[coufeyrac]

OK, I swear I'm not a noob. I've been using DD-WRT, OpenWRT and Tomato all for years, with a strong preference for DD-WRT, but I just can't crack this nut.

Running DD-WRT v24-sp2 (03/25/13) mega - build 21061 on a WRT320N (no E2000 upgrade) and I cannot for the life of me manage to get 2 SSIDs with one porting to the VPN only.

Before you scold me and say just go through the forum, I have, and by now I think I've read every post on the topic and have tried more solutions that there I can remember.

[coufeyrac]

It didn't post my entire message.

So I've actually already tried the PBR solution which properly lets the "local" network out looking local, but the VPN network isn't allowed to roam the world - only the internal network.

Let's give a recap of the recap that was strangely redacted:

Running DD-WRT v24-sp2 (03/25/13) mega - build 21061 on a WRT320N (no E2000 upgrade) and I cannot for the life of me manage to get 2 SSIDs with one porting to the VPN only.

Using ExpressVPN as my VPN provider. I've already set up this exact desired set up for friends and family, but using Tomato - I however prefer to run DD-WRT at home.

I have read just about every solution out there, so please don't say this is a duplicate post, just check this user's answer. I probably have, but if you know of another one hiding somewhere, that would be great.

One network "Local" on 192.168.2.1 and one network "Staff" on 192.168.3.1

VPN up and running properly, 2 SSIDs running properly, both connecting to the VPN right now.

Solutions I have tried for the past several days that for some reason didn't post last night:

Above mentioned PBR using 192.168.3.0/24 - when I do this traffic on the local side goes out into the world looking like where I am, but traffic on the VPN side is blocked from getting out of the local network. Also tried 192.168.3.100/24 and the ip address of my laptop. All no gos.

Physical lan bridged, Vlan unbridged.

I've added a firewall command line, but still no good.

Followed instructions about port forwarding, NAT, DNSmasq, yada yada yada... alas, none of them worked.

I have NOT tried downgrading the DD-WRT version.

I think I wrote more last night, but it was late...

Sorry to make everyone read again

[egc]

You have an ancient build PBR was not always working in those days. Consider upgrading to 35531 (research the build threads for compatibility), perhaps the latest build is also good.
Reset to defaults and set up manually

Disable Shortcut Forwarding Engine (SFE) on setup page otherwise PBR is not working in recent builds

[coufeyrac]

Thanks. I see firmware for "linksys-wrt32x" which should be right. Can I safely assume they don't mean WRT32xx?

It's HUGE at 30mb compared to the normal 320N FWs at 4 - 8mb, which is what makes me wonder...

Edit: Found it! under Broadcom K3X - though I would have preferred 26 - I just find it faster.

Will give it a try now.

And I should have said "It's friggin' 'UGE!," but my inner Scott was not shining through the VPN frustration.

[coufeyrac]

UPDATE: 35531 found and installed, NVRAM erased, but now... I can't log in. It asks for login name and password but the default root/admin doesn't work, nor does my old username/pw combination.

Little help again?

[egc]

K3.x should be fine.
Normally after a reset when visiting 192.168.1.1 you should be asked to change your password from the default.
Default for the webgui is admin/admin for telnet it is root/admin (I think)

[coufeyrac]

Well this is new...

After the update and the NVRAM clear, apparently the reset button works again - and the command is no longer to hold down the WPS button when plugging in.

So another 30/30/30 later and I was able to log in.

Went through all the steps and was so close... I could connect to both, Local gave me a local IP and i could get ping requests out on Staff, but I couldn't get any pages to load!

Through in some Googly dns info, reboot, wait, wait and wait a little longer and finally, presto changeo! Everything is working perfectly!

Thanks for pointing out that the Reroute was to blame.

Now I just have to finish the ports redirections.

Cheers!