The latest version of the firmware has introduced several issues in my existing set up that now present security issues.1. VLAN isolation does not work as it previously did
I have an ACL rule set up like so:

This used to function perfectly fine blocking all direct traffic like ssh from LAN to VLAN2. What it would not do was block traffic that was technically bound for VLAN2, but was going out to WAN first to be resolved, then coming back into VLAN2. It randomly does that now, and certain web servers that are hosted on VLAN2 are unable to be accessed from devices on LAN. I'm not sure how the router is capable of doing this, and it kind of terrifies me. It should not be able to know whether traffic being looped out then back into the network originated from within the network. To make matters worse, it's truly only *certain* RANDOM websites hosted on servers in VLAN2 that are inacessible. It's not even consistent between machines. I am 100% confident it's the router that's the issue as when I remove this ACL rule the issue is resolved. However that defeats the entire purpose of the VLAN in the first place. I have also tried the new "Isolation" feature and it has the same issue.

2. I have an OpenVPN configuration like so:

The address range corresponds to the address range of VLAN2 (192.168.1.0/24). This used to enable me to ssh into servers that were in this VLAN both fom the LAN network and remotely. This configuration used to work, and now it does not. Not from LAN, nor from connections coming in from WAN.

I'd appreciate guidance on whether there's workarounds for these issues. Dealing with this router is exhausting and now trying to convey it through this community forum UI is beyond frustrating.