If you want to force VPN traffic to certain WAN link, you can try to create SD-WAN Policy.

Under VPN traffic, set filter as custom filter, and set protocol/source/destination as Any.
This means all VPN traffic.
Set preferred uplink as WAN 1, and failover is uplink down
With this settings, all VPN traffic will use WAN 1 until it goes down.
Plus, "Do not create VPN tunnels over the secondary uplink unless the primary uplink fails." is for Active-Active VPN tunnel setting, and it doesn't do anything with load balancing.