There is a problem with your curl-test, which I know how to solve, and a problem with your scheme at large, to which I can suggest a solution.
curl cannot possibly work this way: after starting the VPN, there is no gateway defined on that interface (eth0): the eth0 NIC has an IP address, and can reach your LAN, but there is no gateway from which the internet, and icanhazip.com in particular, can be reached. For curl to work this way, you will have to instruct your kernel that the specific route to 216.69.252.101 (icanhazip.com) is through the eth0 interface:
ip ro add 216.69.252.101 via your_home_routers_IP_address
Now the curl call will work as you wish.
If you want to communicate both through the VPN and outside it on a stable, complete basis, the correct way to proceed is to install a second routing table by means of policy based routing. You can find a good and concise introduction to the topic by David Schwartz on a sister-site, here. The reason why you need this contraption is that you are envisioning a system with two distinct gateways, which are not allowed unless of course there are two distinct routing tables.
Now, in order to accomplish your goal, i.e., to route packets along different routes according to user identity, you will have to set appropriate rules that select the relevant routing table. So let us suppose you now have two tables, called vpn and novpn. You will have first to use the mangle table of iptables to mark the packets according to user identity, and then supply rules for policy based routing according to the the presence (or absence) of the said mark.
It could work like this:
iptables -t mangle -I OUTPUT -m owner --uid-owner some-user -j MARK --set-mark 100
ip rule add fwmark 100 table vpn
for a user destined to use vpn, and
iptables -t mangle -I OUTPUT -m owner --uid-owner some-other-user -j MARK --set-mark 300
ip rule add fwmark 300 table novpn
for those you want to route outside the VPN. Also, it is always best to set a routing table for anything else, i.e., a default. Hope this helps.
You also need to set up a policy routing table that tells Linux to use the default gateway behind eth0 for VPN users.
So, you would create a new routing table for packets where source IP address is in 192.168.200.0/24, and make the default gateway for that routing table the default gateway behind eth0.
Best Answer
I presume you are NATting your system via iptables, with something like:
This is nearly right, all you have to do is to change the first one to:
and now all of your traffic will go through the OpenVPN.