I have set up an OpenVPN connection over stunnel4 from my raspberry pi to my public server. The connection works fine, and I can connect using ssh over this connection both ways just fine.

I have also set up hostapd on the raspberry so that it acts as a wireless AP. This works, I can connect to the SSID from my phone.

Now comes the tricky bit, How can I route all traffic that arrives from wifi directly through the VPN?

So to be clear, I want devices like my phone that are connected to the wifi of the raspberry pi to get access to the internet through the vpn tunnel, and throught the gateway of the server, making the rapsberry a sort of "transparent VPN" gadget.

Do I have to set up DHCP on the pi (using dnsmasq or similar)? Or can I have the "DHCP" in OpenVPN supply IP addresses to whomever connects over wifi?

Server interfaces:

 eth0 - interface with public IP on the internet
 tun0 - OpenVPN tunnel interface

Raspberry interfaces:

 eth0 - interface connecting the pi to the internet behind a NAT router
 tun0 - OpenVPN tunnel interface
 wlan0 - wifi interface set up with hostapd