@Bob-Dig
thanks for the interesting hint, tagging looks like a great feature!
So basically I am tagging all (!) my current rules in the LAN section where I define which traffic is allowed and that it goes through the OpenVPN gateway.
And the I setup a rule which rejects all traffic which is tagged and goes to WAN, correct?

How do I make sure that the only connection the pfsense can do itself will be to VPN Providers DNS and OpenVPN Servers?

As far as I understand this can also be done via "floating rules":

Floating Rules can:
Filter traffic from the firewall itself
Filter traffic in the outbound direction (all other tabs are Inbound processing only)
https://docs.netgate.com/pfsense/en/latest/firewall/floating-rules.html
[...]

-Tom

And edited the title

Thanks again for all your help and time, Much appreciated