Update: You can use personalDNSfilter to accomplish DNS-based domain blocking in a non-VPN https proxy, and then set your VPN to OpenVPN for pDNSf, a modified OpenVPN client that lets you connect to any OpenVPN server with credentials while using your private https proxy as a DNS filter, just like how Blokada would work. Through the OpenVPN app, you can connect to ProtonVPN for free; Windscribe unfortunately restricts OpenVPN credentialing to their premium users.
It's a bit more finicky to set up, but it works beautifully once you do.