@summer
Best way to do is to add the VLAN to the remote OpenVPN settings to add the route, but if I understand you correctly, that's not an option for you.
So yes, you can go with masquerading. Rules can be added on the outbound NAT tab.
If the outbound NAT is still working in automatic mode switch to hybrid first and press save.
Then add a new rule with settings like these:
interface: <the VPN interface>
source: select 'network' and enter the alias you've set for the permitted clients
destination: <the remote LAN>
translation: interface address
This presumes that the tunnel subnet is routed to the VPN endpoint on the remote site (that it's the default gateway). Otherwise you may use any unused IP out of the LAN subnet.
Also ensure that there is a firewall rule in place on the VLAN which allows the traffic to the remote LAN.