PIA and Open WiFi (VLAN30)

Over one year I stable run PIA for all my connections. Last week I bought the Ubiquiti UniFi AP-AC-LR to increase my WiFi coverage. With this new device I also like to separate my IOT devices to an unique SSID ‘WiFi Open’ on VLAN 30.

I use these settings:
LAN: ( /
WiFi Open: (

For LAN (PIA) I use thisTutorial: Setup PIA on pfSense 2.4.2

WiFi Open works when I do a fresh install of pfSense without PIA, so the AP is correctly configured. When I add the VLAN 30 to the setup (interface/DHCP etc.). I get the message:”Connected, no internet” on my phone (android). So the DHCP side is working.

I tried different things but I think that the problems is somewhere the Firewall / NAT side.

What do I miss?

You have something wrong in the outbound routing would be my guess.

I agree, I found some instructions from NordVPN on how to setup Pfsense 2.4.3 Selective Routing. I notice some differences on Firewall -> NAT -> Outbound

Between the PIA and NordVPN guides. PIA states:

And NordVPN:
When I use the NordVPN approach incl. their Selective Routing. I get the message:”Obtaining IP Address”.

Which NAT setting is the best to use?