Explored isolating wireless clients from each other, across different VLAN's and through a VPN and it's broken!

Isolating clients from each other no longer works and restricting / isolating the VPN to one VLAN no longer works either!

Unless I'm doing something wrong!

This used to work before I upgraded the firmware from 3.3.8 to 3.3.9

akwe-xavante wrote: There are no 2nd subnets at either end.

I do have two VLAN's (VLAN0: P2 & P3 with SSID1) and (VLAN1: P1 & P4 with SSID2, SSID3 & SSID4) on the Dial Out side, will this cause a problem, it didn't before. My MS Win7 Laptop is on VLAN1.

If these VLANs are assigned to different LANs - then there are other subnets present...

...if these VLANs are not assigned to different LANs, then there will be potential for contact between them, that doesn't involve the router at all....

If you assign the two VLANs to their own separate LANs, and don't tick the "Inter-LAN routing" box, you should be a good way towards what you want (I think). If the LAN-to-LAN VPN doesn't know about the VLAN/LAN you're trying to isolate, then there won't be any access to it. A firewall rule would make sure.

Thank you for the reply and help.

It was a couple of years ago now when i initially did this and you forget but i'm sure all i did was tick the boxes "Isolate Member" and "Isolate VPN" against one of the VLAN's. I would of tested it at the time and at the time it would of given me what i wanted.

Didn't realise that by doing this i was creating, or failed to create two subnets at the time.

Creating two subnets i think is my best way forward i'll have to explore how to achieve this later as my time is limited getting the Cottage ready for my first set of Easter guests and the rest of the season etc.

Now that i have my router repaired, up to date and accessible agian i can do this from the office at home later.

Are there any do's and don'ts at all when creating two subnets and having the VPN only accessible to one of them?