I recently followed the Nord VPN tutorial to configure a VPN on my router. This all worked well, and all traffic from all clients was sent via the VPN. However, because this is a little slow, I wanted to create a dedicated SSID for using the VPN and then allow all the other interfaces to bypass this VPN.
To create the new SSID, I followed the "creating a guest network" tutorial and set it all up. While setting up the firewalls I added the VPN tunnel to the "Allow forward to destination zones :" as well as the WAN zone. I then removed the VPN tunnel from the "LAN" firewall destination zones. After doing this, however, the regular wifi channels and ethernet ports can no longer access the internet.
Add VPN and make sure that both networks go via it.
Separate routing for different networks.
Seemingly VPN-connection adds default route, but you've removed forwarding from lan to vpn, so disable VPN and see, whether access to Internet is resumed.
I am not sure if you have it all right here. As it stands LAN users can access the WAN only and VPN users can access both WAN and FWNEW (which I presume is your Nordvpn).
You then need to remove wan as destination zone from VPN users and also post the policy Based Routing configuration.
