HELLO
Currently my version is 21.07
Use the following iptables rules
iptables -t nat -A postrouting_wan_rule -s x.x.x.x -d x.x.x.x -m policy --dir out --pol ipsec -j ACCEPT
What is the equivalent rule of this for nft?
Let specific sources/destination go through VPN
Please, use PBR (policy-based routing) instead.
I have tried to think about conversion from iptables to nftables, but without luck.
opkg update; opkg install kmod-nft-xfrm
nft insert rule inet fw4 srcnat_wan ipsec out ip saddr x.x.x.x ip daddr y.y.y.y counter accept
Added but not working, still not using VPN 
It seems like this is the only way。
Try moving the rule to the main srcnat chain:
nft insert rule inet fw4 srcnat ipsec out ip saddr x.x.x.x ip daddr y.y.y.y counter accept
Check for hits:
nft list chain inet fw4 srcnat
Still doesn't work,i try to use
nft insert rule inet fw4 mangle_prerouting ip daddr x.x.x.x counter meta mark set 0x1
root@OpenWrt:~# ip rule
0: from all lookup local
220: from all fwmark 0x1 lookup 220
32766: from all lookup main
32767: from all lookup default
Also failed
For test
Ports 80 or 443 can be blocked when executing the following rules
nft insert rule inet fw4 mangle_prerouting ip daddr 0.0.0.0/0 counter meta mark set 10
nft insert rule inet fw4 srcnat_wan meta mark 10 counter drop
/When accept, the nexthop of tracert is vpn ip /
But when the following rules are executed, port 53 cannot be blocked(both tcp and udp).
nft insert rule inet fw4 mangle_prerouting udp dport 53 counter meta mark set 10
nft insert rule inet fw4 srcnat_wan meta mark 10 counter drop
DNS traffic is handled by the input chain .
The question now changes to how to let dns pass vpn.
Thanks.