Help: openvpn client does not connect

Installing and Using OpenWrt Network and Wireless Configuration
1

I am trying to test vpn client setup using free vpngate openvpn service.
Here is their ovpn file.
I tried setting up a client using the gui getting parameters from their ovpn file and also command line option

I have opened their udp port 1787 in the firewall.

openvpn --config vpngate.ovpn.

I see following errors in the log and the connection does not work. I think this is a firewall but now sure. Am I supposed to open a port for inbound when I initiate the contact from the router? I testing this behind another LEDE router so my wan for test router is in 192.168 network.

BTW The same ovpn file works from tunnelblick on a MAC.

Sat Nov 18 23:59:10 2017 Initialization Sequence Completed
Sat Nov 18 23:59:11 2017 write UDP: Operation not permitted (code=1)
Sat Nov 18 23:59:21 2017 [*.opengw.net] Inactivity timeout (--ping-restart), restarting
Sat Nov 18 23:59:21 2017 SIGUSR1[soft,ping-restart] received, process restarting
Sat Nov 18 23:59:21 2017 Restart pause, 5 second(s)
Sat Nov 18 23:59:26 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]60.128.11.153:1787
Sat Nov 18 23:59:26 2017 Socket Buffers: R=[163840->163840] S=[163840->163840]
Sat Nov 18 23:59:26 2017 UDP link local: (not bound)
Sat Nov 18 23:59:26 2017 UDP link remote: [AF_INET]60.128.11.153:1787

BTW I am also running load balancing but only one wan is connected right now. When I start openvpn, it does create a proper TUN device.

Here is my firewall config.

root@LEDE:/etc/openvpn# cat /etc/config/firewall

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option network 'lan'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option input 'DROP'
	option network 'wan wan2 wan6'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

config zone
	option name 'vpn'
	option output 'ACCEPT'
	option masq '1'
	option network 'vpn0'
	option input 'ACCEPT'
	option forward 'ACCEPT'

config forwarding
	option dest 'wan'
	option src 'lan'

config rule
	option target 'ACCEPT'
	option src 'wan'
	option proto 'udp'
	option dest_port '1787'
	option name 'Openvpn'

config forwarding
	option dest 'lan'
	option src 'vpn'

config forwarding
	option dest 'wan'
	option src 'vpn'

config forwarding
	option dest 'vpn'
	option src 'lan'

config forwarding
	option dest 'vpn'
	option src 'wan'
2

try this:

in the shell using uci this is done with just three commands, after uploading through sftp the ovpn file in /etc/openvpn/ (change vpnname with what you want, ex. vpngate):

uci set openvpn.vpnname='openvpn'
uci set openvpn.vpnname.enabled='1'
uci set openvpn.vpnname.config='/etc/openvpn/your_vpn_conf.ovpn'