Hi all

I have my home network nicely segmented into VLANS with a block all VLAN cross talk on the firewall
Then I go in and create groups based on what devices I want access to where based on the ports.
EG: My personal desktop has admin access to my security server, but my wifes laptop only has monitor access (different ports)

I started playing around with VPN's as id like a trusted connection when im out travelling and using public wifi.

I got that working fine, and got a connection on my phone, showing my homes public IP so I know its working.

However I went to test some internal things and found that i can access any cross vlan device
Meaning I have no firewall control in place

I went to look at my firewall settings to make a new block VPN vlan cross talk, but found I can't set it as a network source.
And going back I cant seem to set a VLAN that the VPN network is set on

Also Looking at my clients list, I can't see my phone on the list, so i can't give it a static IP so I can then enable it for cross vlan services once I get the blocking working.

Does anyone have any input on where I can start looking for

A) Setting a VLAN for my VPN
B) Blocking that vlan from other vlans
C) Giving my device a static IP so I can then allow certain VPN devices access to different networks.

Thanks in advance and hope this makes sense