I assume you are using the built in WAN failover similar to this configuration.
So the issue is that this option will keep your backup internet offline until it is needed. And all your traffic then shifts to the secondary path.
To keep both ISP active you will need to change how your local routing for the ISP and default routes are setup to allow both to be active and make sure the default route out the primary ISP works but the VPN traffic uses the second ISP. I think the simpliest solution here then is:
place the secondary ISP into a virtual router
Add a secondary default route to this VR into the main router
Add ip tracking to the first ISP to take this offline when this ISP goes down so the secondary route becomes active
Then build your primary tunnel to the second ISP and your secondary VPN to the primary ISP switching their current setup