Well, sort of. The rule you posted is correct and simple. Also PC should use router (probably 192.168.x.x) as its resolver.
Main problem is that if blocking is DNS-based, you can't trust any regular non-encrypted DNS server before you connect to VPN and use theirs. But if you want to connect to VPN using hostname, you need working DNS server. Which I guess works fine for VPN's hostname. But if router has DNS server, it will also attempt to resolve hostnames in address list, and IP addresses it gets can be wrong. They will get fixed later after they expire and new query will use VPN's DNS, but you don't know how long it will take, unless you'd play with router's cache-max-ttl (set it to lower value and after that time you can count on it being correct, if VPN stayed connected). It's not very nice solution, but it's simple.
Better but more complicated would be to start without any DNS resolver and use script with [:resolve server=8.8.8.8 public-vpn-134.opengw.net] to update server address in L2TP client. And then make sure that any DNS request from router will use VPN:
/ip firewall mangle
add chain=output protocol=tcp dst-port=53 action=mark-routing new-routing-mark=To_VPN
add chain=output protocol=udp dst-port=53 action=mark-routing new-routing-mark=To_VPN
/ip route rule
add action=lookup-only-in-table routing-mark=To_VPN table=To_VPN
Other possibility could be to use DoH, it's exactly for situations like this. You can try
https://1.1.1.1/dns-query, and if it's not blocked, it should be fine. Don't forget to enable certificate verification and load required certificate (DigiCert Global Root CA
from
https://cacerts.digicert.com/DigiCertGl ... CA.crt.pem). I also thought about using it only for resolving VPN server's address, but unfortunately it seems that when router has DoH server, it always prefers it and not even VPN's use-peer-dns=exclusively can override it.