OpenVPN Hardening and Best Practice

Good morning - I'm very keen to get some expert advice; I would describe myself as a new user, having transitioned from DD-WRT. My only prior experience with OpenWRT is with GL.inet routers that run Luci/Lede and manage everything with a nice GUI.

I have moved to stock OpenWRT on my Linksys WRT32X; I also run a Teltonika RUT240 and Teltonika RUT950.

I'll admit I resisted the move from GL.inet as their VPN setup is so simple - drop in the cert, activate, it self manages.

The current configuration I am using is based on this guide:

I did not create a new interface for the tunnel, instead opting to enter "tun+" under the OpenVPN firewall zone 'Covered Devices'.

The problem: frequent disconnects with no auto-reconnect. Is there a way around this? I was hoping to get some input on the best practice for settings up OpenVPN on an OpenWRT router (I've tried most of the guides) to produce the most robust connection - I did not have these same issues with DD-WRT.

Current OpenVPN config:

dev tun
proto udp
remote 1197
resolv-retry infinite
cipher aes-256-cbc
auth sha256
remote-cert-tls server
keepalive 10 60

auth-user-pass /etc/openvpn/PIALondon.auth
verb 1
reneg-sec 3600
-----BEGIN X509 CRL-----


-----END X509 CRL-----

# PLEX route
# If necessary, change to your gateway