I have a RUTX50 (firmware 7.08) set with 2 custom VLANs and working as a VPN Client. I want to give:
- Primary LAN a split-tunnel experience, so access to the remote LAN (10.0.1.0/24) and local internet access
- Work WLAN a full-tunnel experience, so access to the remote LAN and internet routed through the tunnel and out from the remote router.
- Guest WLAN a no-tunnel experience, so no access to the local LAN, only access to internet from the local router.
I have the VPN client configured and working. Before I created the VLANs, full-tunnel worked for “Work WLAN” users. Now, after adding VLANs, adding the static tun_c_VPN interface, and changing firewall zones and rules, things work worse than before. “Guest WLAN” has no internet access, “Primary LAN” and “Work WLAN” have local internet access but cannot reach the remote LAN across the tunnel. If I try to ping the remote LAN from the tun_c_VPN interface, I get replies, but not from ifVpnFull (eth0.160).
Am I correct in creating the tun_c_VPN interface? Is it sufficient to add firewall zones permitting Input, Output, and forwarding between “Work WLAN” zone and “tun_c_VPN”? Or do I need to create a bridge interface joining them and then use firewall rules to restrict traffic?
Attached is a schematic of my setup.