Setting dest_ip to a non-public IP is wrong. To open a port you only need options src, target, proto, and dest_port. Firewall rules act only if all the specified conditions match. So don't impose extra conditions.
The old syntax was option proto 'tcp udp' I don't know if multiple protocols can be done with list proto. But two points on that, if you're running the server in UDP mode you don't need to allow TCP at all, and if you wanted to allow both you could write two separate rules.
Also, your ISP may be blocking UDP or not forwarding it correctly. In that case the workaround is to use TCP.
My isp has nothing to do with the problem because I've tested everything using a RPi4 and it works.
I'gonna try separating rules in different lines and deleting dest_ip.
I've changed the router to test with the isp's and no problem, I can connect via udp protocol, so that concludes that the problem is in openwrt firewall.
Thanks again for the help. I'll keep investigating.
I thought you were running OpenVPN on your main router, in that case you would open the port to allow incoming connections on the local router. If you have a separate server you need to configure the main router to forward the public VPN server port to it.
Scrolling down to the bottom of your configuration (which I assume is the main router) you have done both, which is not going to work. The first rule listed that matches the conditions will take action and subsequent rules will be ignored. So since the local open is listed first the packet is accepted and sent to the OpenWrt OS, where it is then refused since there is no process bound to the port.
For anyone who needs help, I must say that I don't know what was the problem.
I reinstalled everything from zero and now it works, but some advice is that in the firewall zones, tun0 must be specified in the covered devices. If everything fails, start from scratch cleaning every config file. When you're stuck, you change things here and there and lost control of this changes. This is what I did.