This looks good but are you sure you need both udp and tcp? This doesn’t matter much for your issue though.
It is required because the default rules are to block all incoming traffic on all interfaces, this also applies to “new” interfaces created by VPN and not just eth0 and vifX.Y interfaces managed by Qubes OS.
When trying to connect, are you doing it from the remote VPN peer or the public IP address? You need to setup a port redirection on the VPN server to redirect traffic from the public IP address / port to the qube on its VPN IP.
VPN providers do not offer port forwarding in most cases, and when they do like Proton VPN, they only redirect a single random port using a slightly complicated method.
Yes, you just need to open the port locally.
Could you share a bit more information, in private if needed?