OpenVPN Server on relay AP

Hi guys, I need help with this. My network is as follows :

ISP router (10.0.0.1) -> relayd ap/dnscrypt2 server (10.0.1.1/10.0.0.2) -> ap mesh/dhcp server (10.0.0.3).

Both AP are MiR3G, running 19.07.0-rc2. I need to have the OpenVPN server working on the relayd AP, using TCP, port 443.

Now, everything is apparently working fine according to the logs, I can connect clients to the server however no traffic seems to go through.

I suppose it's a routing issue, but I need help in figuring it out, it should be working unless I'm missing something obvious.

I followed the wiki for my server config:

verb 3
user nobody
group nogroup
dev tun0
port 443
proto tcp
server 10.2.0.0 255.255.255.0
topology subnet
client-to-client
keepalive 10 120
persist-tun
persist-key
push "route 10.0.1.0 255.255.255.0" #(I've tried 10.0.0.0 and also push dhcp-option DOMAIN "LAN"
push "dhcp-option DNS 10.0.0.2"
push "redirect-gateway def1"
push "persist-tun"
push "persist-key"

Here's the server log:

Thu Jan  2 09:54:33 2020 daemon.notice openvpn(server)[13287]: Closing TUN/TAP interface
Thu Jan  2 09:54:33 2020 daemon.notice openvpn(server)[13287]: /sbin/ifconfig tun0 0.0.0.0
Thu Jan  2 09:54:33 2020 daemon.warn openvpn(server)[13287]: Linux ip addr del failed: external program exited with error status: 1
Thu Jan  2 09:54:33 2020 daemon.notice openvpn(server)[13287]: SIGTERM[hard,] received, process exiting
Thu Jan  2 09:54:33 2020 daemon.notice openvpn(server)[14199]: OpenVPN 2.4.7 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu Jan  2 09:54:33 2020 daemon.notice openvpn(server)[14199]: library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
Thu Jan  2 09:54:33 2020 daemon.notice openvpn(server)[14199]: Diffie-Hellman initialized with 2048 bit key
Thu Jan  2 09:54:33 2020 daemon.notice openvpn(server)[14199]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Thu Jan  2 09:54:33 2020 daemon.notice openvpn(server)[14199]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Jan  2 09:54:33 2020 daemon.notice openvpn(server)[14199]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Thu Jan  2 09:54:33 2020 daemon.notice openvpn(server)[14199]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Jan  2 09:54:33 2020 daemon.notice openvpn(server)[14199]: TUN/TAP device tun0 opened
Thu Jan  2 09:54:33 2020 daemon.notice openvpn(server)[14199]: TUN/TAP TX queue length set to 100
Thu Jan  2 09:54:33 2020 daemon.notice openvpn(server)[14199]: /sbin/ifconfig tun0 10.2.0.1 netmask 255.255.255.0 mtu 1500 broadcast 10.2.0.255
Thu Jan  2 09:54:33 2020 daemon.warn openvpn(server)[14199]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Thu Jan  2 09:54:33 2020 daemon.notice openvpn(server)[14199]: Socket Buffers: R=[87380->87380] S=[16384->16384]
Thu Jan  2 09:54:33 2020 daemon.notice openvpn(server)[14199]: Listening for incoming TCP connection on [AF_INET][undef]:443
Thu Jan  2 09:54:33 2020 daemon.notice openvpn(server)[14199]: TCPv4_SERVER link local (bound): [AF_INET][undef]:443
Thu Jan  2 09:54:33 2020 daemon.notice openvpn(server)[14199]: TCPv4_SERVER link remote: [AF_UNSPEC]
Thu Jan  2 09:54:33 2020 daemon.notice openvpn(server)[14199]: GID set to nogroup
Thu Jan  2 09:54:33 2020 daemon.notice openvpn(server)[14199]: UID set to nobody
Thu Jan  2 09:54:33 2020 daemon.notice openvpn(server)[14199]: MULTI: multi_init called, r=256 v=256
Thu Jan  2 09:54:33 2020 daemon.notice openvpn(server)[14199]: IFCONFIG POOL: base=10.2.0.2 size=252, ipv6=0
Thu Jan  2 09:54:33 2020 daemon.notice openvpn(server)[14199]: MULTI: TCP INIT maxclients=1024 maxevents=1028
Thu Jan  2 09:54:33 2020 daemon.notice openvpn(server)[14199]: Initialization Sequence Completed
Thu Jan  2 09:57:50 2020 daemon.notice openvpn(server)[14199]: TCP connection established with [AF_INET]*myip*:10400
Thu Jan  2 09:57:51 2020 daemon.notice openvpn(server)[14199]: *myip*:10400 TLS: Initial packet from [AF_INET]*myip*:10400, sid=800e53e6 6f276864
Thu Jan  2 09:57:52 2020 daemon.notice openvpn(server)[14199]: *myip*:10400 VERIFY OK: depth=1, CN=ovpnca
Thu Jan  2 09:57:52 2020 daemon.notice openvpn(server)[14199]: *myip*:10400 VERIFY OK: depth=0, CN=*client*
Thu Jan  2 09:57:52 2020 daemon.notice openvpn(server)[14199]: *myip*:10400 peer info: IV_VER=2.4.7
Thu Jan  2 09:57:52 2020 daemon.notice openvpn(server)[14199]: *myip*:10400 peer info: IV_PLAT=win
Thu Jan  2 09:57:52 2020 daemon.notice openvpn(server)[14199]: *myip*:10400 peer info: IV_PROTO=2
Thu Jan  2 09:57:52 2020 daemon.notice openvpn(server)[14199]: *myip*:10400 peer info: IV_NCP=2
Thu Jan  2 09:57:52 2020 daemon.notice openvpn(server)[14199]: *myip*:10400 peer info: IV_LZ4=1
Thu Jan  2 09:57:52 2020 daemon.notice openvpn(server)[14199]: *myip*:10400 peer info: IV_LZ4v2=1
Thu Jan  2 09:57:52 2020 daemon.notice openvpn(server)[14199]: *myip*:10400 peer info: IV_LZO=1
Thu Jan  2 09:57:52 2020 daemon.notice openvpn(server)[14199]: *myip*:10400 peer info: IV_COMP_STUB=1
Thu Jan  2 09:57:52 2020 daemon.notice openvpn(server)[14199]: *myip*:10400 peer info: IV_COMP_STUBv2=1
Thu Jan  2 09:57:52 2020 daemon.notice openvpn(server)[14199]: *myip*:10400 peer info: IV_TCPNL=1
Thu Jan  2 09:57:52 2020 daemon.notice openvpn(server)[14199]: *myip*:10400 peer info: IV_GUI_VER=OpenVPN_GUI_11
Thu Jan  2 09:57:52 2020 daemon.notice openvpn(server)[14199]: *myip*:10400 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305, 2048 bit RSA
Thu Jan  2 09:57:52 2020 daemon.notice openvpn(server)[14199]: *myip*:10400 [*client*] Peer Connection Initiated with [AF_INET]*myip*:10400
Thu Jan  2 09:57:52 2020 daemon.notice openvpn(server)[14199]: *client*/*myip*:10400 MULTI_sva: pool returned IPv4=10.2.0.2, IPv6=(Not enabled)
Thu Jan  2 09:57:52 2020 daemon.notice openvpn(server)[14199]: *client*/*myip*:10400 MULTI: Learn: 10.2.0.2 -> *client*/*myip*:10400
Thu Jan  2 09:57:52 2020 daemon.notice openvpn(server)[14199]: *client*/*myip*:10400 MULTI: primary virtual IP for *client*/*myip*:10400: 10.2.0.2
Thu Jan  2 09:57:53 2020 daemon.notice openvpn(server)[14199]: *client*/*myip*:10400 PUSH: Received control message: 'PUSH_REQUEST'
Thu Jan  2 09:57:53 2020 daemon.notice openvpn(server)[14199]: *client*/*myip*:10400 SENT CONTROL [*client*]: 'PUSH_REPLY,route 10.0.0.0 255.255.255.0,dhcp-option DNS 10.0.0.2,redirect-gateway def1,persist-tun,persist-key,route-gateway 10.2.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.2.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Thu Jan  2 09:57:53 2020 daemon.notice openvpn(server)[14199]: *client*/*myip*:10400 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu Jan  2 09:57:53 2020 daemon.notice openvpn(server)[14199]: *client*/*myip*:10400 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Jan  2 09:57:53 2020 daemon.notice openvpn(server)[14199]: *client*/*myip*:10400 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Jan  2 09:58:05 2020 daemon.err openvpn(server)[14199]: *client*/*myip*:10400 Connection reset, restarting [-1]
Thu Jan  2 09:58:05 2020 daemon.notice openvpn(server)[14199]: *client*/*myip*:10400 SIGUSR1[soft,connection-reset] received, client-instance restarting
Thu Jan  2 09:58:23 2020 daemon.notice openvpn(server)[14199]: TCP connection established with [AF_INET]*myip*:10500
Thu Jan  2 09:58:24 2020 daemon.notice openvpn(server)[14199]: *myip*:10500 TLS: Initial packet from [AF_INET]*myip*:10500, sid=08b3db19 70d83303
Thu Jan  2 09:58:24 2020 daemon.notice openvpn(server)[14199]: *myip*:10500 VERIFY OK: depth=1, CN=ovpnca
Thu Jan  2 09:58:24 2020 daemon.notice openvpn(server)[14199]: *myip*:10500 VERIFY OK: depth=0, CN=*client*
Thu Jan  2 09:58:24 2020 daemon.notice openvpn(server)[14199]: *myip*:10500 peer info: IV_VER=2.4.7
Thu Jan  2 09:58:24 2020 daemon.notice openvpn(server)[14199]: *myip*:10500 peer info: IV_PLAT=win
Thu Jan  2 09:58:24 2020 daemon.notice openvpn(server)[14199]: *myip*:10500 peer info: IV_PROTO=2
Thu Jan  2 09:58:24 2020 daemon.notice openvpn(server)[14199]: *myip*:10500 peer info: IV_NCP=2
Thu Jan  2 09:58:24 2020 daemon.notice openvpn(server)[14199]: *myip*:10500 peer info: IV_LZ4=1
Thu Jan  2 09:58:24 2020 daemon.notice openvpn(server)[14199]: *myip*:10500 peer info: IV_LZ4v2=1
Thu Jan  2 09:58:24 2020 daemon.notice openvpn(server)[14199]: *myip*:10500 peer info: IV_LZO=1
Thu Jan  2 09:58:24 2020 daemon.notice openvpn(server)[14199]: *myip*:10500 peer info: IV_COMP_STUB=1
Thu Jan  2 09:58:24 2020 daemon.notice openvpn(server)[14199]: *myip*:10500 peer info: IV_COMP_STUBv2=1
Thu Jan  2 09:58:24 2020 daemon.notice openvpn(server)[14199]: *myip*:10500 peer info: IV_TCPNL=1
Thu Jan  2 09:58:24 2020 daemon.notice openvpn(server)[14199]: *myip*:10500 peer info: IV_GUI_VER=OpenVPN_GUI_11
Thu Jan  2 09:58:24 2020 daemon.notice openvpn(server)[14199]: *myip*:10500 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305, 2048 bit RSA
Thu Jan  2 09:58:24 2020 daemon.notice openvpn(server)[14199]: *myip*:10500 [*client*] Peer Connection Initiated with [AF_INET]*myip*:10500
Thu Jan  2 09:58:24 2020 daemon.notice openvpn(server)[14199]: *client*/*myip*:10500 MULTI_sva: pool returned IPv4=10.2.0.2, IPv6=(Not enabled)
Thu Jan  2 09:58:24 2020 daemon.notice openvpn(server)[14199]: *client*/*myip*:10500 MULTI: Learn: 10.2.0.2 -> *client*/*myip*:10500
Thu Jan  2 09:58:24 2020 daemon.notice openvpn(server)[14199]: *client*/*myip*:10500 MULTI: primary virtual IP for *client*/*myip*:10500: 10.2.0.2
Thu Jan  2 09:58:25 2020 daemon.notice openvpn(server)[14199]: *client*/*myip*:10500 PUSH: Received control message: 'PUSH_REQUEST'
Thu Jan  2 09:58:25 2020 daemon.notice openvpn(server)[14199]: *client*/*myip*:10500 SENT CONTROL [*client*]: 'PUSH_REPLY,route 10.0.0.0 255.255.255.0,dhcp-option DNS 10.0.0.2,redirect-gateway def1,persist-tun,persist-key,route-gateway 10.2.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.2.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Thu Jan  2 09:58:25 2020 daemon.notice openvpn(server)[14199]: *client*/*myip*:10500 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu Jan  2 09:58:25 2020 daemon.notice openvpn(server)[14199]: *client*/*myip*:10500 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Jan  2 09:58:25 2020 daemon.notice openvpn(server)[14199]: *client*/*myip*:10500 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Jan  2 10:00:58 2020 daemon.err openvpn(server)[14199]: *client*/*myip*:10500 Connection reset, restarting [-1]
Thu Jan  2 10:00:58 2020 daemon.notice openvpn(server)[14199]: *client*/*myip*:10500 SIGUSR1[soft,connection-reset] received, client-instance restarting
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      14199/openvpn

And here's the client log:

Thu Jan 02 10:15:52 2020 OpenVPN 2.4.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 25 2019
Thu Jan 02 10:15:52 2020 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Jan 02 10:15:52 2020 library versions: OpenSSL 1.1.0j  20 Nov 2018, LZO 2.10
Enter Management Password:
Thu Jan 02 10:15:52 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Jan 02 10:15:52 2020 Need hold release from management interface, waiting...
Thu Jan 02 10:15:53 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Jan 02 10:15:53 2020 MANAGEMENT: CMD 'state on'
Thu Jan 02 10:15:53 2020 MANAGEMENT: CMD 'log all on'
Thu Jan 02 10:15:53 2020 MANAGEMENT: CMD 'echo all on'
Thu Jan 02 10:15:53 2020 MANAGEMENT: CMD 'bytecount 5'
Thu Jan 02 10:15:53 2020 MANAGEMENT: CMD 'hold off'
Thu Jan 02 10:15:53 2020 MANAGEMENT: CMD 'hold release'
Thu Jan 02 10:15:56 2020 MANAGEMENT: CMD 'password [...]'
Thu Jan 02 10:15:56 2020 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Thu Jan 02 10:15:56 2020 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Jan 02 10:15:56 2020 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Thu Jan 02 10:15:56 2020 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Jan 02 10:15:56 2020 MANAGEMENT: >STATE:1577960156,RESOLVE,,,,,,
Thu Jan 02 10:15:56 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]*myip*:443
Thu Jan 02 10:15:56 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Jan 02 10:15:56 2020 Attempting to establish TCP connection with [AF_INET]*myip*:443 [nonblock]
Thu Jan 02 10:15:56 2020 MANAGEMENT: >STATE:1577960156,TCP_CONNECT,,,,,,
Thu Jan 02 10:15:57 2020 TCP connection established with [AF_INET]*myip*:443
Thu Jan 02 10:15:57 2020 TCP_CLIENT link local: (not bound)
Thu Jan 02 10:15:57 2020 TCP_CLIENT link remote: [AF_INET]*myip*:443
Thu Jan 02 10:15:57 2020 MANAGEMENT: >STATE:1577960157,WAIT,,,,,,
Thu Jan 02 10:15:57 2020 MANAGEMENT: >STATE:1577960157,AUTH,,,,,,
Thu Jan 02 10:15:57 2020 TLS: Initial packet from [AF_INET]*myip*:443, sid=8cd6e716 e44159ac
Thu Jan 02 10:15:58 2020 VERIFY OK: depth=1, CN=ovpnca
Thu Jan 02 10:15:58 2020 VERIFY KU OK
Thu Jan 02 10:15:58 2020 Validating certificate extended key usage
Thu Jan 02 10:15:58 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Jan 02 10:15:58 2020 VERIFY EKU OK
Thu Jan 02 10:15:58 2020 VERIFY OK: depth=0, CN=server
Thu Jan 02 10:15:58 2020 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305, 2048 bit RSA
Thu Jan 02 10:15:58 2020 [server] Peer Connection Initiated with [AF_INET]*myip*:443
Thu Jan 02 10:15:59 2020 MANAGEMENT: >STATE:1577960159,GET_CONFIG,,,,,,
Thu Jan 02 10:15:59 2020 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Jan 02 10:15:59 2020 PUSH: Received control message: 'PUSH_REPLY,route 10.0.1.0 255.255.255.0,dhcp-option DNS 10.0.0.2,redirect-gateway def1,persist-tun,persist-key,route-gateway 10.2.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.2.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'
Thu Jan 02 10:15:59 2020 OPTIONS IMPORT: timers and/or timeouts modified
Thu Jan 02 10:15:59 2020 OPTIONS IMPORT: --persist options modified
Thu Jan 02 10:15:59 2020 OPTIONS IMPORT: --ifconfig/up options modified
Thu Jan 02 10:15:59 2020 OPTIONS IMPORT: route options modified
Thu Jan 02 10:15:59 2020 OPTIONS IMPORT: route-related options modified
Thu Jan 02 10:15:59 2020 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Jan 02 10:15:59 2020 OPTIONS IMPORT: peer-id set
Thu Jan 02 10:15:59 2020 OPTIONS IMPORT: adjusting link_mtu to 1626
Thu Jan 02 10:15:59 2020 OPTIONS IMPORT: data channel crypto options modified
Thu Jan 02 10:15:59 2020 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu Jan 02 10:15:59 2020 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Jan 02 10:15:59 2020 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Jan 02 10:15:59 2020 interactive service msg_channel=608
Thu Jan 02 10:15:59 2020 ROUTE_GATEWAY 172.16.18.1/255.255.255.0 I=61 HWADDR=20:1a:06:c7:69:5a
Thu Jan 02 10:15:59 2020 open_tun
Thu Jan 02 10:15:59 2020 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{C84A2F5A-6484-4B37-B87B-4D71FE900643}.tap
Thu Jan 02 10:15:59 2020 TAP-Windows Driver Version 9.23 
Thu Jan 02 10:15:59 2020 Set TAP-Windows TUN subnet mode network/local/netmask = 10.2.0.0/10.2.0.2/255.255.255.0 [SUCCEEDED]
Thu Jan 02 10:15:59 2020 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.2.0.2/255.255.255.0 on interface {C84A2F5A-6484-4B37-B87B-4D71FE900643} [DHCP-serv: 10.2.0.254, lease-time: 31536000]
Thu Jan 02 10:15:59 2020 Successful ARP Flush on interface [53] {C84A2F5A-6484-4B37-B87B-4D71FE900643}
Thu Jan 02 10:15:59 2020 MANAGEMENT: >STATE:1577960159,ASSIGN_IP,,10.2.0.2,,,,
Thu Jan 02 10:16:04 2020 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Thu Jan 02 10:16:04 2020 C:\WINDOWS\system32\route.exe ADD *myip* MASK 255.255.255.255 172.16.18.1
Thu Jan 02 10:16:04 2020 Route addition via service succeeded
Thu Jan 02 10:16:04 2020 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.2.0.1
Thu Jan 02 10:16:04 2020 Route addition via service succeeded
Thu Jan 02 10:16:04 2020 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.2.0.1
Thu Jan 02 10:16:04 2020 Route addition via service succeeded
Thu Jan 02 10:16:04 2020 MANAGEMENT: >STATE:1577960164,ADD_ROUTES,,,,,,
Thu Jan 02 10:16:04 2020 C:\WINDOWS\system32\route.exe ADD 10.0.1.0 MASK 255.255.255.0 10.2.0.1
Thu Jan 02 10:16:04 2020 Route addition via service succeeded
Thu Jan 02 10:16:04 2020 Initialization Sequence Completed
Thu Jan 02 10:16:04 2020 MANAGEMENT: >STATE:1577960164,CONNECTED,SUCCESS,10.2.0.2,*myip*,443,172.16.18.20,8631
Thu Jan 02 10:16:49 2020 C:\WINDOWS\system32\route.exe DELETE 10.0.1.0 MASK 255.255.255.0 10.2.0.1
Thu Jan 02 10:16:49 2020 Route deletion via service succeeded
Thu Jan 02 10:16:49 2020 C:\WINDOWS\system32\route.exe DELETE *myip* MASK 255.255.255.255 172.16.18.1
Thu Jan 02 10:16:49 2020 Route deletion via service succeeded
Thu Jan 02 10:16:49 2020 C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.2.0.1
Thu Jan 02 10:16:49 2020 Route deletion via service succeeded
Thu Jan 02 10:16:49 2020 C:\WINDOWS\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.2.0.1
Thu Jan 02 10:16:49 2020 Route deletion via service succeeded
Thu Jan 02 10:16:49 2020 Closing TUN/TAP interface
Thu Jan 02 10:17:00 2020 TAP: DHCP address released
Thu Jan 02 10:17:00 2020 SIGTERM[hard,] received, process exiting
Thu Jan 02 10:17:00 2020 MANAGEMENT: >STATE:1577960220,EXITING,SIGTERM,,,,,

Are your clients outside the network, using their own ISP and coming back through the Internet?

Because if they are on your 10.0.0.0 LAN they can't know whether to route via VPN or direct through the LAN.

Outside my home network, over WAN.

I forgot to mention that I tried UDP (1194) first and the result was the same, clients connect but that's it.

I'm resurrecting this thread because I still have this problem and just today need it to help my parents.

Only difference is that server.conf is now default:

verb 3
user nobody
group nogroup
dev tun0
port 1194
proto udp
server 192.168.8.0 255.255.255.0
topology subnet
client-to-client
keepalive 10 120
persist-tun
persist-key
push "dhcp-option DNS 192.168.8.1"
push "dhcp-option DOMAIN lan"
push "redirect-gateway def1"
push "persist-tun"
push "persist-key"

Some help would be very welcome!