I finally figured out a combination of rules that will allow this routing to happen. Here's what I did:
In Firewall -> Rules -> VLAN20, I have:
I have DHCP set up on VLAN20 to serve 192.168.20.100-192.168.20-225 ... so, I added this range to VPN_hosts_alias.
Adding the DHCP range to VPN_Hosts_alias takes care of the NAT translation to the VPN interface's address, since I already have the NAT rule set up for that alias.
Now, anything that connects to my VLAN20 automatically gets routed to VPN ... excellent!
In Firewall -> Rules -> VLAN20, I have:
- (IPv4 VPN_hosts_alias * !RFC1918_Networks * VPN_gateway *)
- (IPv4 * * * * * *)
I have DHCP set up on VLAN20 to serve 192.168.20.100-192.168.20-225 ... so, I added this range to VPN_hosts_alias.
Adding the DHCP range to VPN_Hosts_alias takes care of the NAT translation to the VPN interface's address, since I already have the NAT rule set up for that alias.
Now, anything that connects to my VLAN20 automatically gets routed to VPN ... excellent!