So I did put the routings back to what you suggested and that seemed to help between the .10.x subnet and the main network. So now I can get internet from either the LRFlow SSID (on the AP One router at 192.168.10.1) or my main SSID (192.168.1.1) and I can ping back and forth. So that seems to work.
I added the outbound policy but didn’t seem to fix anything.
One thing I noticed is that on the AP One if I use the serial number for the remote ID it establishes the connection properly but doesn’t seem to allow me to address any device on the .50 subnet. However if I change the remote ID on the AP One to the PepVPN profile name “FlowGB” then it will not connect, (Just shows “starting…”)
I tried the same thing on the other boat which is on the .48.x subnet with a different Max-BR1, added the PepVPN Outbound policy as you suggested and tried both accessing it through the VPN Tunnel using the PepVPN Profile ID as the remote ID and then tried with the serial number and neither worked for that one. Strangely that boat was working just prior to the change in my router and the upgrade of the firmware on my AP One to 3.6.1 and to the Max-BR1 to 8.0.0 . any changes in the firmware that might have caused this?
I added a picture to the dropbox in the Flow GB Boat Max-BR1 called FlowGB (Boat) Max-BR1 PepVPN Outbound Policies.png which shows what I did there.
Did it mess things up to add the OSPF settings or something else? I’m not sure why its not allowing me to connect directly to the devices inside the boat on the Boat LAN.
OK so ASUS Router:
I did do this last night and it didn’t seem to help.
OK so it definitely should be 192.168.10.0 not .1 so leave that. Interface is LAN, gatway is 192.168.1.249.
PepVPN is up, so we don’t need to worry about port forwarding.
AP ONE AC Mini config looks right.
BR1 This doesn’t have a route for 192.168.1.0. Add an outbound policy on the BR1 for a destination of 192.168.1.0/24 via the VPN tunnel.