Another such moment, after rebooting the router, provided that "route_noexec" is not selected and start VPN, all clients receive a "connection refused" in the browser.
ifconfig
br-lan Link encap:Ethernet HWaddr F8:D1:11:8D:BC:61
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fdbe:5978:742c::1/60 Scope:Global
inet6 addr: fe80::fad1:11ff:fe8d:bc61/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8377 errors:0 dropped:0 overruns:0 frame:0
TX packets:11499 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1499152 (1.4 MiB) TX bytes:6806137 (6.4 MiB)
br-vpn0 Link encap:Ethernet HWaddr FA:D1:11:8D:BC:62
inet6 addr: fe80::f8d1:11ff:fe8d:bc62/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:31 errors:0 dropped:0 overruns:0 frame:0
TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2330 (2.2 KiB) TX bytes:1512 (1.4 KiB)
eth0 Link encap:Ethernet HWaddr F8:D1:11:8D:BC:61
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8341 errors:0 dropped:15 overruns:0 frame:0
TX packets:10995 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1598961 (1.5 MiB) TX bytes:6580058 (6.2 MiB)
Interrupt:5
eth1 Link encap:Ethernet HWaddr F8:D1:11:8D:BC:63
inet addr:10.193.8.135 Bcast:10.193.8.255 Mask:255.255.255.0
inet6 addr: fe80::fad1:11ff:fe8d:bc63/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8863 errors:0 dropped:116 overruns:0 frame:0
TX packets:3797 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6374622 (6.0 MiB) TX bytes:1273043 (1.2 MiB)
Interrupt:4
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:73 errors:0 dropped:0 overruns:0 frame:0
TX packets:73 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6853 (6.6 KiB) TX bytes:6853 (6.6 KiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.2 P-t-P:10.8.0.2 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:5 errors:0 dropped:0 overruns:0 frame:0
TX packets:83 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:386 (386.0 B) TX bytes:3541 (3.4 KiB)
wlan0 Link encap:Ethernet HWaddr F8:D1:11:8D:BC:62
inet6 addr: fe80::fad1:11ff:fe8d:bc62/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:179 errors:0 dropped:0 overruns:0 frame:0
TX packets:549 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:31460 (30.7 KiB) TX bytes:99075 (96.7 KiB)
wlan0-1 Link encap:Ethernet HWaddr FA:D1:11:8D:BC:62
inet6 addr: fe80::f8d1:11ff:fe8d:bc62/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:33 errors:0 dropped:0 overruns:0 frame:0
TX packets:51 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3002 (2.9 KiB) TX bytes:5578 (5.4 KiB)
Log
Sun Jan 12 11:40:01 2020 daemon.notice openvpn(myvpn)[2000]: OpenVPN 2.3.6 mips-openwrt-linux-gnu [SSL (PolarSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Sep 13 2015
Sun Jan 12 11:40:01 2020 daemon.notice openvpn(myvpn)[2000]: library versions: PolarSSL 1.3.11, LZO 2.08
Sun Jan 12 11:40:01 2020 daemon.warn openvpn(myvpn)[2000]: WARNING: file '/etc/openvpn/my-client.key' is group or others accessible
Sun Jan 12 11:40:01 2020 daemon.notice openvpn(myvpn)[2000]: Socket Buffers: R=[163840->131072] S=[163840->131072]
Sun Jan 12 11:40:01 2020 daemon.notice openvpn(myvpn)[2000]: UDPv4 link local (bound): [undef]
Sun Jan 12 11:40:01 2020 daemon.notice openvpn(myvpn)[2000]: UDPv4 link remote: [AF_INET]MYVPN.IP:1194
Sun Jan 12 11:40:01 2020 daemon.notice openvpn(myvpn)[2000]: TLS: Initial packet from [AF_INET]MYVPN.IP:1194, sid=b99a2515 78a753b2
Sun Jan 12 11:40:01 2020 daemon.notice openvpn(myvpn)[2000]: VERIFY OK: depth=1, CN=ChangeMe
Sun Jan 12 11:40:01 2020 daemon.notice openvpn(myvpn)[2000]: Validating certificate key usage
Sun Jan 12 11:40:01 2020 daemon.notice openvpn(myvpn)[2000]: ++ Certificate has key usage 00a0, expects 00a0
Sun Jan 12 11:40:01 2020 daemon.notice openvpn(myvpn)[2000]: VERIFY KU OK
Sun Jan 12 11:40:01 2020 daemon.notice openvpn(myvpn)[2000]: Validating certificate extended key usage
Sun Jan 12 11:40:01 2020 daemon.notice openvpn(myvpn)[2000]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Jan 12 11:40:01 2020 daemon.notice openvpn(myvpn)[2000]: VERIFY EKU OK
Sun Jan 12 11:40:01 2020 daemon.notice openvpn(myvpn)[2000]: VERIFY OK: depth=0, CN=server
Sun Jan 12 11:40:03 2020 daemon.notice openvpn(myvpn)[2000]: Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun Jan 12 11:40:03 2020 daemon.notice openvpn(myvpn)[2000]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan 12 11:40:03 2020 daemon.notice openvpn(myvpn)[2000]: Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun Jan 12 11:40:03 2020 daemon.notice openvpn(myvpn)[2000]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jan 12 11:40:03 2020 daemon.notice openvpn(myvpn)[2000]: Control Channel: TLSv1.2, cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, 2048 bit RSA
Sun Jan 12 11:40:03 2020 daemon.notice openvpn(myvpn)[2000]: [server] Peer Connection Initiated with [AF_INET]MYVPN.IP:1194
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0'
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: OPTIONS IMPORT: timers and/or timeouts modified
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: OPTIONS IMPORT: --ifconfig/up options modified
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: OPTIONS IMPORT: route options modified
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: OPTIONS IMPORT: route-related options modified
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: OPTIONS IMPORT: peer-id set
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: TUN/TAP device tun0 opened
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: TUN/TAP TX queue length set to 100
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: /sbin/ifconfig tun0 10.8.0.2 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255
Sun Jan 12 11:40:06 2020 daemon.notice netifd: Network device 'tun0' link is up
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: /sbin/route add -net MYVPN.IP netmask 255.255.255.255 gw 10.193.8.1
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.0.1
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.0.1
Sun Jan 12 11:40:06 2020 daemon.notice openvpn(myvpn)[2000]: Initialization Sequence Completed
I stop VPN and immediately everything works well, but without VPN.