Similar to pfsense or even my Asus-Merlin router, I would like to designate destination IP's, or domains to go through the VPN while leaving other traffic alone. With Untangle, I can do this, but it's relatively flaky. I have to visit the site through an incognito browser to get my device tagged, then reload the page in my regular browser to access the service. If I just access the service, the browser keeps the routes/session active and it doesn't matter if my device is tagged.
For example, I use Pandora while in Canada (it's blocked there). With Untangle, I can accomplish this based on the domain and tagging, but instead of just passing that traffic through, the entire device is routed through the VPN. With Asus-MerlinFW or pfSense, I can route just the traffic destined to the services' IP and leave the device itself off the VPN. Same goes for other devices that I like to leave on the VPN full time, but when I access Netflix, it fails, so I'd like to be able to route normally.