amazon web services: prevent SoftEther from routing all traffic through the VPN

I successfully configured SoftEther on my AWS free level machine and put a small instance of apache2 there. I can access the website through VPN from Windows, Mac and Linux.

BUT: when the vpn client is activated, ALL traffic goes through the VPN. This is not what I intended, it is probably not safe and will cost me (data throughput in AWS).

I have activated SecureNAT, but I don't understand how to configure it. If I disable NAT (basic), I cannot access the web server.

AWS basic machines have
eth0: flags = 4419 mtu 1500
inet netmask broadcast

and the SecureNat and SoftEther settings do not change.

I think the problem is that the DNS gateway (as shown below secureNAT) allows access not only to the web server, but also to EVERYTHING else on the web …

SEE the SecureNat standard configuration
However, if I delete this, then I do not have the knowledge to add additional routing to ONLY allow access to the web server.

The solution has being on the server side, not on the client (since clients could alter their configuration, and it will still be difficult to make them use something other than just an UFO link). However, the SecureNat dialog box has client routing rules that it can push (- which I could not configure correctly. :-()

Did anyone shed any light on this please?