Source Port NAT with VPN

I understand that a router (like an home router) does source port NAT (as the public IP for a LAN is normally one). If I run a VPN Client (like Open VPN) on a computer in the LAN and if the VPN packet is all encrypted (except for the external IP headers) how can the router:

  1. add TCP segments to the packet in order to inject port NAT?
  2. access the original TCP ports in order to understand the destination port?