Sorry about my confused rambling 😅 Yes, the example was to demonstrate the difference between subnetting and vlan. Albeit simplified. What you said is right.

The poster i was responding to equated subnetting to vlans. I might have misunderstood what they meant though. It sounded like they wanted to use the same subnet per vlan, which wont work if you want them routed in the same gateway.

Reading it again they make it sound like you can’t subnet all of these networks on a switch without vlan, which you definitely can. I could for example connect 4 different devices on the subnet 192 168.10.x/24 and have them reach each other. I could also connect 4 more devices in the same switch but on a different network 192.168.20.x/24 and it would work.

You can’t use the same subnet on different vlans if you ever intend for both of them to reach the internet. In that case you’d need a second router which just defeats the purpose

Reset the AP to make sure it uses dhcp for its own ip and update firmware from unifi network after adopting the AP again.

Test it by swapping places of the access points to find out if the issue is related to the access points or something else.

OpenVPN connect on both. I load the .ovpn-file that is exported from the server and that’s it.

Personally I would have gone for OpenVPN access server on Debian. Fairly simple and well documented for those starting out.

I have used and worked with OpenVPN connect on android, PC and Mac.

By making a bridge in the opensense interfaces you have created a layer2 network. This means that all the devices connected on that network are broadcasting their Mac addresses and are added to the ARP table on the opensense. Since they all are on the same physical network and the same subnet, none of the traffic will ever hit the layer 3 rules on your opensense.

If you want opensense to handle the rules of the traffic you will need to put the devices on different subnets and separate clans. Create a gateway address for every vlan on the opensense and point your devices to the opensense as their gateway.

It also comes with a dyndns-client built in. Very useful for updating the address of the OpenVPN server.