2 LAN; 1 on VPN, 1 not

[borgobio]

Hi, I'm trying to setup OPNsense so that 1 LAN (192.168.0.0/24) goes on WAN with the public ip assigned by my ISP and another LAN with a different subnet (192.168.3.0/24) uses a VPN (protonVPN) already configured on OPNsense.

Unfortunately, I'm unable to make it work, I can get VPN on both or ISP's IP on both...

I created 2 manual outbound rules for WAN (PPPoE with my ISP) and VPNWAN (virtual interface associated with openvpn) but it seems that this way I only have internet access on 192.168.3.0/24 with VPN but no on 192.168.0.0/24 (well, pings go through and telegram works, but if I try to load any non-cached page, it's timeout).
https://imgur.com/a/w521HUE

I suspect it has something to do with the automatically created rule but I'm stuck here...

(I know the VPNWAN rule is disabled, ofc it was enabled when debugging)

[zan]

Your pic shows NAT outbound rules, you also need pass rules on each interface:
On LAN interface, create a pass rule with destination: !(not) This firewall, gateway: WAN.
Create a same rule on LAN2 interface, except with gateway: VPNWAN.

[borgobio]

Your pic shows NAT outbound rules, you also need pass rules on each interface:
On LAN interface, create a pass rule with destination: !(not) This firewall, gateway: WAN.
Create a same rule on LAN2 interface, except with gateway: VPNWAN.

Indeed, that was it, although now when I connect to VPN, any port forwarding on my ISP's IP is blocked.

VPN OFF => 95.231.234.179:61881 => open
VPN ON => 95.231.234.179:61881  => closed

95.231.234.179 is my ISP's IP.

It seems that stuff can get it but can't get out...
https://imgur.com/a/xxsbgxe