Hello everyone, I'm sorry if this question was already answered somewhere else but I was not able to find answer. Task: Setup a Tomato router as second WiFi access point using a OpenVPN tunnel for the wireless clients connected via this access point. On LAN, the devices connected to the first router must be reachable from the devices connected to second router. Current setup: Router A from ISP providing internet connection gateway. Router B Linksys E2500 with latest Tomato firmware Connection A-B: LAN to LAN Ethernet Router A IP: 192.168.2.1 with DHCP server for the IP range 2-199 Router B (Tomato): WAN disabled LAN br0 at 192.168.2.200 (DHCP off) Gateway 192.168.2.1 (Router A) and same for DNS Wireless eth1/eth2 properly configured and working OpenVPN configured and connected In the above situation I have the second router perfectly working as an additional access point but the wireless clients connected via this second router get routed via the gateway (router A) and therefore no VPN tunneling. If I check my public IP address from the router (either via SSH or using the Tools) THIS goes trough VPN instead. The following is my routing table Code: Destination Gateway Genmask Flags Metric Ref Use Iface 18.104.22.168 192.168.2.1 255.255.255.255 UGH 0 0 0 br0 10.8.3.0 * 255.255.255.0 U 0 0 0 tun11 192.168.2.0 * 255.255.255.0 U 0 0 0 br0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default 10.8.3.1 22.214.171.124 UG 0 0 0 tun11 126.96.36.199 10.8.3.1 188.8.131.52 UG 0 0 0 tun11 default 192.168.2.1 0.0.0.0 UG 0 0 0 br0 The only solution I found, so far is to connect the A-B routers as LAN-WAN and assign to the second router another subnet (e.g. 192.168.1.0/24) with gateway on router A. This indeed works, but makes impossible to communicate devices connected to the different subnets. Can someone kindly point me a solution if it exists? Thanks in advance.