If you have a router running PfSense Plus* and at least 3 ports, Netgate actually has pretty detailed instructions for how to do the bypass with their layer 2 routing feature. It sounds a bit complicated, but I followed along exactly as it says and it just worked for me. Has been 100% reliable for almost 2 years, and I get significantly better speed (something like 10-20% vs the built in "passthrough" mode on the gateway, iirc). Plus I managed to cut the suspicious DNS server the gateway tries to interject out of my network.

> https://docs.netgate.com/pfsense/en/latest/recipes/authbridg...

There's another method that doesn't require Plus called pfatt, but I'm not sure what the state of it is.

* Plus is the paid version, yeah I know I agree I don't like what they did with the licensing changes but that's a different story