WR-841DN: (Open)VPN from (Router as only) AP does not work

Installing and Using OpenWrt Network and Wireless Configuration
1

Hello,
I (IT-amateur) have following this guide


installed OpenVPN on a LEDE-WR-841DN router, but I am now plaguing for days (!) with the following problem, maybe you see also in the "remote diagnosis" equal to the error (or my lack of understanding ...):
I want to operate this router(2) behind another (this i a router dsl modem combination of A1 in AT) as an AP (!), and only the connected devices (LAN and/or Wlan) from this router2, including a TV, should go via OperVPN to the Internet, the other devices in the (home-) network quite normally, so this solution with the AP.
My problem is, that (according to system log) i yet get (from AT) a VPN connection to my VPN-provider server in DE (Windscribe), but the devices behind go still quite normal to the Internet, so not over the German server of WindScribe. (I see, for example, on films of the ARD-TV-Mediathek, which are outside of DE for legal reasons continue to be locked ...)
With the option "redirect gateway def1" (like mr. kammerath) i was unsuccessful, probably because the connection of the Routers2 does not hang on the WAN- but on one of the Lan- connections (and which is an instruction which refers only to the Wan connection?).
In various variants, I've been following the instructions for hours, how to make LEDE routers instead of routs with Nat to simple APs, for example, do not have DPCP function on Lan-Level... everything with different firewall DNS resolution Gateway etc. settings ...
eg this manual:
https://wiki.openwrt.org/doc/recipes/dumbap
I must mention that I have also created a VPN interface (tun0, unmanaged ...), as well as the various LEDE OpenVPN instructions specify.
I am not clear what setting brings the clients on the LAN or Wlan connection of this router2 now to take the VPN tunnel instead of the normal Internet connection (only that the VPN verb is established ...?), but I am too amateur in the field to, for example to understand correctly the difference between bridge, forwarding and static routes (between lan and tun0 interface) ...
If you want to deal with it and need more information, of course, I am available.
PS: Or would it be easier, for example, if I just let between Wan and Lan the routing (nat), so that I can use the Wan port ! to the modem / router / gateway, and making so to these client devices a different network level ( I currently have 10.0.0.x, so for example on 192.168..1.x or 10.0.1.x ...) ...?
Many Thanks!