No way to combine VLAN and IP-based VPN policies on firmware 4.x?

On firmware 3.x, I chose to use WG VPN client on the private network only, not on the guest network, and then had several IP-based exception to bypass the VPN on the private network. It seems that setting things up the same way on firmware 4.x is not possible, or am I missing something?

4.3.6 forces me to choose between basing my policy on IPs or VLANs. I cannot do both?

YES, this operation is not currently supported.

Is ist possible to combine the IP or domain-name based policy of the GL firmware with a VLAN-based rule configured in LuCi?

Could you comment on my question about using LuCi in combination with the GL firmware to achieve what I am looking for?

You can add the following iptables rule to make guest network not using VPN while setting the policy on IPs.

iptables -t mangle -I ROUTE_POLICY -i br-guest  -j MARK --set-mark 0x80000/0x80000
iptables -t mangle -A ROUTE_POLICY -i br-guest -j CONNMARK --save-mark --nfmask 0x1c0000 --ctmask 0x1c0000