Thank you all for your helpful responses. Here is a summary of some of the responses, what I have done so far, and what is still left. I will share my experience here in case someone is interested in having two connections, one with a VPN and another one without a VPN.
-
You don't necessarily need to have two routers to set up a with-VPN and a no-VPN connection (thanks to stangri for bringing this to my attention). You can simply set up something like the guest network explained here to have both options on the same router (there are other ways of achieving this goal but I found the one I shared the most understandable and easy to implement). In my case, I used the 2.4GHz radio for the no-VPN connection and the 5.0GHz radio for the with-VPN connection.
-
You can use SQM even when you have set up a VPN connection, e.g. one based on WireGuard (according to moeller0 and tohojo's responses). I assume you can do that by
but I haven't done that yet. If you use WireGuard, you probably need to add 60 to the per packet overhead according to this post.
- Because you now have a with-VPN and a no-VPN connection, you probably need to have something like two SQM instances. This is something I'm still struggling with but this post and this post seem to have some good pointers on how this can be handled. Although I'm not sure if the solutions explained in these posts are compatible with tohojo's configurations summarized in 2.