I have a VPN server at home that allows me access to my LAN and internet via my tunnel. I'm not exactly sure what you mean by VPN-only access to the host, but to elaborate, my VPN sever (OpenWrt with OpenVPN) is not my primary router -- it sits behind my main router... when remote, the only way to get to the LAN or the OpenWrt VPN router is via a VPN tunnel.
On your 3rd point, you are right -- I've never tried it before, as it is rare that my VPN ever has a reason to have a network restart that wouldn't be part of a full OpenWrt reboot.
EDIT: Also worth noting that I do have wireguard installed as well, so I actually have another option should that get messed up, but yeah, I do see your point
Restarting network service resets all the declared interfaces.
It removes IP-address, sets interface down and up and then configures IP-address.
If proto=none, there's no IP-address to configure.
So, the interface becomes unroutable until you restart the VPN-service.
However managing remote host via the internet you often has VPN-only access.
And it is not always possible to gain any other access to the host in an acceptable time.
If your problem is solved, feel free to mark the relevant post as the solution; and edit the title to add "[SOLVED]" to the beginning (click the pencil behind the topic).