it seems like you merely need to disable the “Block connections without VPN”.
Then in your android settings there should be a toggle to deny network access to certain apps in the android permission settings. so the apps that are split tunneled you can just deny or allow network