Best approach for dual wan (failover) and single VPN w/ split tunnel

I've seen some good guides on dual VPN dual wan setups, but I haven't found a clear guide that addresses (i think) simpler goal

I only need a single vpn client, but need to use dual wan failover (Starlink and LTE).
Ideally I would like to configure the router such that:
The VPN client splits internet traffic between traffic to or from openvpn server (public static ip, and port forwarding configured for various applications on vpn client lan) and internet traffic.

I've tried to only use mwan3, but I think because I want to split tunnel, it isnt the right approach. Without the split tunneling, I just made the vpn connection first place and it worked fine.

  • Should I just attached two VPN clients (one per wan), and deal with each independently?
  • Would a single VPN client failover to the back wan gracefully?
  • If i use a single vpn client, should I be running mwan3 for the wans, and use the VPN PBR manager for the split tunneling?

Have you found the solution for 2 wan and 1 VPN config?