Route certain VLANs over VPN

I’m trying to figure out how to route only certain VLAN traffic over a VPN like PIA. Most of the guides I see are for routing all traffic over the VPN.

When I follow this guide: PIA Support Portal ( I can get specific subnets to go through but the rest of the network crashes.

Tom has a video on this. Specifically, how to route certain subnets or ips over a VPN.

1 Like

That should be straight forward.

If you have say vlans for ISP, Guest going out your default WAN (being your ISP) then on say your VPN vlan you just need to have a rule directing your exit out of your VPN WAN instead of default.

I’ve basically done that for my VPN_vLAN, all traffic on that vlan exits via my VPN service.

1 Like

This :point_up_2:. Also, if your have traffic going to two different gateways under the same network, don’t forget to set a kill switch for the devices required to go out the VPN (if you really want that).

Did you have to set up any NAT outbound rules like in the PIA tutorial or just made an interface for the VPN and assigned the VPN VLAN firewall rules to use that interface/gateway?

TLDR the guide, yes I’ve got NAT rules for WAN to VPN_vLAN and VPN_WAN to VPN_vLAN.

Yes as @David says set the killswitch under System > Advanced and select Miscellaneous, then in Gateway Monitoring ensure the following option is set:
Skip rules when gateway is down = Yes/checked

1 Like

This or set a floating block rule for tagged traffic that is supposed to go over the vpn.