LAN <-> VLAN OpenVPN Connection Issue (both isolated)
The setup.
I have 2 networks, the default LAN for external/wireless devices, and VLAN2 for a small cluster of computers that comprise my homelab. The networks are seen here:
In addition to the following, I had set up 2 Access Policy rules to block all traffic going between both LAN and VLAN2, for security. This was prior to the provided Isolation system and much less of a headache to work with. Accessing websites internally worked fine, and trying to locally ssh into the homelab devices from LAN to VLAN2 was appropriately blocked due to it being a local connection. To get around that (and to access the lab remotely), I set up a VPN with the same IP range as VLAN2. This also worked perfectly.
Now, with the latest firmware version, my old access policy rules behavior changed and work in the same way as the new Isolation system, where despite the traffic absolutely going out of the network, which is objectively different from local traffic within the network, it got blocked. This made it impossible for me to access websites on my homelab. To fix this for http/https I was able to set up services for both, remove the old access control rules, and add ALLOW rules for http/https traffic traveling between LAN and VLAN2. Again I would like to emphasize, this traffic was NOT internal, and was going out to WAN and coming back in. The UX of this is absolute bogus.
All of that out of the way, here's what the current ACL looks like to account for this system:
Rules 1, 2, 4, and 5 fixed me not being able to access my websites in my homelab. Great. But now I would also like to use the VPN like how I used to. I would expect rules 3 and 6 to work, but they do not. No amount of configuration LAN -> WAN, ALL, whatever, will let my devices on LAN connect to VLAN2. Note that I can be OFF the network, out on WAN, and the VPN does work. It is ONLY when on LAN that I cannot connect to the VPN. On my laptop when on LAN, attempting to connect to the VPN results in it not working with the following log, repeated several times until I stop the service:
And for reference, here is my VPN setup, and the setup for the OPENVPN service:
Please, for the love of all that is good, what is going on? How do I get this to work the way that I had it without compromising the security of my lab to local devices?
Update. I found out that my ACL rules were too strict and blocked devices on VLAN2 from accessing HTTP/HTTPS connections within the VLAN. This is weird because there's a note on the Access Control tab that says this literally will not happen and can not work.
I also thought it was worth mentioning since I didn't in the original post the IP seen in my OpenVPN connection logs (47.150.14.26) is my WAN IP. I've tried changing it to the router local IP, to no effect.
I still cannot access OpenVPN from within the network (not LAN nor VLAN2). Screenshot with updated Access Control rules found below.
