IP => WebProxy => Src.Address: set the tunnel IP.
Then you set up PBR according to wiki.mikrotik.com/wiki/Policy_Base_Routing with three differences:
1) mangle => chain = input instead of prerouting,
2) mangle => advanced => content does not need to be checked,
3) nat is not needed.

Or, for Proxy on Mikrotik, register ParentProxy, located at the other end of the vpn.
Or selective sites (their IP addresses) are routed to a vpn channel.
Either Mikrotik listens to any port and redirects it to the IP of the machine at the other end of the vpn channel, where you can also set a proxy. Which is slightly better than the first option.
Another option is to create a rule in nat, make a redirect to the tunnel with a condition on CONTENT, specify the host name. But this is in theory, practice needs to be tested.

If you create routes on Mikrotik to the ip-addresses of the desired sites through the tunnel, requests to these sites will go into the tunnel - both direct from clients and from a proxy server.
Or do you want all direct requests from clients to go through ethernet, and all requests from a proxy server to go through a tunnel?

Explain, please, for the theory.
I understand that we are using a static route to send traffic through the VPN tunnel, marked in advance through the mangle. Where did we mark the traffic coming from? Where is the proxy server in this chain?
By the way, according to the instructions on PBR, I get:
Couldn't change Mangle Rule - routing-mark allowed only in output and prerouting chains (6)