VPN-Firewall spaghetti

i have followed all the steps here to learn setup fail closed vpn with vpnbook as example on KVM debian guest

with firewall flushed i can connect to vpn

when firewall is loaded i cant connect to openvpn error ;

write UDP: Operation not permitted (code=1)

this is my openvpn.conf
client
dev tun0
proto udp
remote 51.68.180.4 53
remote de4.vpnbook.com 53
resolv-retry infinite
nobind
persist-key
persist-tun
auth-user-pass auth
comp-lzo
verb 3
cipher AES-128-CBC
fast-io
pull
route-delay 2
redirect-gateway

#############################

VPN-Firewall specific settings

#############################

client
dev tun0

persist-tun
persist-key

script-security 2
up “/etc/openvpn/update-resolv-conf script_type=up dev=tun0”
down “/etc/openvpn/update-resolv-conf script_type=down dev=tun0”


Resolve.conf file contains :

nameserver 192.168.xx.xx

2- ist is mandatory to adde second user ?

3- is there any alternative to setup fail closed vpn

is so difficult to solve
Adrenalos firewall is also very outdated since 6 years
Good reasons to not use it .

Its very easier to use a small Iptable batch i found on a forum and it works

Did you leak test it?

yes .no leaks
100% killswitch
allows outgoing connections on a non tun0 interface but only a vpn server