since you want all the local traffic to go over the VPN, how about place the local interfaces and the VPN tunnel interface into a separate virtual router.
The main virtual router will have the ISP interface and tunnel gateway.
The other VR has all the internal network.
The static default then for the tunnel interface is in a separate VR and will be up and pointed at the tunnel while the ISP will continue to work as needed.