So on the datacenter side:
-Create a virtual-router "VPN"
-Add ge-0/0/5 with ip 10.28.0.2 (some unused port on the SRX) and st0.0 to the virtual router
-Make the 0.0.0.0/0 route on the VPN virtual router 10.28.0.1
-Connect ge-0/0/5 to the 4200
-Create a VLAN on the 4200 "VPN Traffic" 10.28.0.1/29 as the gateway.
-Make port on 4200 an access port for VPN Traffic VLAN
-Add "VPN Traffic" VLAN to my 0.0.0.1 OSPF Area (10.29.0.0/29 is my 0.0.0.0 backbone)
-Voila?
That should in theory work correct? I'm guessing there wouldn't be an issue trunking the VLAN instead of using a physical port if I so choose.