2020 daemon.notice openvpn(myvpn)[2000]: Validating certificate extended key usage
Sun Jan 12 11:40:01 2020 daemon.notice openvpn(myvpn)[2000]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Jan 12 11:40:01 2020 daemon.notice openvpn(myvpn)[2000]: VERIFY EKU OK
Sun Jan 12 11:40:01 2020 daemon.notice openvpn(myvpn)[2000]: VERIFY OK: depth=0, CN=server
Sun Jan 12 11:40:03 2020 daemon.notice openvpn(myvpn)[2000]: Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun Jan 12 11:40:03 2020 daemon.notice openvpn(myvpn)[2000]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan 12 11:40:03 2020 daemon.notice openvpn(myvpn)[2000]: Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun Jan 12 11:40:03 2020 daemon.notice openvpn(myvpn)[2000]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan 12 11:40:03 2020 daemon.notice openvpn(myvpn)[2000]: Control Channel: TLSv1.2, cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, 2048 bit RSA
Sun Jan 12 11:40:03 2020 daemon.notice openvpn(myvpn)[2000]: [server] Peer Connection Initiated with [AF_INET]MYVPN.IP:1194
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0'
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: OPTIONS IMPORT: timers and/or timeouts modified
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: OPTIONS IMPORT: --ifconfig/up options modified
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: OPTIONS IMPORT: route options modified
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: OPTIONS IMPORT: route-related options modified
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: OPTIONS IMPORT: peer-id set
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: TUN/TAP device tun0 opened
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: TUN/TAP TX queue length set to 100
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: /sbin/ifconfig tun0 10.8.0.2 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255
Sun Jan 12 11:40:06 2020 daemon.notice netifd: Network device 'tun0' link is up
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: /sbin/route add -net MYVPN.IP netmask 255.255.255.255 gw 10.193.8.1
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.0.1
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.0.1
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: Initialization Sequence Completed