I want to activate VPN (tunnel to a remote VPN server, not provide VPN endpoint on my router). I then want to configure that specific devices (IP address) and a dedicated WLAN connects via VPN, all other devices without VPN. How can i reach this? Thanks.
Depending on the type of your VPN (IPsec vs. any other one), you will need either a specific IPsec configuration or a thing that Mikrotik documentation calls “policy routing”, i.e. create multiple routing tables and use routing rules or firewall mangle rules to tell the routing which table to use fo a given packet, matching on other properties of that packet than the destination address.
Do not forget to take DNS leakage, or even traffic leakage should the VPN tunnel fail, into account. You may want to ensure that the devices that use the VPN for the traffic itself use it also to access the DNS servers, and you may want to use a backup route to nowhere that will handle the sensitive traffic whenever the VPN tunnel is down.
Policy routing would be the simplest option. https://help.mikrotik.com/docs/spaces/ROS/pages/59965508/Policy+Routing
First create routing table for VPN or use a VRF interface. then add routing rule(s) src-address matching and action=lookup-only-in-table. Using policy routing has already “kill switch” built-in by using lookup-only-in-table.