I am having a bit of trouble getting a router to work the way I would like it to. It's a Netgear R7000 running Shibby Tomato build 119. I have four different VLANs setup to each port on the back and working properly. 192.168.10.1(br0) 192.168.20.1(br1) 220.127.116.11(br2) 192.168.40.1(br3) I have two OpenVPN clients setup. I would like for br0 and br1 to be regular internet from the ISP, which they are now with where I am at with the current setup. I would like br2 to be VPN 1 and for br3 to be VPN 2. I can get both br2 and br3 to to be either VPN 1 or VPN 2 but not each one be different. Here is what I have currently setup: VPN Tunneling > OpenVPN Client > Client 1 > Advanced Code: persist-key persist-tun tls-client comp-lzo verb 1 VPN Tunneling > OpenVPN Client > Client 2 > Advanced Code: persist-key persist-tun tls-client comp-lzo verb 1 Administration > Scripts > Init Code: mkdir /etc/iproute2 echo -e "#\n\ # reserved values\n\ #\n\ 255 local\n\ 254 main\n\ 253 default\n\ 0 unspec\n\ #\n\ # local\n\ #\n\ #1 inr.ruhep\n\ # Our custom tables\n\ 10 ETHER" >/etc/iproute2/rt_tables Administration > Scripts > Firewall Code: ip rule add from 192.168.10.0/24 table ETHER ip rule add from 192.168.20.0/24 table ETHER ip route flush all table ETHER ip route add 127.0.0.0/8 dev lo table ETHER ip route add 192.168.10.0/24 dev br0 table ETHER ip route add 192.168.20.0/24 dev br1 table ETHER ip route add default via 10.10.10.10 dev vlan2 table ETHER ip route flush cache iptables -t nat -I POSTROUTING -s 192.168.30.0/255.255.255.0 -o tun11 -j MASQUERADE iptables -t nat -I POSTROUTING -s 192.168.40.0/255.255.255.0 -o tun11 -j MASQUERADE With that firewall script both the 192.168.30.0(br2) and the 192.168.40.0(br3) subnets use the VPN from client 1 and it works. I was thinking I could just change the last line so it would be tun12 instead of tun11 but that does not work. Is there something simple that I am missing or is there another way I should be going about doing this?