I've followed a tutorial (https://forum.pfsense.org/index.php?topic=106305.0) to get PIA working on my pfSense (2.3) router and set up a firewall rule and alias so that only a few machines in my house are using the VPN while the rest use the regular gateway.

My problem is that if I don't check the "Don't pull routes" box in the OpenVPN config, every computer in the house goes through the VPN gateway rather than following the firewall rules I have set up.

But if I check that box, dnsleaktest.com shows my ISP, which I take to mean there's a leak. If the box is unchecked, I see Choopa, LLC, which is PIA I think.

Any ideas what I don't understand here?