I’ve not tested the network manager approach - but it seems OP is missing a kill switch / DNS leak protection from within that net qube?
Manual CLI approach effectively does DROP the OUTPUT (net qube → Inet) per default by:
# Block non-VPN traffic to clearnet
nft insert rule ip qubes output oifname eth0 counter drop
# Allow traffic from the `qvpn` group to the uplink interface (eth0);
# Our VPN client will run with group `qvpn`.
nft insert rule ip qubes output oifname eth0 skgid qvpn accept
Have you tried to setup firewall rules for VPN endpoint + hardening as descripted in Wireguard VPN setup?