We have a few requirements for VPN:
We want to aggregate VPN tunnels so we can use multiple of them on a per stream basis, mainly we want this because with more streams we can distribute CPU load.
Push all DNS traffic over the tunnels
Push all traffic from the protected VLAN (192.168.1.0/24) over the tunnels.
Any traffic going via the Unprotected VLAN goes directly out over the WAN.
I want to use two VPN providers, PIA and AirVPN for different purposes.