default hmac tls-auth are not working as expected

[acecombat2]

Martin, your default configuration of tls-auth for some reason it does not allow the client to connect, confirmed both ta.key for server and ta key inline are identical.

at first I tried with ddns then followed by local.

both couldn't allow connection.

Sun Sep 15 11:40:31 2019 Authenticate/Decrypt packet error: packet HMAC authentication failed
,Sun Sep 15 11:40:31 2019 TLS Error: incoming packet authentication failed from [AF_INET]192.168.100.101:38254
,Sun Sep 15 11:40:47 2019 Authenticate/Decrypt packet error: packet HMAC authentication failed
,Sun Sep 15 11:40:47 2019 TLS Error: incoming packet authentication failed from [AF_INET]192.168.100.101:38254
,Sun Sep 15 11:46:59 2019 event_wait : Interrupted system call (code=4)
,Sun Sep 15 11:46:59 2019 /sbin/ip route del 192.168.254.0/24
,RTNETLINK answers: Operation not permitted
,Sun Sep 15 11:46:59 2019 ERROR: Linux route delete command failed: external program exited with error status: 2
,Sun Sep 15 11:46:59 2019 /sbin/ip route del 192.168.255.0/24
,RTNETLINK answers: Operation not permitted
,Sun Sep 15 11:46:59 2019 ERROR: Linux route delete command failed: external program exited with error status: 2
,Sun Sep 15 11:46:59 2019 Closing TUN/TAP interface
,Sun Sep 15 11:46:59 2019 /sbin/ip addr del dev tun0 local 192.168.255.1 peer 192.168.255.2
,RTNETLINK answers: Operation not permitted
,Sun Sep 15 11:46:59 2019 Linux ip addr del failed: external program exited with error status: 2
,Sun Sep 15 11:46:59 2019 SIGTERM[hard,] received, process exiting
,iptables: No chain/target/match by that name.
,iptables: No chain/target/match by that name.
,Sun Sep 15 11:47:01 2019 OpenVPN 2.4.7 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 14 2019
,Sun Sep 15 11:47:01 2019 library versions: OpenSSL 1.1.1b  26 Feb 2019, LZO 2.10
,Sun Sep 15 11:47:01 2019 Diffie-Hellman initialized with 2048 bit key
,Sun Sep 15 11:47:01 2019 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
,Sun Sep 15 11:47:01 2019 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
,Sun Sep 15 11:47:01 2019 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:03
,Sun Sep 15 11:47:01 2019 TUN/TAP device tun0 opened
,Sun Sep 15 11:47:01 2019 TUN/TAP TX queue length set to 200
,Sun Sep 15 11:47:01 2019 /sbin/ip link set dev tun0 up mtu 1500
,Sun Sep 15 11:47:01 2019 /sbin/ip addr add dev tun0 local 192.168.255.1 peer 192.168.255.2
,Sun Sep 15 11:47:01 2019 /sbin/ip route add 192.168.254.0/24 via 192.168.255.2
,Sun Sep 15 11:47:01 2019 /sbin/ip route add 192.168.255.0/24 via 192.168.255.2
,Sun Sep 15 11:47:01 2019 Could not determine IPv4/IPv6 protocol. Using AF_INET
,Sun Sep 15 11:47:01 2019 Socket Buffers: R=[212992->425984] S=[212992->425984]
,Sun Sep 15 11:47:01 2019 UDPv4 link local (bound): [AF_INET][undef]:1194
,Sun Sep 15 11:47:01 2019 UDPv4 link remote: [AF_UNSPEC]
,Sun Sep 15 11:47:01 2019 GID set to nogroup
,Sun Sep 15 11:47:01 2019 UID set to nobody
,Sun Sep 15 11:47:01 2019 MULTI: multi_init called, r=256 v=256
,Sun Sep 15 11:47:01 2019 IFCONFIG POOL: base=192.168.255.4 size=62, ipv6=0
,Sun Sep 15 11:47:01 2019 Initialization Sequence Completed
,Sun Sep 15 11:47:10 2019 192.168.100.101:39128 TLS: Initial packet from [AF_INET]192.168.100.101:39128, sid=75ebf11c ff893514
,Sun Sep 15 11:47:15 2019 192.168.100.101:47176 TLS: Initial packet from [AF_INET]192.168.100.101:47176, sid=43eed8e4 11beb6ca
,Sun Sep 15 11:47:20 2019 192.168.100.101:44606 TLS: Initial packet from [AF_INET]192.168.100.101:44606, sid=2f6695b3 e7ff1691
,Sun Sep 15 11:47:25 2019 192.168.100.101:56891 TLS: Initial packet from [AF_INET]192.168.100.101:56891, sid=37cc9962 5e76dd42
,Sun Sep 15 11:47:30 2019 192.168.100.101:38874 TLS: Initial packet from [AF_INET]192.168.100.101:38874, sid=0a08bb3a 3c0ba0d6
,Sun Sep 15 11:47:40 2019 192.168.100.101:53951 TLS: Initial packet from [AF_INET]192.168.100.101:53951, sid=95290bc9 8b8fdfbb
,Sun Sep 15 11:48:00 2019 192.168.100.101:52936 TLS: Initial packet from [AF_INET]192.168.100.101:52936, sid=9d18ab87 7bb5242e
,Sun Sep 15 11:48:11 2019 192.168.100.101:39128 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
,Sun Sep 15 11:48:11 2019 192.168.100.101:39128 TLS Error: TLS handshake failed
,Sun Sep 15 11:48:11 2019 192.168.100.101:39128 SIGUSR1[soft,tls-error] received, client-instance restarting
,Sun Sep 15 11:48:15 2019 192.168.100.101:47176 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
,Sun Sep 15 11:48:15 2019 192.168.100.101:47176 TLS Error: TLS handshake failed
,Sun Sep 15 11:48:15 2019 192.168.100.101:47176 SIGUSR1[soft,tls-error] received, client-instance restarting
,Sun Sep 15 11:48:20 2019 192.168.100.101:44606 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
,Sun Sep 15 11:48:20 2019 192.168.100.101:44606 TLS Error: TLS handshake failed
,Sun Sep 15 11:48:20 2019 192.168.100.101:44606 SIGUSR1[soft,tls-error] received, client-instance restarting
,Sun Sep 15 11:48:26 2019 192.168.100.101:56891 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
,Sun Sep 15 11:48:26 2019 192.168.100.101:56891 TLS Error: TLS handshake failed
,Sun Sep 15 11:48:26 2019 192.168.100.101:56891 SIGUSR1[soft,tls-error] received, client-instance restarting
,Sun Sep 15 11:48:30 2019 192.168.100.101:38874 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
,Sun Sep 15 11:48:30 2019 192.168.100.101:38874 TLS Error: TLS handshake failed
,Sun Sep 15 11:48:30 2019 192.168.100.101:38874 SIGUSR1[soft,tls-error] received, client-instance restarting
,Sun Sep 15 11:48:40 2019 192.168.100.101:53951 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
,Sun Sep 15 11:48:40 2019 192.168.100.101:53951 TLS Error: TLS handshake failed
,Sun Sep 15 11:48:40 2019 192.168.100.101:53951 SIGUSR1[soft,tls-error] received, client-instance restarting
,Sun Sep 15 11:49:01 2019 192.168.100.101:52936 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
,Sun Sep 15 11:49:01 2019 192.168.100.101:52936 TLS Error: TLS handshake failed
,Sun Sep 15 11:49:01 2019 192.168.100.101:52936 SIGUSR1[soft,tls-error] received, client-instance restarting
,Sun Sep 15 11:57:09 2019 event_wait : Interrupted system call (code=4)
,Sun Sep 15 11:57:09 2019 /sbin/ip route del 192.168.254.0/24
,RTNETLINK answers: Operation not permitted
,Sun Sep 15 11:57:09 2019 ERROR: Linux route delete command failed: external program exited with error status: 2
,Sun Sep 15 11:57:09 2019 /sbin/ip route del 192.168.255.0/24
,RTNETLINK answers: Operation not permitted
,Sun Sep 15 11:57:09 2019 ERROR: Linux route delete command failed: external program exited with error status: 2
,Sun Sep 15 11:57:09 2019 Closing TUN/TAP interface
,Sun Sep 15 11:57:09 2019 /sbin/ip addr del dev tun0 local 192.168.255.1 peer 192.168.255.2
,RTNETLINK answers: Operation not permitted
,Sun Sep 15 11:57:09 2019 Linux ip addr del failed: external program exited with error status: 2
,Sun Sep 15 11:57:09 2019 SIGTERM[hard,] received, process exiting
,iptables: No chain/target/match by that name.
,iptables: No chain/target/match by that name.
,Sun Sep 15 11:57:10 2019 OpenVPN 2.4.7 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 14 2019
,Sun Sep 15 11:57:10 2019 library versions: OpenSSL 1.1.1b  26 Feb 2019, LZO 2.10
,Sun Sep 15 11:57:10 2019 Diffie-Hellman initialized with 2048 bit key
,Sun Sep 15 11:57:10 2019 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:03
,Sun Sep 15 11:57:10 2019 TUN/TAP device tun0 opened
,Sun Sep 15 11:57:10 2019 TUN/TAP TX queue length set to 200
,Sun Sep 15 11:57:10 2019 /sbin/ip link set dev tun0 up mtu 1500
,Sun Sep 15 11:57:10 2019 /sbin/ip addr add dev tun0 local 192.168.255.1 peer 192.168.255.2
,Sun Sep 15 11:57:10 2019 /sbin/ip route add 192.168.254.0/24 via 192.168.255.2
,Sun Sep 15 11:57:10 2019 /sbin/ip route add 192.168.255.0/24 via 192.168.255.2
,Sun Sep 15 11:57:10 2019 Could not determine IPv4/IPv6 protocol. Using AF_INET
,Sun Sep 15 11:57:10 2019 Socket Buffers: R=[212992->425984] S=[212992->425984]
,Sun Sep 15 11:57:10 2019 UDPv4 link local (bound): [AF_INET][undef]:1194
,Sun Sep 15 11:57:10 2019 UDPv4 link remote: [AF_UNSPEC]
,Sun Sep 15 11:57:10 2019 GID set to nogroup
,Sun Sep 15 11:57:10 2019 UID set to nobody
,Sun Sep 15 11:57:10 2019 MULTI: multi_init called, r=256 v=256
,Sun Sep 15 11:57:10 2019 IFCONFIG POOL: base=192.168.255.4 size=62, ipv6=0
,Sun Sep 15 11:57:10 2019 Initialization Sequence Completed
,


Client config

`client
tls-client
nobind
dev tun
remote-cert-tls server
comp-lzo
mute 20
float
resolv-retry infinite
remote-cert-eku "TLS Web Server Authentication"
remote-cert-ku a0 88
persist-tun
cipher AES-256-CBC
auth SHA256
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
tls-version-min 1.2
verify-x509-name 'subject=CN = 192.168.100.101'

<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIZ63QUZxtjtwCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECE9xDhw4R/lkBIIEyNajPu7GMg09
DoMPzcy23B5Vc3lT9UsuAirmMKU1ktEEZoLoCH8PXhUkP99JWZ2zADmIbmvpPapq
5jWU470YA+qoGU4un+dA06lNe824iqzARCROI4jQdUk4Whk/tv85wN8cWKC9eFpy
XgfTxVycl+CuiUod8XlHCs6ra371UxSu7FXrDE1/CNsGpJp3Q342QJmDsDpr+xUN
5bUDZUNH7BNUqXN+YWoj9mviiC6B/vwn5X3Y6I804S46qQaqxAgYpqYReMiyiipc
+L/Tkg1rxxr6B/Gb/CkzyWFWlOZdvetVyppHH4/bJ0MNa9Kkg2zAagqKbLhimkox
dXoue5oqOUgKb+j4z32Mf3yjlisMq/dtnv3ZN52dhOv/OjROw0InzdKpmsZGiXFj
rAZ0o9o1PHm1DGk3KZ8KcFb+PuRwCEDAM9cq4JacxFa1rb2oZ7oxBcNyv79hEZWH
LhEgmEkdDtMsFaJruHj0Sjsc6Dj6BBUUvti45dnzmgCo+Uq8HTlVq6a0Ra6hpXQr
CZve3exDk64g4sfrrKvhphGb0NVfpaJ6qKfETIMMGpmiXciyPYG8ppdwZnsUat1n
vfU9RAMnCzWIgKZknVYrpdcbaEnUsUvX1ratmudoDqajgXFtlOVSTAVFSCxmvY15
6XCcd0stn4XfbCoINBl9ZJ6jR2S3claZT7pdU81f4PkZfI3QO1NMMAgkrts/tzvj
H/ZGRb/H5umrQQNKQvh7N4+SH5J3CS+0LDYwVTokWHrdvt8QzHkPNE8mIIAcARG9
gAwqJm0LIoRZOSREzC87exlHxx2oF/gt4PG8RNZC8Vq+oKOrxYvOg5Zi9Xh3+Pxy
8DvO3PEGFVHD2djd4xOAyQdKVJSu0/Dt2IaYUTKMR6OESeiMGRn/I8LDRrzqCEZ0
I0ghKVAfmtilXdRcIm3Gvb5Tkt4KF4abcrJPkVNBN2CwQqs2yAryeo0fR+d7rYu2
EKVT0MPTsXPncd1Byygheis5aHiSMd/MknNcs0a8XAbYtk0/FLRrobEd7ZlpIvhx
R+gPFp+63Vb2TU1Y1y4+y7Eh86eEv96mIy/nkrSdSZ7y0NTTdTmUJociRFOM6Zll
CLffEMX3lr+65Ad5D23pSxWl4vdfxSMIwiehK2bQ7D2EKGD8zZybfNhTUwvmZtDQ
TVMELjw3na+NpZ4H7ib7prm1CFOvvi+tjb9+SLSPyXJx+KM0k2Bnn6KWcWnTN+ME
Wzmo6jRmuMQe3ZBC5brM41uw1q7x6nv5QdQiyVyCANRxHNZB3eOqq6mcRNdWnFoe
H6clYht2OGNPduckZ64xwRiAj9kMj/S3GEJ+XcVxWwPvsRT5zEG2HDFA34PansIw
f0rT+8BqgJuLZe2o5zkLaWEFYnb3M/Q8dZmekb5WL6/mKKVoDcRHezCu/fTJlPTZ
eNsJekWzw6aovtozH7KDgQiAMJ7HZ0otP9vUUIEUmhChtXbGznrHRNL1dNJaxDzi
hd3IoslBYkzRMqxGE4P8Nvbznj9ZbwqVyyE8Uxy2HidJGx+ZL8xoDNq6d84oSu4Y
ytMqYlfHtRp3PqGXvyb3tCp9TMYFNncBEX18IGEZ9k/FELkkbqIpHwcIfhuCO1hX
+wcu0CBDrD/egS8Y6b4HUg==
-----END ENCRYPTED PRIVATE KEY-----
</key>
<cert>
-----BEGIN CERTIFICATE-----
MIIDXjCCAkagAwIBAgIRAKmTGswvgSxOHpJskRiun9YwDQYJKoZIhvcNAQELBQAw
GjEYMBYGA1UEAwwPMTkyLjE2OC4xMDAuMTAxMB4XDTE5MDkxNTExMzgyMloXDTIy
MDgzMDExMzgyMlowEjEQMA4GA1UEAwwHY2xpZW50MTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAMRnKkByj9wQkEXo95lmZihLpp6zehNE/NernXU7aT99
roKyigDLJv+gOAk9b2Vn4lOfoLlAdkIzF84jhRS309w/VLapPTB2JOon5NrzItrt
hSprpvP09pAMh1vHj7TvBmWyw/fJGgx8niWCaArcbY7e0tSmnEqR71y9Wq/tdyXF
y0l8Np7p94Z4LOoLVyGV6a3tgS/72wXSl9KzDWINFOXl+kNt5Q3gSeuWDBP6MrdT
dJfYtNhPUbQIi2PiCtJULuMxepGZiwvWU8klrKETP8FDM7TGSV1yEZ8Lk8P57b7Z
ac7Ns4Qvf+jQz+mK/zS5XeiuRNJt1yMr0TiuEvQFi7sCAwEAAaOBpjCBozAJBgNV
HRMEAjAAMB0GA1UdDgQWBBS2W6PKPgIN5uRw5B3cgkmYhQ9f4TBVBgNVHSMETjBM
gBSAPwZTWJ1iT0pbXDx1uJSXbxO05KEepBwwGjEYMBYGA1UEAwwPMTkyLjE2OC4x
MDAuMTAxghRH5Srx05jVsQPkhwsL06Ja50mnVTATBgNVHSUEDDAKBggrBgEFBQcD
AjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAKAICAffqjimwU8azIRa
ookfMLiM2MIDDQCXlRo+OH7cnZMzqBF6RJ4gaVZQChgcm2biRQqpD+JCC6LO+lsY
Ec1xCWNSqtNM9KQxbd0S05P3rOyREba1Lzj7F8UCtU8CD09B0u/c2eXBOzYIeSQq
XAFN74CZ3Q1dwwg1xDfzYQHY05E8B4diWhW1+QKJZPUL4maoYnIYKKcA1t6G2oxA
kMfWfEBMIKEFG2+1d3mWOVfcLHB+tpqSe5oHoixMPGvaQ3K8HBwLc9pTTtqmnZKR
aKQa5PSBrkgvwyGSJjjlxG3AkWmYMbWjLKeZXRoGnRKMvUOJTr9fWPiS293ghUg1
7Uk=
-----END CERTIFICATE-----
</cert>
<ca>
-----BEGIN CERTIFICATE-----
MIIDVzCCAj+gAwIBAgIUR+Uq8dOY1bED5IcLC9OiWudJp1UwDQYJKoZIhvcNAQEL
BQAwGjEYMBYGA1UEAwwPMTkyLjE2OC4xMDAuMTAxMB4XDTE5MDkxNTExMzY0NloX
DTI5MDkxMjExMzY0NlowGjEYMBYGA1UEAwwPMTkyLjE2OC4xMDAuMTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuj3v8NvzQLbuHqOr2GJsvmGxPSwV
8No4tCKBK3pNyhjVBrNM7DCW0OuLyKp3zMub1cvWuIfb61iDrzO+76EcXWRDcB0Q
ELcSNYxWTVCPLaXhi0i1ISojyXldiYgenBqMluzxy6yCUHmX1vWWJ7R6SKTta5Ph
gWFM+rXyTMdJADxJzLA4cyFWWCxTjZMqOjx24FSBqqqHCPwf1ooR6l+3aEV9VQ6+
aPn9uU5qA+ubsbTxYM86TwMQljhp21PElIxYLLriKTvoaAoXaxX654tn/0Op1kgj
8gjpW+0SlL5QAGsv3qCIa6OJVcTA2X+v1028Ow4cFibyA/k1QNDJfuAl6QIDAQAB
o4GUMIGRMB0GA1UdDgQWBBSAPwZTWJ1iT0pbXDx1uJSXbxO05DBVBgNVHSMETjBM
gBSAPwZTWJ1iT0pbXDx1uJSXbxO05KEepBwwGjEYMBYGA1UEAwwPMTkyLjE2OC4x
MDAuMTAxghRH5Srx05jVsQPkhwsL06Ja50mnVTAMBgNVHRMEBTADAQH/MAsGA1Ud
DwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEALFeDEYiNnJTLbCr7Y1ue8mp4P117
nz2vU1s9wchAEg12feklgvESSpMj8p2ildih0mFQOTKsKoq9heBYiSSMax+AVLaz
zIC29Ks30Gg8p74kLlyce65PZ0bjjyaZPLpXv6+GmZv+esRV0jp1NAKkG0PVZf42
1pvrSi/hOxA/lVNgCq0rxLCtwKowxdvjRNWN+ajtHWmxst/rMAheI2l6fqtrbNDs
Kk2AmnSyKkfSsp29mjSkJDn6RmJ4t1BPopdTSlyBi5kitVvINGjI71kl6HzFEPEa
+GignvOhi1SdjYhpST7qAJTn6GRp5Cz5DW2+vmh4kv655Zv+ssijhaS72g==
-----END CERTIFICATE-----
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
c0b06ecfbddc06b2ed0a59cd1bfef03d
c5570c769753ff38ce3c469f00af2e2c
e26a9f8bc5b63adf1fe3ddc0837864e4
caf73d3228ae75918279c6fc5bacd398
2303888762c85c2b774cb1fa8fe23fc2
ea4ea840016bc56fdae43cf0f9550d54
505c29da0b8cbfbd71a7d9a9551fbfde
d3dc5979bc9318c8081b348202b9a55c
4ebb535eb68d91dcab5a7e57823aceed
3e649f5d4a15d3fc98a8d5c9ae278114
e310476dc5e81fddc32c66c10ae6d3a7
221b5f64e352432b056d1a8d5dad3042
111cc57b893be0d28393be93041c560d
99d4498fd188f072655f32582bf306cd
296d881022718d4c48fd9febf1d3fc9e
0b494e46423fb019a3daaffdf41d56f4
-----END OpenVPN Static key V1-----
</tls-auth>

remote 192.168.100.101 1194 udp

#be friendly to windows clients
route-delay 2

redirect-gateway def1
`

server config
`server 192.168.255.0 255.255.255.0
tls-server
verb 3
crl-verify /etc/openvpn/crl.pem
key /etc/openvpn/pki/private/192.168.100.101.key
ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/192.168.100.101.crt
dh /etc/openvpn/pki/dh.pem
tls-auth /etc/openvpn/pki/ta.key
key-direction 0
keepalive 10 60
persist-key
persist-tun
comp-lzo
mute 20
float
remote-cert-eku "TLS Web Client Authentication"
remote-cert-ku 80 08 88
cipher AES-256-CBC
auth SHA256
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
tls-version-min 1.2

proto udp
# Rely on Docker to do port mapping, internally always 1194
port 1194
dev tun0
status /tmp/openvpn-status.log

client-config-dir /etc/openvpn/ccd

# Performance tweaks
txqueuelen 200
sndbuf 393216
rcvbuf 393216
fast-io

user nobody
group nogroup
push "dhcp-option DNS 8.8.4.4"
push "dhcp-option DNS 8.8.8.8"
push "block-outside-dns"
route 192.168.254.0 255.255.255.0
`

server ta key
`#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
c0b06ecfbddc06b2ed0a59cd1bfef03d
c5570c769753ff38ce3c469f00af2e2c
e26a9f8bc5b63adf1fe3ddc0837864e4
caf73d3228ae75918279c6fc5bacd398
2303888762c85c2b774cb1fa8fe23fc2
ea4ea840016bc56fdae43cf0f9550d54
505c29da0b8cbfbd71a7d9a9551fbfde
d3dc5979bc9318c8081b348202b9a55c
4ebb535eb68d91dcab5a7e57823aceed
3e649f5d4a15d3fc98a8d5c9ae278114
e310476dc5e81fddc32c66c10ae6d3a7
221b5f64e352432b056d1a8d5dad3042
111cc57b893be0d28393be93041c560d
99d4498fd188f072655f32582bf306cd
296d881022718d4c48fd9febf1d3fc9e
0b494e46423fb019a3daaffdf41d56f4
-----END OpenVPN Static key V1-----
`
Firewall on host computer turned off, firewall on router has allowed explicitly to this host computer.

[IsThisNameGoodEnough]

I'm having the same problem. The strange thing is that the first time I setup the VPN server I had no issues and it ran for about a month. Noticed some performance issues that I think is tied to the MTU size so I tried tweaking mssfix to address. Started seeing the same issues you described. Ultimately I wiped the docker image and now I receive the same error when using the default values. Kind of stumped on this one.