(no title)

Yes.

Essentially it operates as a mult-home router.

Traffic on VLAN2 goes directly out to the ISP. This is useful for low latency needs such as online gaming. It is useful when you need your real IP address and do not want to trip security systems such as a online banking site might have.

VLAN 3 is used for everything else, downloading packages (apt, pacman etc, and all my web browsing). The router will send all traffic through the VPN ie tun0.

In addition I can be on VLAN3, and have "exceptions" such as to my mailserver even when on VLAN3 (my VPN VLAN).

I used CONNMARK, for this. In these circumstances the connections from VLAN3 are normally marked with a connection mark[0].

[0]: https://wiki.alpinelinux.org/wiki/Linux_Router_with_VPN_on_a...

I am at the moment finishing up the configs as Jinja templates, so that one may just input their configuration into the JSON configuration files and it will populate all the configs with envtpl https://github.com/andreasjansson/envtpl it would be trivial for one to extend this into an implementation orchestrated by something like Ansible.

I use that on combination with Yadm https://yadm.io and store it in my dotfiles.