So the fundamental issue is that you've got a dumb AP configuration where the DHCP server from your main router tells clients to use the main router (192.168.1.1) as the gateway. This means that the clients aren't even aware of the fact that they could use this router as a gateway.
What you can do is quite simple -- connect this device to the upstream using the wan port of the R6250. To make this work, you also need to change the subnet of the lan on this device... maybe use the address 192.168.5.1 (remove the gateway from the lan interface), and re-enable the DHCP server.
You'll also want to make sure that the SSID is not the same as your other APs so that you must specifically choose to connect to this one for the VPN to be in use (if it is the same, client devices may roam on and off of this AP and it will cause inconsistent behaviors).