HowTo OpenVPN only into IPFires DMZ?

I like to allow an OpenVPN-Client to reach only the orange LAN (DMZ) on IPFire side, green and blue are not allowed.

This works with a Win10 Client but I also like to use a Teltonika Router as a OpenVPN-Client, but when I use the same Config on the Router I am able to reach also Green and Blue which should not be alllowed…

There is a Firewall-rule to allow OpenVPN to reach all, does this overrule the OpenVPN-Client setup?

But why does it work right on the Windows 10 machine?

Edit:
I think the difference is only the routing-table?

Hi
I found this topic because I am trying to do the same thing.
I want to provide VPN access to a machine located within the DMZ.
The purpose is to provide secure access by developers to a test system in the DMZ. The test system is not accessible from the internet.