It’s strange, the lookup-only-in-table should in theory prevent the use of the route in the “main” table, and since you are using routing rules, the packets are (should be) marked properly.
My guess is that somehow the route in main is used as “gateway of last resort”.
Probably you can add a routing rule marking the “normal” traffic and add another routing table for it, this way the “main” table has no routes.
Or - maybe - add to each of the three current “VPN” routing tables a blackhole or unreachable route with higher distance than the current gateway one.
Only ideas, mind you, nothing I have experience with.