I think that you want to use the device name "eth3:0" in your route command for traffic going to a subnet that "eth3:0" is on. All of the routes you have posted are for a device on the 192.168.0.0 network.
Your route command has a subnet that is destined for the default gateway. You only need routes for other subnets when the gateway used isn't the default.
Code:
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3
192.181.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3
169.xxx.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth3
10.0.0.0 192.168.0.2 255.0.0.0 UG 0 0 0 eth3
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth3
The first entry is correct. It defines the route for the subnet you are on. The second entry uses the default gateway, so you don't need it.
The third entry is your link local network. You don't need to disquise 169.254.0.0. Everyone has it in their hosts file and route.
The forth entry is OK. A different gateway is used. The last two entries are normal.
However your posted route is for routing traffic through two gateways without any indication of a VPN or an aliased NIC.
I'm guessing that this host route entry is for the host in the DMZ.
Code:
149.xx.xx.20 192.168.0.1 255.255.255.255 UGH 0 0 0 eth3
If this is the case and the 192.168.0.1 gateway is the IP address of your VPN device, then this is the one that should use "eth3:0".
With only one IP address being used for the VPN, I think you could also use IP tables to redirect traffic to eth3:0.
If you do use just one interface, you may want to use a device alias for the reason of tightening up your firewall on your host. You are using a VPN to bypass the firewall, so you need to assume that responsibility on your own firewall.