VPN Tunnel for specific VLAN


I would like to have a VPN tunnel for one of my VLANs. All outbound traffic from that VLAN should be routed through that tunnel, but not my other VLANs. Preferably I would like to use Wireguard, but OpenVPN is an option.
I’m pretty tech-savvy, but I have not fiddled much with routing and VPNs, so in that area I’m pretty much a noob. So basically: Can anyone point me to some good documentation to read on this topic?
I’m running Netgate 2100 with pfSense 22.05-RELEASE on, and I have access to VMs on a couple of external localtions, which will be my VPN endpoint.

Why don’t you just change the gateway for the vLAN to your specific VPN gateway ?

Good question. Answer: I haven’t thought about that. Thanks. I will try that.
But, the gateway must be in the VLAN-network then. Is that possible?

On the VLan in question, on the rule you have configured for all outbound rule - click on advanced and change the gateway to the VPN setup

Don’t the GW have to be on the VLAN then? Or is that some dark magic that the software fixes?

Think of it the other way round is the WAN in the vlan network ? Nope.
You’re just redirecting to another WAN so to speak.

It will work as this is what I do for traffic I want to exit via the VPN rather WAN for given vlans.

What type of VPN - site to site or VPN provider i.e. PIA

Slaps forehead
OK, thanks.

Actually, if you have control of the other side also, you should also be able to use static routes. Then you have to add your remote networks to the OpenVPN client config.

What I’ve described earlier is if you are going through a paid for VPN service which is what I thought you meant, but I think you don’t. However saying that changing the GW should still work.

The advantage of the remote routes is that you can access both the remote location and the rest of the internet, just for reference.

Yes, I have control of the other side. It’s my own Ubuntu server hosted in a cloud.