OpenVPN server, no LAN no internet

Installing and Using OpenWrt Network and Wireless Configuration
27

There are some errors in your openVPN config files, including repeated lines and inconsistencies such as your client file having comp-lzo no twice, the server saying comp-lzo no but then pushing comp-lzo yes. You are pushing multiple routes and dns options including 192.168.1.1 -- I think the last one will override the previous ones. The log even shows a bunch of odd stuff happening.

I've tried to clean up your files to the bare minimum.

I think you can use this server config verbatim:

config openvpn 'vpnserver'
        option proto ‘udp’
        option port '1194'
        option dev_type 'tun'
        option dev 'ovpns0'
        option server '192.168.200.0 255.255.255.0'
        option ca '/etc/openvpn/ca.crt'
        option cert '/etc/openvpn/my-server.crt'
        option key '/etc/openvpn/my-server.key'
        option dh '/etc/openvpn/dh2048.pem'
        option tls_auth '/etc/openvpn/tls-auth.key 0'
        option tun_mtu '1500'
        option keepalive '10 120'
        option tls_server '1'
        option topology 'subnet'
        option route_gateway 'dhcp'
        option log '/tmp/openvpn.log'
        option client_to_client '1'
        option persist_key '1'
        option persist_tun '1'
        list push 'route 10.0.0.0 255.255.255.0'
        list push 'dhcp-option DNS 10.0.0.1'
        option enabled '1'

The client config will obviously require a few adjustments on your end, but try this as a template:

client
dev tun
remote my_dynamic_dns 1194 udp
remote-cert-tls server
verb 3
key-direction 1
<ca>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
</cert>
<key>
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----BEGIN OpenVPN Static key V1-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END OpenVPN Static key V1-----
</key>

you had a tag for </tls-auth> in there -- not sure if you had a the TLS auth crypto info there or not, you might need to re-add it. But basically you should be able to use this directly except for crypto stuff (ca, cert, key, maybe tls-auth), and obviously 'my_dynamic_dns' should be replaced with your actual info.

Pro-tip: put the crypto info at the end of the file so that you know you don't have to keep reading beyond it -- that may explain why you had duplicate info there.