You can prevent most of that data harvesting by using pfsense and packages properly. DNSSEC and pf-blocker ng are your friends. If the devices are using cookies for websites and services, which they most likely are, the harvesting is happening anyway, regardless of VPN use. That can only be mitigated from the client, if at all. Your issues with routing are likely due to how you’ve setup WAN, VPN and your NAT rules.
You can prevent most of that data harvesting by using pfsense and packages properly. DNSSEC and pf-blocker ng are your friends. If the devices are using cookies for websites and services, which they most likely are, the harvesting is happening anyway, regardless of VPN use. That can only be mitigated from the client, if at all. Your issues with routing are likely due to how you’ve setup WAN, VPN and your NAT rules.