Probable DNS leak. Set your DHCP server to provide 1.1.1.1 and 1.0.0.1 DNS servers to your DHCP clients and report back. If it works for Netflix, AND you also have some sort of AdBlock in the router, AdBlock may stop working because you're now bypassing the local DNS server.
I solved this problem with two separate LAN segments, (say 192.168.1.0/24 for normal, 192.168.2.0/24 for VPN). In my scenario the first segment is used by clients requiring normal internet access (going through the normal local DNS server on the router) and se second is only used for VPN access (going directly to outside DNS servers). YMMV.