Opening OpenVPN to the world

I built my own private network with OpenVPN. I bought a VPS at hosting provider A(closer to home) and another two at hosting provider B(cheaper). Using openvpn I connected the two to the OpenVPN server.

I configured the hosts at B to ONLY ALLOW connections from the VPN using UFW, so they should be safe. But now I’m scared to open the ports for the OpenVPN server(port 80 and 443). I want to do this so that I can connect from everywhere to my VPN, accessing Bitwarden and a network share(more to come).

Can people/bots exploit OpenVPN server to gain access to my network? Everything is possible right? Btw, you need a key + password to connect to my OpenVPN server.

Is fail2ban the only extra security? What can/should I do to add extra layers of security to the OpenVPN server? Port 80 and 443 are the only two “holes” in my network so I want to protect them the most. What can I do to achieve the maximum security while still being able to connect to my VPN from everywhere.