I’d like to setup a second wan connection to shunt all that traffic to an upstream vpn server
As my setup is a rpi4 I can easily add another usb ethernet adapter to have a second physical wan port
I am way out of my element but… If I set it up as a wan connection, setup vpn and bind it to that wan connection, would it appear as 2 possible gateway ip’s on my network?
Tell devices to use gateway at .1.1 for no -vpn
And to use gateway .1.2 for vpn’ d traffic?
My isp provides 2 ip’s, and i run my modem in bridged mode
You don't need a 2nd, physical, WAN port for VPN.
You can route either by providing different GWs, or by routing the traffic in your firewall.
How would you get a second gateway (without vlan) otherwise?
Policy-bound-routing seems complicated to me in comparison
You only need an IP that isn't the same as the primary GW.
If you reroute everything, you can route by client IP or perhaps MAC.
Or the opposite, depending on which are the fewest, VPNed or non-VPNed clients.
Perhaps DoH or DoT is enough, instead of the VPN tunnel - https://overengineer.dev/blog/2019/04/08/very-precarious-narrative.html
Maybe it would be easier to install the pbr package. With it you can regulate which device will use the ISP link or the VPN.