Hi everyone,

I’m using a TP-Link ER605 as an OpenVPN client and an OpenVPN Access Server (v2.14.2) hosted on DigitalOcean.

✅ Status: The ER605 successfully connects to the OpenVPN server (connection shows Connected and tunnel logs confirm it).
❌ Problem: Devices on the ER605 LAN do not route internet traffic through the VPN, so their public IP does not change to the DigitalOcean/VPN public IP.

I believe the issue is in Policy Routing, but I’m stuck:

What I’m trying to do

Route all LAN traffic (0.0.0.0/0) through the OpenVPN client tunnel (full-tunnel).

What I see

Under Transmission / Load Balancing → Policy Routing, when creating a routing rule, the “WAN” selection only shows my physical WAN interfaces (WAN1/WAN2), but I do not see any option like:

• OpenVPN Client

• VPN tunnel interface

• tun0 / OpenVPN tunnel

So I can’t create a policy rule that sends LAN traffic via the VPN tunnel.

Questions

1. On the ER605, where exactly can I select the OpenVPN client tunnel as the outbound interface for Policy Routing?

2. Is there a required setting that makes the OpenVPN tunnel appear as a selectable interface (e.g., “Use VPN as default gateway” or “Redirect internet traffic”)?

3. If the ER605 cannot route LAN internet via OpenVPN using policy routing, what is the correct way to force full tunnel (LAN → VPN → internet)?

4. Is this limitation different between Standalone mode vs Omada Controller mode, and which one supports routing LAN internet through the VPN client?

Extra confirmation

On the VPN server side (OpenVPN AS), the tunnel connects successfully but I’m seeing mostly keepalive traffic and almost no real internet traffic crossing the VPN, which makes me think the router isn’t forwarding LAN traffic into the tunnel.

Any guidance or screenshots of the correct Policy Routing setup for ER605 would be greatly appreciated. Thanks!