FreshTomato Version: 2019.1 K26ARM USB AIO-64K I have a VPN device for work and I use a Desktop computer to share this connection with other computers on my LAN. I mainly do this currently with the following configuration CURRENT CONFIG: LANs: br0 (LAN) - 192.168.1.1/24 br1 (LAN1) - 192.168.50.1/24 br3 (LAN3) - 192.168.75.1/24 VPN Device uses my WAN to start a VPN session to my work. All LAN (LAN0) clients connect through wifi. The VPN device outputs a DHCP server that gives out one IP and bonds to the first MAC address that responds and gives it an IP like 10.1.1.110. The Desktop has two network cards. One consumes that 10.1.1.110 address and the other is set to 192.168.75.2 which feeds back into LAN3 of the router. VLANs: Network flow: WAN--->ROUTER (LAN 1)---->(Port 0 - inbound) VPN Device (Port 1 - outbound)---> Windows Desktop running Internet connection sharing (ICS) ---> (LAN 3) Router and then I have routes in the static routing table to allow traffic from the LAN (LAN0) to route traffic to the Desktop ICS and use it as a gateway LAN Access: I do it this way so that 1) LAN1 and LAN3 can only access WAN 2) LAN3 can reply to packets started by LAN NEW CONFIG: I thought I could use MultiWAN Routing on the router in place of the Desktop computer. I reconfigured VLAN3 as WAN 2 and set WAN2 to get an address via DHCP. So the connections would now be VLAN: Network Flow for WAN2: WAN --> ROUTER (LAN1)---> (Port 0 - inbound) VPN Device (Port 1 - outbound)---->(WAN2) Router So in this configuration the WAN2 on the router would be consuming the 10.1.1.110 address instead of the Desktop. There would be no LAN3 (192.168.75.x) and traffic would just route through LAN (LAN0) to WAN2 if the destination address was on 10.0.0.x However I run into issues with this. First off it seems I'm either doing the MultiWAN router wrong or its buggy. I set the following options in my head this would mean "Use WAN1 for all internet traffic except if the source is my laptop (the 192.168.1.30 IP) AND I'm trying to hit something in the 10.0.0.0 - 10.255.255.255 range then use WAN2 instead" but it seemingly makes my entire network unable to connect to WAN1 and my PC can't connect to WAN2 either. I tried MAC instead of IP as well for the souuce but that also did not work. Is this not how MultiWAN routing works? FYI if I ssh into the router I'm able to ping stuff on the internet through WAN1 and ping computers on the other side of WAN2 fine - it's just that machines cannot seem to hit it. Let me know if you need more information - I'd be happy to provide it.