Druha LAN bez VPN

Dobry den,

mam nastaveny Open VPN client, vse funguje bez problemu,
Rad bych ale mel dve oddelene LAN site, jednu s VPN a druhou bez. Je to vubec mozne?

moje soucasne pokusy vedou k tomu, ze mam funkcni LAN s VPN, a LAN1 ktera nema pripojeni k internetu (ale sit bezi, a na turris vidi).

Poznamka pod carou, mam odpaleny WAN paort, takze nastaveni je trochu jine nez normalne.

moje soucasne nastaveni:

root@turris:~# cat /etc/config/network

config interface 'lan'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option bridge_empty '1'
        option ifname 'lan4 lan5'

config interface 'wan'
        option proto 'dhcp'
        option ipv6 '1'
        option ifname 'lan1'
        option macaddr '__'

config interface 'lan_no_vpn'
        option proto 'static'
        option ifname 'lan2'
        list ipaddr '10.0.0.1'
        option netmask '255.255.255.0'
        option type 'bridge'
root@turris:~# cat /etc/config/firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'lan_no_vpn'
        list network 'lan_no_vpn'
        option output 'ACCEPT'
        option input 'ACCEPT'
        option forward 'ACCEPT'
        option log_limit '10/minute'
        option log '1'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'
        list device 'lan1'

config zone 'turris_vpn_client'
        option name 'tr_vpn_cl'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        list device 'vpnturris'
        list device 'vpnturris_no_'

config forwarding 'turris_vpn_client_forward'
        option src 'lan'
        option dest 'tr_vpn_cl'

config forwarding 'lan_no_vpn_forward'
        option dest 'wan'
        option src 'lan_no_vpn'

Predem diky.