- mwan3 package
- pbr package
- a set of rules/routes for each internet connection.
Maybe in your case, a set of rule-route will be enough.
Now captive conflicts with lan. Just make it without ethernet port, only a wifi SSID.
Regarding routing, everything is sent to the tunnel, therefore make a rule that all traffic from the captive interface gets routed to wan.