Firewall is fine.
You need to do Policy Based Routing and you have 3 options:
- mwan3 package
- pbr package
- a set of rules/routes for each internet connection.
You have 2 gateways, the lan and the amnezia. If you don't do policy routing all packets are forwarded to the lan gateway. With policy routing packets from vpn interface can use the gateway of amnezia.