Hello, You could do this via PF, block all traffic (in and out) on any other traffic than the vpn interface.
Then allow traffic out on the physical interface ONLY to the IP(s)/port(s) of the VPN. This is what I do currently for always on VPN, I am sure there is a better way, but it works. Take care, -- Polarian GPG signature: 0770E5312238C760 Jabber/XMPP: polar...@icebound.dev
