OpenVPN can't connect after the recent Kicksecure updates

Bookworm-based kicksecure-qubes-cli in Qubes 4.2:
Seemingly after applying the massive Kicksecure refresh on December 18, previously-working OpenVPN says it can’t connect to the VPN servers.
OpenVPN is used from network-manager, but the “Can’t connect” messages are also seen if running openvpn directly in terminal.

Deleting and re-configuring the VPN connection didn’t help.
The firewall rules look the same as before.
Spent time troubleshooting and ended up rebuilding the template. Found out that this VPN setup works OK if the Kicksecure updates are not applied.
It also works OK on older, bullseye-based Kicksecure, which didn’t get the recent hardening updates.

Did something just change with the hardening of services, firewall, config files, apparmor, etc.?
I’d like to eventually resume getting the kicksecure updates. Any advice?