[odhiambo]

Hello engineers,

Here I must say that I am confused and stuck with what I'd like to do.

I have an Archer C7 running Firmware: DD-WRT v3.0-r45219 std (12/31/20).

It is configured as follows:
eth0 = WAN N.N.N.N
eth1 = LAN (172.16.4.1)

Since I have 2 radios (2.4GHz and 5GHz) I created 2 VAPs so I have 4 SSIDs:

C7-2.4GHz (wlan0), 2.4GHz(wlan0.1)
C7-5GHz (wlan1), 5GHz(wlan1.1)

I then created bridge1 (10.10.0.1/24) and assigned wlan0.1 and wlan1.1 to it.
I have OpenVPN running as a client to give me access to Netflix (US).
I am using PBR so this routed this subnet via the VPN.

Initially, I did not assign wlan0 and wlan1 to any bridge, so they defaulted to br0. Any device connected to the router's LAN ports or to C7-2.4GHz and C7-5GHz SSIDs would be assigned an IP address in pool 172.16.4.0/24 and would access the Internet directly via my ISP (without going through VPN).

Then I decided that I want anything connected to the LAN ports of my router to also go through the VPN as I want my Amazon Firestick (now having an ethernet adapter) to be on the VPN. So I put 172.16.4.0/24 in the PBR config.

Now, I created another bridge (br2) with 10.10.1.0/24 and assigned wlan0 and wlan1 to it and I'd like all devices connecting to C7-2.4GHz (wlan0) and C7-5GHz (wlan1) SSIDs to go to the Internet via my ISP. I have not put this subnet in the PBR config.

However, when connected to these two SSIDs, there is no Internet access!

And having reached my /etc (end of thinking capacity), I beg for your help in figuring ot what I need to do so that this can work.

Thanking you in advance.

[Per Yngve Berg]

Go to the Networking Tab.

Find the interface br2 and enable Masquerade/NAT

[odhiambo]