You don't understand what I want to do. I want my IP to stay the same but to use both connections to get balanced link and aggregate speed of the two links.
The external IP from the point of view of the website I'm vising will always be the same -- the IP of the VPN server. The VPN server does NAT to two clients, both of which have different IPs and are on different ISPs. The mwan3 package balances two TUN interfaces so that I keep my IP the same (the IP of the VPN server), but gain more bandwidth.
It doesn't work like that.
Your IP from the point of website is the last host which utilizes NAT.
Website sends all the outgoing traffic to your IP, however it doesn't remember the route of incoming traffic.
And there's no predefined route for outgoing traffic, it uses the shortest route to your IP from its own point.
That's why load balancing makes sense when you split the traffic between different IPs for different websites.
In other words, if you want to implement load balancing, you need to utilize more than single IP.
I still don't think you understand me. It's possible, I've seen it done, but I don't know if OpenWrt is capable of it. Probably is, but again nobody knows how to help me configure it, or wants a few thousand $ per month for a proprietary solution (i.e. https://www.peplink.com/).
OK, I think, I understand you now.
You want to aggregate VPN-interfaces (TUN) on OpenWrt (VPN-client) to increase total bandwidth via remote gateway providing NAT (VPN-server)?
How is the VPN connected to the internet? Is there a really fat WAN3 between VPN and WWW that is at least as fast as WAN1 + WAN2?
Anyway, I don't think MWAN3 will get you any closer to your goal. It does not support connection bonding. It may be possible to do it between an OpenVPN server and client, or using the kmod-bonding module in some way. I have no idea how, though.
Load balancing for VPN-traffic through WAN-interfaces.
Load balancing for all the other traffic through VPN-interfaces.
It should be possible to solve #1 with mwan3.
Better if VPN-server allows floating IP-addresses for VPN-clients.
As for #2, it requires testing and may be tricky.
Your mwan3 configuration from above is implementing #1, but missing #2.