I don't have a firewall (on my server machine anyway, is additional port forwarding needed on the router side)? and I don't use iptables so I'm not sure if that's a consideration too, but I did check these settings to no avail.
FWIW, the local IP of the machine is 10.10.10.10. The router/DHCP server is 10.10.10.1. I'm sure I have some dhcp/route settings wrong, but I hate subnets and may need this spelled out.
OS
Linux 5.11.16-300.fc34.x86_64 #1 SMP Wed Apr 21 13:18:33 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Server Config
port 82
proto udp
proto udp6
dev tun
ca ca.crt
cert issued/server.crt
key private/server.key # This file should be kept secret
dh dh.pem
topology subnet
server 172.16.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log-append /var/log/openvpn/openvpn.log
verb 4
explicit-exit-notify 1
auth SHA512
route 10.10.10.1 255.255.255.0
Client Config
client
tls-client
pull
dev tun
proto udp
remote x.x.x.x 82
resolv-retry infinite
nobind
dhcp-option DNS 8.8.8.8
persist-key
persist-tun
key-direction 1
tls-auth ta.key 1
comp-lzo
verb 4
ca ca.crt
cert client.crt
key client.key
auth SHA512
cipher AES-256-CBC
client-config-dir ccd
CCD file
iroute 10.10.10.1 255.255.255.0
These are partial, I got an error when trying to paste more.
Error Logs
client/10.10.10.1:51145 SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.10.10.1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
client/10.10.10.1:51145 IP packet with unknown IP version=0 seen
client/10.10.10.1:51145 MULTI: bad source address from client [::], packet dropped
client/10.10.10.1:51145 SIGTERM[soft,remote-exit] received, client-instance exiting