Split VPN SSID - Need some help

Howdy, I’m looking for a way to have two SSIDs, one of which is not on a Consumer VPN via OpenVPN such as Nord and a second SSID which is not on a VPN and routes traffic as normal.

It appears possible on Asus’s Pro routers but they’re a bit hefty in price. Does anyone know a better way around this?

VPN on my router which is a RT-AX55 absolutely kills my speeds from 500 to about 30. Which is understandable for such a low-end budget router.

Has anyone done something similar? I thought about going down a Proxy server route and buying a seperate SFF PC to handle the VPN processing but just feels like things could get messy going down that road.

I did look at buying a Unifi AP and having the traffic connected to that connected to a VPN but that doesn’t appear to work without a Gateway, again price…

Is a Unifi Dream Router an option for this kind of set-up? I’d also like the option to VLAN / Seperate LAN ports to handle VPN traffic and some not? Has anyone got any other suggestions? Doesn’t need to be Unifi.

Something that can run OpenWRT or AsusWRT (if you’re using Asus routers) should be able to do this.

I’ve been able to setup Policy Based Routing on a raspberry pi 4 running OpenWRT to configure certain clients to use the VPN and others to just go through the normal ISP channel.

You could cheaply build a pfsense/opnsense box with two vlans, one routed through a VPN. Even a $20 optiplex 3020 i3 will have enough cpu performance to push 500Mbps through a VPN tunnel. You can pick up an intel based dual port PCIe card for another $20. One port for wan, 2nd port into a vlan aware switch (or even directly into something like a Ubiquiti U6+ AP for $120, or equivalent vlan aware AP)