I tend to agree with previous posters: on the surface, your set-up can be simplified.
Having said that, I also moved my R7800 from dd-wrt to OpenWrt (though, I've got completely different hardware and a different topology now). Based on (fairly) recent experience:
and
I had all this running on dd-wrt and switched successfully to OpenWrt. Personally, I found VPN Policy-Based Routing + Web UI -- Discussion to be the 'path of least resistance' in terms of PBR.