[scOOtt]

Hi.
Just considering which solution to choose better.

Requirements
I need only two IP's to go through VPN - all other via WAN.
I want to configure: killswitch to cut off internet access on hosts connected via vpn when it comes down (the rest must be unaffected by kill switch - they must have internet access) and later on watchdog too.

So far my configuration looks like this:
ISP Router (almost non configurable) - Subnet 192.168.0-254
DD-WRT Router (192.168.0.2) - working as a gateway with dhcp server - subnet 192.168.1.1.
So basicly two separate VLAN's and WLAN's.
All devices which I do not want to go through VPN are working within ISP Subnet.
Two devices which I want to go through VPN are working within DD-WRT Subnet.

And now I am starting to think about setting this whole mess in one subnet.
ISP Router as a main router serving WAN and DHCP to all clients.
DD-WRT as a transparent AP with configured OpenVPN service only for two clients - one wired the other wireless.

When killswitch will work I do not want all clients loose internet access - only those two via vpn.

Is it possible ?
Which way is better ? Two separate networks or one with above configuration ?

[bushant]

Consider Policy Based Routing.
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398

[scOOtt]

Ok guys that is what I have done so far.
Two separate VLAN's and WLAN's - both "receives" Internet Connection from non configurable ISP Router (192.168.0.1) which is in VLAN1.
Things look as described below, so far:
VLAN1 - 192.168.0.1 - from ISP Router. It distributes IP addresses via DHCP Server in it’s subnet, DD-WRT Router, which is connected via cable form Ethernet port of ISP Router to WAN port, receives IP 192.168.0.2 - and is working as a gateway.
VLAN2 - 192.168.1.1 - from DD-WRT Router - It distributes IP addresses via DHCP Server in it’s subnet.
So far I manage to achive OpenVPN Client configuration on DD-WRT Router. I configured killswitch on it. It cuts off Internet when OpenVPN connection is lost. This affects all devices in this subnet.
So far this solution is good for me.
By now I assume that I achive all from devices that I am dealing with.
I am affraid that I cannot merge this two subnets into one and „play with configuration” futher, because on ISP Router I do not have advanced routing tab to configure.
Am I right ?
Additional info:
ISP Router (Poland’s UPC ConnectBox)
DD-WRT Router (TP-Link WR1042nd v2)
If you have any additional thoughts about this config, maybe there is something what can I change or do it better way - I would appreciate any suggestions.
Best regards.

Is there a way in WR1043nd v2 to do split ethernet/wireless port configuration ?

I am thinking of capability of achiving split vlan's/wlan's on it.

[egc]

By using Policy Based Routing as @bushant pointed out you can route some clients through the VPN and others not.

In theory it is possible to have one subnet, the DDWRT router is then setup as a WAP:
https://wiki.dd-wrt.com/wiki/index.php/Wireless_access_point

But dealing with VPN on a WAP is a challenge only unbridged VAP's on a WAP will use the VPN or clients on which the gateway points to the WAP. If this does not sound familiar perhaps do not try it

[scOOtt]

Thanks for your reply.
I'll leave it configured as it is.
One last question, how can I allow remote access to my lan while openvpn is connected ?

[Alozaros]