Transparent HTTPS Proxy. Pros and cons

[WhiteTiger]

My network is... complicated. It needs to be explained better.

Multiple "home" sections coexist on the same wiring, attributable to three different families where some members work in the same company which has its own office.
So I can't have just one "IoT" network or just one "Home" network.
I can't even manage the connections of each family, for privacy reasons.

I solved it by creating 3 VLANs "Home1/2/3", one VLAN for the company, one for its guests and one for IoT devices of company.

In each Home VLAN I am not going to differentiate the use that is made of their IP addresses which will therefore concern both their PCs, SmartTVs, gaming consoles or IoT devices.
On the other hand, those who live in the 3 homes are already used to configuring their devices autonomously and creating specific VLANs, for example for their IoT devices, it would only be a complication that then they are not able to manage.

Following your advice, all traffic coming out of the 3 Home VLANs and the Guest VLAN is routed to the VPN.
Only LAN traffic goes directly to the WAN.

However, for testing purposes and specific needs, I have to release some address blocks of the 3 Homes from the WAN and not from the VPN.

My questions arise from these considerations.

For example, a Home network is 192.168.100.0/24, but the subnet 192.168.100.64/28 is allowed to bypass the VPN and go directly to the WAN.

From what you suggested, I let all the IPs on the network go to the VPN, excluding only those present in the subnet.

About the log, mine is unreadable because it is constantly filled with "let out anything from firewall host itself (force gw)" and "Block private networks from WAN" messages.
In the documentation I find that I could enable the "Disable force gateway" option, but it is not clear to me if and what consequences this could have.

[meyergru]

I would not have my log cluttered by logging "default" rules... these seem to be your own ones, so you can choose.

[AlvaradoSS]

Juggling multiple "home" sections with different families and work setups can definitely get complicated.
It's impressive how you've tackled it by creating VLANs for each home and the company, keeping things organized while respecting privacy. And kudos for considering the autonomy of each family in managing their devices.
When it comes to managing such a diverse network, have you considered the potential benefits of a 4G/5G proxy? It could provide a versatile solution for ensuring secure connections and managing network traffic, especially with the varied devices and setups you're dealing with.