@229Mick 

Policy Routing for OVPN/WireGuard is not available. This feature is aware of by our dev. 

Yet, the forum team does not provide information in reply about the development progress or details. 
Neither do we provide the estimated time for this feature nor details and explanations for the roadmap. 
Please refer to the final firmware release notes for this feature. 
Thanks for your understanding. 

When you use PBR, if the PBR supports the VPN tunnel, a VPN tunnel can be regarded as a WAN. If that option is not listed, that means this is not supported. 

Port forwarding does not work for the VPN tunnel. It is a function that works in the NAT. Not for the VPN tunnel. 

A workaround might be to place the device in a single VLAN interface, and use OVPN full tunnel mode and select this specific VLAN interface to use full tunnel.

  @229Mick 

I'm not sure i understand what you're trying to say..

Are you saying that the feature that is in the firmware /setup for this device, simply doesn't work?

Are yous aying there is NO way to have one of my LAN devices bypass the VPN client on this router?

  @Clive_A , Hi, reading though issue by other user.I believe I have same problem. I just updated to latest firmware 2.3.0 Build 20250428 Rel.18967 Hardware ver. ER605 v2.20. My OPENVPN imported client file grants access to all my network devices to same VPN server. I would rather have one specified network device bind to openvpn, while the rest not to and stay away from openvpn. If this is the same issue, let me know, so I can just stopped burning my eye lashes in trying to find a solution. Thank you in advance.

  @TealC 

TealC wrote

  @Clive_A , Hi, reading though issue by other user.I believe I have same problem. I just updated to latest firmware 2.3.0 Build 20250428 Rel.18967 Hardware ver. ER605 v2.20. My OPENVPN imported client file grants access to all my network devices to same VPN server. I would rather have one specified network device bind to openvpn, while the rest not to and stay away from openvpn. If this is the same issue, let me know, so I can just stopped burning my eye lashes in trying to find a solution. Thank you in advance.

Description is not clear. I am not sure I understand. 

If you only want a single device to use the VPN, use the IP address and define the client who is gonna to use the VPN.

Or be more specific about it with a diagram. 

  @Clive_A 

From sample attached below, I have added openvpn client profile. Target network device is as example: 192.168.42.55.Upon enabling openvpn client. I will have vpn access to targeted local device 192.168.42.55, but also to all other devices residing under same vlan. Also, I'm only using WAN1. I'm trying to force openvpn to only allow access to local device 192.168.42.55 and the rest of network devices not to. If you have a better solution, please provide some guidance?.

  @TealC 

TealC wrote

  @Clive_A 

 

From sample attached below, I have added openvpn client profile. Target network device is as example: 192.168.42.55.Upon enabling openvpn client. I will have vpn access to targeted local device 192.168.42.55, but also to all other devices residing under same vlan. Also, I'm only using WAN1. I'm trying to force openvpn to only allow access to local device 192.168.42.55 and the rest of network devices not to. If you have a better solution, please provide some guidance?.

That would work. Only 42.55 will get to the VPN server. The the server can access the 42.55.