I'm fighting with this issue since yesterday.
I have a DSL Provider to which I connect over PPoE, then I have a VPN Provider to which I connect over SSTP through which I want to route only some traffic.
As an example I took one server and my laptop IP and set up a mangle to route the traffic through SSTP for data coming from my laptop and are going to that server.

My Laptop hast the Internal IP 192.168.10.252
The Server hast the IP 145.245.48.237
My VPN provider gives me a the IP 100.64.126.14

Here is what I have now (I tried several configurations, I'm just posting the last one)
so far, I can ping the server and the traffic is going through the SSTP as desired, but if I try to ssh or telnet to port 80 ... it doesn't work.
I really have no clue anymore what I am missing and since I didn't get much sleep due to this I think it's about time to ask for help.

If anyone else is facing this issue, the solution is in this blog post I found: https://blog.linitx.com/load-balancing- ... nnections/

First thing to note is that by default, bridge interfaces were designed for transparently bridging Layer 2 traffic and therefore it is logical that the traffic passing between the bridge ports and the bridge will not normally need to be processed by the Layer 3 firewall rules. To force Layer 2 traffic on a bridge to be processed by the Layer 3 firewall rules, we need to explicitly enable this.

so in the end, this solved my issue!