Hey John!
With a little bit of research and determination most problems seem to be solvable ;)
Anyways, just wanted to keep you updated since in the meantime I managed to better understand what the the issue was (besides my lack of communicating it properly) and to solve it.
I tried to understand the DNS forwarder/resolver a little better and while I'm not fully there yet, I have a bit of an idea (which helped me refine my research)
Now, I saw that I'm not the first one that asked this question and in fact you already tried to help another user with the issue (https://forum.pfsense.org/index.php?topic=105194.msg591337#msg591337)
Should this question be asked in the future, another kind user created a tutorial to solve it (for reference: https://forum.pfsense.org/index.php?topic=106305.0)
As for as checking a DNS leak website is concerned to see whether everything is configured properly, the following happened to me before finding the above linked solution:
Enable VPN:
clients set up to use the VPN: no leaks, the results on the site are the VPN providers DNS servers
clients NOT using the VPN: their IP (from the ISP) doesn't match the results on the leak site, since the site also shows the VPN providers DNS servers as the result
If I'm not mistaken this is normal if the "Don't pull routes" option is NOT selected (selecting this would only result in DNS leaks for clients using the VPN).
If I understand correctly, the solution provided in the above link simply prevents the VPN to access the DNS resolver?
While the solution works as far as the results on the DNS leak page are concerned, it now takes quite a bit longer (2-3 seconds) to resolve addresses when using the VPN. I guess that might be normal behavior as well? (Edit: just needed to restart networkmanager - everything working as it should)
I'll try to optimize the setup further and I hope with the links mentioned above we can prevent future headaches should others run into the same issue.