It can be done elementarily without any firewalls (I assume that the Internet is distributed through a router, and a static local address is specified on the computer), in the network interface settings we remove all data except the ip address of the computer and the network mask, i.e. the default gateway should be absent and there should be no dns, then it is necessary to register routing only to the vpn server, I bring the command from Linux (because it’s unpleasant to do such things on vend), but it can be easily adapted to Windows. there is also a route command. The command itself looks like this: route add -host <ip address of the vpn server on the Internet> gw <ip address of the local router that distributes the Internet (what was specified in the default gateway)>
Everything, in the end we have a computer that is connected to the local network and does not know anything about the Internet, but knows where the vpn server is located. Next, we connect via vpn and get internet.
ps
When I get to a computer with Windows, I'll write exactly how the command looks on Windows.

Close all ports except DNS and VPN.

considering that I’m not a Windows user at all, I just did a “hack” in a minute - I installed ipfw for win, prohibited traffic from leaving through the card. In addition to the vipian server address. and resolved everything through the virtual rising interface.

mine here can be easier.
do not specify default getway in the "local connection via NIC" settings. leave the route for LAN and that's it.
and on the OpenVPN server, make it issue default getway to clients.
when vpn is connected, all traffic will go through vpn server, when vpn connection is down, locale will be available.
this will work if the vpn server is in LAN with a win client.