GL-AR750S: OpenVPN routing and firewall

I set up an OpenVPN client to connect the router (GL-AR750S) to my home network. It works well, but I’d like to route only traffic destined for my home network through the VPN, leaving WAN traffic going through the wlan-sta interface. How can I acoomlish this? This is what my routing table looks like:

root@GL-AR750S:~# ip route
0.0.0.0/1 dev tun0 scope link
default via 192.168.156.33 dev wlan-sta proto static src 192.168.156.98 metric 20
10.33.0.0/16 via 10.36.1.1 dev tun0
10.33.0.1 via 192.168.156.33 dev wlan-sta
10.35.0.0/16 via 10.36.1.1 dev tun0
10.36.1.1 dev tun0 proto kernel scope link src 10.36.1.2
96.60.55.8 via 192.168.156.33 dev wlan-sta
128.0.0.0/1 dev tun0 scope link
192.168.8.0/24 dev br-lan proto kernel scope link src 192.168.8.1
192.168.156.0/24 dev wlan-sta proto static scope link metric 20

Also, I want to be able to connect from my home network back to the router over the VPN. This is possible by changing the Luci->Firewall->Zones->ovpn settings to accept/accept/accept for Input/Output/Forward. However, if I disconnect/reconnect the VPN, the setting reverts to the default of reject/accept/reject. How can I make this stick?

Thanks!

Not sure how to use the route tables but our S2S solution is exactly for this purpose

Ok, thanks. This is really easy to set up using plain Ubuntu machines though (OpenVPN takes care of modifying the routing), so it seems it should be possible with OpenWRT unless it’s artificially preventing it for some reason.

I’m going to try Wireguard and see if I have better luck with that.

Site-to-site with split tunneling works fine with Wireguard, but I have the same problem with the firewall zone settings resetting every time I disconnect/reconnect the VPN.