We can't see the network configuration because you posted part of the firewall configuration instead of /etc/config/network.
Better remove the zone and forwardings and add the vpn interface (network) to the lan firewall zone.
By default, windows firewall does not accept connections originating outside its own ip subnet. Open the host firewall or enable masquerading on the lan zone to see if this is the case.