[MatteoDubai]

You are right, too many trials. I reset the default settings and set only a VAP wlan0.1 unbridged to test if this works. I configured the DNS server in the Basic Setting. Router Ip is 192.168.1.1, so I used different pool of ips for the VAP

I reviewed what you posted, but still I can't have the network to be browsed on any wifi/ethernet once that the unbridged is enabled.

I attach the configuration, I can't understand what is missing.

[egc]

It actually should be as simple as unbridging the VAP set it on its own subnet and and a DHCPd server like you are doing.

I do not use no-resolv any more as that is no longer necessary. Just tick "Ignore WAN DNS" on setup page and fill in those DNS servers in Static DNS 1 and Static DNS 2
Also make sure you kept Local DNS and Gateway at its default 0.0.0.0

But that should not stop you from using the VAP.

Can you show a screenshot of the setup page?

Can you connect?
Can you view the routers setup page http://192.168.1.1
Can you traceroute/tracert to 8.8.8.8 (or from an Android phone use Fing)

[MatteoDubai]

Below the setup page.

I can connect to the router via ethernet and all the wifi (no matter if VAP or AP), however I can't browse any page and I can't ping 8.8.8.8 or any other website. To be able to browse again the internet I need to delete the VAP and DHCP for the VAP and reboot the router, otherwise it does not work.

[egc]

Leave the Time server field empty, but that is also not the problem here.

It really looks like the Broadcom VAP problems we had in the past but this is not a Broadcom router as you have WLAN.

To be sure what router and what build we are talking about?

I must admit I am clueless at this moment.

It must be something simple/stupid I am overlooking

[MatteoDubai]

I love IT

The release it's the Firmware: DD-WRT v3.0-r48218 std (01/28/22) and the router is an Archer C7 v5.

I was reading documentation and I found this one: https://wiki.dd-wrt.com/wiki/index.php/Multiple_WLANs#Separating_the_WLAN.27s

Should I also create a bridge for the VAP? I did not as of now.

[egc]

Your router and build should be fine.

It is one of the routers I do not have, I have this setup running on an E2000 Broadcom/Mips, R6400 Broadcom/Arm and R7800 Atheros/Qualcomm all running fine.

Normally a bridge is not necessary but you can try anyway. I use that method if I also wanted a LAN port set to the bridge

Make sure the VAP is then put back as bridged (because it is bridged to br1 )

[MatteoDubai]

I tried again, but it does not work even with the br1 bridge.

Do you think it could be a defect? Or it's me (very likely) forgetting something? Is there any log I can share to help in see where is the error?

Temporarily I fixed with a workaround: I had an old router and I connected the Archer to the WAN of the router, I set up as DNS the DD-WRT router on the old-router and I enabled the DHCP.
I assigned to the DD-WRT a fixed IP to the router and I set that that IP is assigned to the VPN.

On the old router I enabled only the 5 GHz network and on the DDWRT router only the 2.4 GHz Network. In this way everything that is connected via cable or via wifi to the old router is redirected to the VPN.

This is something that I would like to avoid in the future, but I am not clear how I can fix the issue now

[egc]

Honestly I am at a loss here.

I do not have your router to try it out, so a bug is always possible, then again your router is much used and I would assume more users would complain but who knows.

At least attached how I do it

[MatteoDubai]

After many trials it works, I really thank you for the support and the help. I had to enable the bridge. In case it can help anyone else, I add here the screens for the configuration (since there is a limit to 3 attachments I created a zip file).

I need to implement now the kill switch, but that is another topic.