I’ve configured pfSense per the tutorial and I’m seeing my defined clients routing through PIA as desired. This is fantastic. However, I discovered a gotcha. Those clients lose access to other VLANs. I modified the rule that sends traffic to PIA to include destination NOT RFC1918 thinking that would make the traffic no longer match that rule if I was trying to get to any local subnet but that didn’t appear to work.
What is the most effective and secure way to exclude local traffic from this rule?