openvpn

Why does the Windows firewall block the ability to connect via RDP to a working computer in the domain if I access the network through an OpenVPN server?

There is a whole zoo in our network. (it just happened historically, but we are struggling with it). After transferring several computers under AD management, there was a problem with connecting to them via RDP from the outside world.
There is a corporate network 10.2.x.x, it contains a domain controller, an OpenVPN server, and much more. By AD policies, the firewall is enabled, but it allows all incoming and all outgoing. (Then the rules will be introduced).
There is an OpenVPN server, clients through it enter (tun0) into the network 192.168.x.x. Then routing works on the same server on enp2s0 which looks at 10.2.x/24.
RDP connections to computers that are NOT in the domain pass without problems from anywhere and on any subnet. But on the domain no matter how. telnet on 3389 is also silent. But if you connect through another branch, which is connected by a tunnel and is on the 10.2.u.x network, then everything works. If you disable the firewall as a service on clients, then the ability to connect generally disappears. Again, if after connecting to the OpenVPN server, through it via ssh, port -L 3389:10.2.xx:3389 is passed, then the connection to localhost:3389 passes. I suspect that the problem is using the 192.168.zx network, that the windows firewall considers it not reliable or something like that, but how to deal with this? Tell me, please, how to properly configure the GPO in which the firewall is registered?