Is it possible… VPN Tunneling Question

Is it possible to set a raspberry pi up as wireless AP and only tunnel traffic from devices connected to that wireless AP through a VPN?

The goal would be to get my Apple TV only to run through my PIA VPN account without me purchasing a separate router with VPN capabilities.

As it stands all my devices are connected to my router and pi-hole handles the dhcp, everything works great. I’ve tested my PIA account using dietpi-vpn and that all works too but whilst that is connected I can’t access my pi from outside of my local network, so for this reason I’m hoping the Pi has the ability to keep everything that works now on the eth0 interface the same, but if possible, create a separate wireless network using its wifi radio which can be used to tunnel connected device traffic through the PIA VPN.

Pi eth0 traffic - no vpn
Pi wlan0 traffic - vpn

Any guidance is greatly appreciated, thanks.

I guess this should be possible but require quite some manual work as our tools doesn’t support such scenario ootb.

Maybe @trendy could give a comment on this.

Yes, it is possible. However 2 remarks. RPi has terrible wifi and it is not worthy to use it. The second is that there are tools in OpenWrt, like mwan3 and pbr, which make policy based routing - piece of cake. I would strongly advice towards considering another device to run the vpn with better wifi, or use a dedicated access point to the RPi by ethernet.
Also it will be much easier to manipulate the routing decisions from the web interface that these packages offer in OpenWrt, than doing everything from scratch in CLI.

Thank you both for time, I’ve found some openwrt routers on eBay so I’ll try one of these out.