OpenVPN Support Forum

Greetings!

This is my first true run with OpenVPN, and I've done a fair amount of digging but am unable to isolate my issue.

Use Case
Remote clients must be able to establish a VPN tunnel to the LAN at this location
Remote clients must have an IP bridged with the local LAN (192.168.16.0/24)
Remote clients must be able to access LAN clients (anyone else on 192.168.16.0/24)
Remote clients must be able to access WAN using the NAT IP address (50.84.x.x)

LAN Configuration for the network we are connecting to
NAT Router @ 192.168.16.1
Broadcast @ 192.168.16.255
DNS @ 192.168.16.6 & 192.168.16.104

LAN Configuration for the network the client is at
NAT Router @ 192.168.86.1
Broadcast @ 192.168.86.255
DNS @ who knows

Server Configuration
port 3947
proto udp
dev tap0
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
#server 10.8.0.0 255.255.255.0
server-bridge 192.168.16.1 255.255.255.0 192.168.16.251 192.168.16.254
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 192.168.16.6"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn
verb 4
crl-verify crl.pem

Client Configuration
client
dev tap
proto udp
sndbuf 0
rcvbuf 0
remote <public IP of NAT device> 3947
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
setenv opt block-outside-dns
key-direction 1
auth-user-pass
verb 4
<ca>
stripped
</ca>
<cert>
stripped
</cert>
<key>
stripped
</key>
<tls-auth>
stripped
</tls-auth>

Client Logs @ Verbosity 4
Mon Jul 22 17:53:17 2019 us=566706 Current Parameter Settings:
Mon Jul 22 17:53:17 2019 us=567707 config = 'client.ovpn'
Mon Jul 22 17:53:17 2019 us=567707 mode = 0
Mon Jul 22 17:53:17 2019 us=567707 show_ciphers = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 show_digests = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 show_engines = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 genkey = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 key_pass_file = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 show_tls_ciphers = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 connect_retry_max = 0
Mon Jul 22 17:53:17 2019 us=567707 Connection profiles [0]:
Mon Jul 22 17:53:17 2019 us=567707 proto = udp
Mon Jul 22 17:53:17 2019 us=567707 local = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 local_port = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 remote = '<stripped>'
Mon Jul 22 17:53:17 2019 us=567707 remote_port = '3947'
Mon Jul 22 17:53:17 2019 us=567707 remote_float = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 bind_defined = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 bind_local = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 bind_ipv6_only = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 connect_retry_seconds = 5
Mon Jul 22 17:53:17 2019 us=567707 connect_timeout = 120
Mon Jul 22 17:53:17 2019 us=567707 socks_proxy_server = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 socks_proxy_port = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 tun_mtu = 1500
Mon Jul 22 17:53:17 2019 us=567707 tun_mtu_defined = ENABLED
Mon Jul 22 17:53:17 2019 us=567707 link_mtu = 1500
Mon Jul 22 17:53:17 2019 us=567707 link_mtu_defined = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 tun_mtu_extra = 32
Mon Jul 22 17:53:17 2019 us=567707 tun_mtu_extra_defined = ENABLED
Mon Jul 22 17:53:17 2019 us=567707 mtu_discover_type = -1
Mon Jul 22 17:53:17 2019 us=567707 fragment = 0
Mon Jul 22 17:53:17 2019 us=567707 mssfix = 1450
Mon Jul 22 17:53:17 2019 us=567707 explicit_exit_notification = 0
Mon Jul 22 17:53:17 2019 us=567707 Connection profiles END
Mon Jul 22 17:53:17 2019 us=567707 remote_random = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 ipchange = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 dev = 'tap'
Mon Jul 22 17:53:17 2019 us=567707 dev_type = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 dev_node = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 lladdr = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 topology = 1
Mon Jul 22 17:53:17 2019 us=567707 ifconfig_local = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 ifconfig_remote_netmask = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 ifconfig_noexec = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 ifconfig_nowarn = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 ifconfig_ipv6_local = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 ifconfig_ipv6_netbits = 0
Mon Jul 22 17:53:17 2019 us=567707 ifconfig_ipv6_remote = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 shaper = 0
Mon Jul 22 17:53:17 2019 us=567707 mtu_test = 0
Mon Jul 22 17:53:17 2019 us=567707 mlock = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 keepalive_ping = 0
Mon Jul 22 17:53:17 2019 us=567707 keepalive_timeout = 0
Mon Jul 22 17:53:17 2019 us=567707 inactivity_timeout = 0
Mon Jul 22 17:53:17 2019 us=567707 ping_send_timeout = 0
Mon Jul 22 17:53:17 2019 us=567707 ping_rec_timeout = 0
Mon Jul 22 17:53:17 2019 us=567707 ping_rec_timeout_action = 0
Mon Jul 22 17:53:17 2019 us=567707 ping_timer_remote = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 remap_sigusr1 = 0
Mon Jul 22 17:53:17 2019 us=567707 persist_tun = ENABLED
Mon Jul 22 17:53:17 2019 us=567707 persist_local_ip = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 persist_remote_ip = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 persist_key = ENABLED
Mon Jul 22 17:53:17 2019 us=567707 passtos = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 resolve_retry_seconds = 1000000000
Mon Jul 22 17:53:17 2019 us=567707 resolve_in_advance = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 username = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 groupname = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 chroot_dir = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 cd_dir = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 writepid = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 up_script = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 down_script = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 down_pre = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 up_restart = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 up_delay = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 daemon = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 inetd = 0
Mon Jul 22 17:53:17 2019 us=567707 log = ENABLED
Mon Jul 22 17:53:17 2019 us=567707 suppress_timestamps = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 machine_readable_output = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 nice = 0
Mon Jul 22 17:53:17 2019 us=567707 verbosity = 4
Mon Jul 22 17:53:17 2019 us=567707 mute = 0
Mon Jul 22 17:53:17 2019 us=567707 gremlin = 0
Mon Jul 22 17:53:17 2019 us=567707 status_file = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 status_file_version = 1
Mon Jul 22 17:53:17 2019 us=567707 status_file_update_freq = 60
Mon Jul 22 17:53:17 2019 us=567707 occ = ENABLED
Mon Jul 22 17:53:17 2019 us=567707 rcvbuf = 0
Mon Jul 22 17:53:17 2019 us=567707 sndbuf = 0
Mon Jul 22 17:53:17 2019 us=567707 sockflags = 0
Mon Jul 22 17:53:17 2019 us=567707 fast_io = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 comp.alg = 0
Mon Jul 22 17:53:17 2019 us=567707 comp.flags = 0
Mon Jul 22 17:53:17 2019 us=567707 route_script = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 route_default_gateway = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 route_default_metric = 0
Mon Jul 22 17:53:17 2019 us=567707 route_noexec = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 route_delay = 5
Mon Jul 22 17:53:17 2019 us=567707 route_delay_window = 30
Mon Jul 22 17:53:17 2019 us=567707 route_delay_defined = ENABLED
Mon Jul 22 17:53:17 2019 us=567707 route_nopull = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 route_gateway_via_dhcp = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 allow_pull_fqdn = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 management_addr = '127.0.0.1'
Mon Jul 22 17:53:17 2019 us=567707 management_port = '25340'
Mon Jul 22 17:53:17 2019 us=567707 management_user_pass = 'stdin'
Mon Jul 22 17:53:17 2019 us=567707 management_log_history_cache = 250
Mon Jul 22 17:53:17 2019 us=567707 management_echo_buffer_size = 100
Mon Jul 22 17:53:17 2019 us=567707 management_write_peer_info_file = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 management_client_user = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 management_client_group = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 management_flags = 6
Mon Jul 22 17:53:17 2019 us=567707 shared_secret_file = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 key_direction = 1
Mon Jul 22 17:53:17 2019 us=567707 ciphername = 'AES-256-CBC'
Mon Jul 22 17:53:17 2019 us=567707 ncp_enabled = ENABLED
Mon Jul 22 17:53:17 2019 us=567707 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Mon Jul 22 17:53:17 2019 us=567707 authname = 'SHA512'
Mon Jul 22 17:53:17 2019 us=567707 prng_hash = 'SHA1'
Mon Jul 22 17:53:17 2019 us=567707 prng_nonce_secret_len = 16
Mon Jul 22 17:53:17 2019 us=567707 keysize = 0
Mon Jul 22 17:53:17 2019 us=567707 engine = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 replay = ENABLED
Mon Jul 22 17:53:17 2019 us=567707 mute_replay_warnings = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 replay_window = 64
Mon Jul 22 17:53:17 2019 us=567707 replay_time = 15
Mon Jul 22 17:53:17 2019 us=567707 packet_id_file = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 use_iv = ENABLED
Mon Jul 22 17:53:17 2019 us=567707 test_crypto = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 tls_server = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 tls_client = ENABLED
Mon Jul 22 17:53:17 2019 us=567707 key_method = 2
Mon Jul 22 17:53:17 2019 us=567707 ca_file = '[[INLINE]]'
Mon Jul 22 17:53:17 2019 us=567707 ca_path = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 dh_file = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 cert_file = '[[INLINE]]'
Mon Jul 22 17:53:17 2019 us=567707 extra_certs_file = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 priv_key_file = '[[INLINE]]'
Mon Jul 22 17:53:17 2019 us=567707 pkcs12_file = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 cryptoapi_cert = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 cipher_list = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 cipher_list_tls13 = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 tls_cert_profile = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 tls_verify = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 tls_export_cert = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 verify_x509_type = 0
Mon Jul 22 17:53:17 2019 us=567707 verify_x509_name = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 crl_file = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 ns_cert_type = 0
Mon Jul 22 17:53:17 2019 us=567707 remote_cert_ku = 65535
Mon Jul 22 17:53:17 2019 us=567707 remote_cert_ku = 0
Mon Jul 22 17:53:17 2019 us=567707 remote_cert_ku = 0
Mon Jul 22 17:53:17 2019 us=567707 remote_cert_ku = 0
Mon Jul 22 17:53:17 2019 us=567707 remote_cert_ku = 0
Mon Jul 22 17:53:17 2019 us=567707 remote_cert_ku = 0
Mon Jul 22 17:53:17 2019 us=567707 remote_cert_ku = 0
Mon Jul 22 17:53:17 2019 us=567707 remote_cert_ku = 0
Mon Jul 22 17:53:17 2019 us=567707 remote_cert_ku = 0
Mon Jul 22 17:53:17 2019 us=567707 remote_cert_ku = 0
Mon Jul 22 17:53:17 2019 us=567707 remote_cert_ku[i] = 0
Mon Jul 22 17:53:17 2019 us=567707 remote_cert_ku[i] = 0
Mon Jul 22 17:53:17 2019 us=567707 remote_cert_ku[i] = 0
Mon Jul 22 17:53:17 2019 us=567707 remote_cert_ku[i] = 0
Mon Jul 22 17:53:17 2019 us=567707 remote_cert_ku[i] = 0
Mon Jul 22 17:53:17 2019 us=567707 remote_cert_ku[i] = 0
Mon Jul 22 17:53:17 2019 us=567707 remote_cert_eku = 'TLS Web Server Authentication'
Mon Jul 22 17:53:17 2019 us=567707 ssl_flags = 0
Mon Jul 22 17:53:17 2019 us=567707 tls_timeout = 2
Mon Jul 22 17:53:17 2019 us=567707 renegotiate_bytes = -1
Mon Jul 22 17:53:17 2019 us=567707 renegotiate_packets = 0
Mon Jul 22 17:53:17 2019 us=567707 renegotiate_seconds = 3600
Mon Jul 22 17:53:17 2019 us=567707 handshake_window = 60
Mon Jul 22 17:53:17 2019 us=567707 transition_window = 3600
Mon Jul 22 17:53:17 2019 us=567707 single_session = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 push_peer_info = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 tls_exit = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 tls_auth_file = '[[INLINE]]'
Mon Jul 22 17:53:17 2019 us=567707 tls_crypt_file = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=567707 pkcs11_protected_authentication = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 pkcs11_protected_authentication = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 pkcs11_protected_authentication = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 pkcs11_protected_authentication = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 pkcs11_protected_authentication = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 pkcs11_protected_authentication = DISABLED
Mon Jul 22 17:53:17 2019 us=567707 pkcs11_protected_authentication = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_protected_authentication = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_protected_authentication = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_protected_authentication = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_protected_authentication = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_protected_authentication = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_protected_authentication = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_protected_authentication = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_protected_authentication = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_protected_authentication = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_private_mode = 00000000
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_private_mode = 00000000
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_private_mode = 00000000
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_private_mode = 00000000
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_private_mode = 00000000
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_private_mode = 00000000
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_private_mode = 00000000
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_private_mode = 00000000
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_private_mode = 00000000
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_private_mode = 00000000
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_private_mode = 00000000
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_private_mode = 00000000
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_private_mode = 00000000
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_private_mode = 00000000
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_private_mode = 00000000
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_private_mode = 00000000
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_cert_private = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_cert_private = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_cert_private = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_cert_private = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_cert_private = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_cert_private = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_cert_private = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_cert_private = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_cert_private = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_cert_private = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_cert_private = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_cert_private = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_cert_private = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_cert_private = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_cert_private = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_cert_private = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_pin_cache_period = -1
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_id = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=568706 pkcs11_id_management = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 server_network = 0.0.0.0
Mon Jul 22 17:53:17 2019 us=568706 server_netmask = 0.0.0.0
Mon Jul 22 17:53:17 2019 us=568706 server_network_ipv6 = ::
Mon Jul 22 17:53:17 2019 us=568706 server_netbits_ipv6 = 0
Mon Jul 22 17:53:17 2019 us=568706 server_bridge_ip = 0.0.0.0
Mon Jul 22 17:53:17 2019 us=568706 server_bridge_netmask = 0.0.0.0
Mon Jul 22 17:53:17 2019 us=568706 server_bridge_pool_start = 0.0.0.0
Mon Jul 22 17:53:17 2019 us=568706 server_bridge_pool_end = 0.0.0.0
Mon Jul 22 17:53:17 2019 us=568706 ifconfig_pool_defined = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 ifconfig_pool_start = 0.0.0.0
Mon Jul 22 17:53:17 2019 us=568706 ifconfig_pool_end = 0.0.0.0
Mon Jul 22 17:53:17 2019 us=568706 ifconfig_pool_netmask = 0.0.0.0
Mon Jul 22 17:53:17 2019 us=568706 ifconfig_pool_persist_filename = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=568706 ifconfig_pool_persist_refresh_freq = 600
Mon Jul 22 17:53:17 2019 us=568706 ifconfig_ipv6_pool_defined = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 ifconfig_ipv6_pool_base = ::
Mon Jul 22 17:53:17 2019 us=568706 ifconfig_ipv6_pool_netbits = 0
Mon Jul 22 17:53:17 2019 us=568706 n_bcast_buf = 256
Mon Jul 22 17:53:17 2019 us=568706 tcp_queue_limit = 64
Mon Jul 22 17:53:17 2019 us=568706 real_hash_size = 256
Mon Jul 22 17:53:17 2019 us=568706 virtual_hash_size = 256
Mon Jul 22 17:53:17 2019 us=568706 client_connect_script = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=568706 learn_address_script = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=568706 client_disconnect_script = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=568706 client_config_dir = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=568706 ccd_exclusive = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 tmp_dir = 'C:\Users\alex4\AppData\Local\Temp\'
Mon Jul 22 17:53:17 2019 us=568706 push_ifconfig_defined = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 push_ifconfig_local = 0.0.0.0
Mon Jul 22 17:53:17 2019 us=568706 push_ifconfig_remote_netmask = 0.0.0.0
Mon Jul 22 17:53:17 2019 us=568706 push_ifconfig_ipv6_defined = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 push_ifconfig_ipv6_local = ::/0
Mon Jul 22 17:53:17 2019 us=568706 push_ifconfig_ipv6_remote = ::
Mon Jul 22 17:53:17 2019 us=568706 enable_c2c = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 duplicate_cn = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 cf_max = 0
Mon Jul 22 17:53:17 2019 us=568706 cf_per = 0
Mon Jul 22 17:53:17 2019 us=568706 max_clients = 1024
Mon Jul 22 17:53:17 2019 us=568706 max_routes_per_client = 256
Mon Jul 22 17:53:17 2019 us=568706 auth_user_pass_verify_script = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=568706 auth_user_pass_verify_script_via_file = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 auth_token_generate = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 auth_token_lifetime = 0
Mon Jul 22 17:53:17 2019 us=568706 client = ENABLED
Mon Jul 22 17:53:17 2019 us=568706 pull = ENABLED
Mon Jul 22 17:53:17 2019 us=568706 auth_user_pass_file = 'stdin'
Mon Jul 22 17:53:17 2019 us=568706 show_net_up = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 route_method = 0
Mon Jul 22 17:53:17 2019 us=568706 block_outside_dns = ENABLED
Mon Jul 22 17:53:17 2019 us=568706 ip_win32_defined = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 ip_win32_type = 3
Mon Jul 22 17:53:17 2019 us=568706 dhcp_masq_offset = 0
Mon Jul 22 17:53:17 2019 us=568706 dhcp_lease_time = 31536000
Mon Jul 22 17:53:17 2019 us=568706 tap_sleep = 0
Mon Jul 22 17:53:17 2019 us=568706 dhcp_options = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 dhcp_renew = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 dhcp_pre_release = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 domain = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=568706 netbios_scope = '[UNDEF]'
Mon Jul 22 17:53:17 2019 us=568706 netbios_node_type = 0
Mon Jul 22 17:53:17 2019 us=568706 disable_nbt = DISABLED
Mon Jul 22 17:53:17 2019 us=568706 OpenVPN 2.4.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Feb 21 2019
Mon Jul 22 17:53:17 2019 us=568706 Windows version 6.2 (Windows 8 or greater) 64bit
Mon Jul 22 17:53:17 2019 us=568706 library versions: OpenSSL 1.1.0j 20 Nov 2018, LZO 2.10
Enter Management Password:
Mon Jul 22 17:53:17 2019 us=570707 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Mon Jul 22 17:53:17 2019 us=570707 Need hold release from management interface, waiting...
Mon Jul 22 17:53:17 2019 us=585705 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Mon Jul 22 17:53:17 2019 us=691732 MANAGEMENT: CMD 'state on'
Mon Jul 22 17:53:17 2019 us=692710 MANAGEMENT: CMD 'log all on'
Mon Jul 22 17:53:17 2019 us=881709 MANAGEMENT: CMD 'echo all on'
Mon Jul 22 17:53:17 2019 us=886707 MANAGEMENT: CMD 'bytecount 5'
Mon Jul 22 17:53:17 2019 us=888708 MANAGEMENT: CMD 'hold off'
Mon Jul 22 17:53:17 2019 us=891708 MANAGEMENT: CMD 'hold release'
Mon Jul 22 17:53:25 2019 us=555706 MANAGEMENT: CMD 'username "Auth" "aschittko"'
Mon Jul 22 17:53:25 2019 us=596712 MANAGEMENT: CMD 'password [...]'
Mon Jul 22 17:53:25 2019 us=598709 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Jul 22 17:53:25 2019 us=598709 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Jul 22 17:53:25 2019 us=599712 Control Channel MTU parms [ L:1653 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Mon Jul 22 17:53:25 2019 us=599712 Data Channel MTU parms [ L:1653 D:1450 EF:121 EB:411 ET:32 EL:3 ]
Mon Jul 22 17:53:25 2019 us=599712 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1633,tun-mtu 1532,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Mon Jul 22 17:53:25 2019 us=599712 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1633,tun-mtu 1532,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Mon Jul 22 17:53:25 2019 us=599712 TCP/UDP: Preserving recently used remote address: [AF_INET]<stripped>:3947
Mon Jul 22 17:53:25 2019 us=599712 Socket Buffers: R=[65536->65536] S=[65536->65536]
Mon Jul 22 17:53:25 2019 us=599712 UDP link local: (not bound)
Mon Jul 22 17:53:25 2019 us=599712 UDP link remote: [AF_INET]<stripped>:3947
Mon Jul 22 17:53:25 2019 us=599712 MANAGEMENT: >STATE:1563836005,WAIT,,,,,,
Mon Jul 22 17:53:25 2019 us=623711 MANAGEMENT: >STATE:1563836005,AUTH,,,,,,
Mon Jul 22 17:53:25 2019 us=623711 TLS: Initial packet from [AF_INET]<stripped>:3947, sid=e02f752d 23f77e15
Mon Jul 22 17:53:25 2019 us=623711 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Jul 22 17:53:25 2019 us=649708 VERIFY OK: depth=1, CN=ChangeMe
Mon Jul 22 17:53:25 2019 us=650709 VERIFY KU OK
Mon Jul 22 17:53:25 2019 us=650709 Validating certificate extended key usage
Mon Jul 22 17:53:25 2019 us=650709 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Jul 22 17:53:25 2019 us=650709 VERIFY EKU OK
Mon Jul 22 17:53:25 2019 us=650709 VERIFY OK: depth=0, CN=server
Mon Jul 22 17:53:26 2019 us=135706 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Mon Jul 22 17:53:26 2019 us=135706 [server] Peer Connection Initiated with [AF_INET]<stripped>:3947
Mon Jul 22 17:53:27 2019 us=332707 MANAGEMENT: >STATE:1563836007,GET_CONFIG,,,,,,
Mon Jul 22 17:53:27 2019 us=332707 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Jul 22 17:53:27 2019 us=379707 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 192.168.16.6,route-gateway 192.168.16.1,ping 10,ping-restart 120,ifconfig 192.168.16.251 255.255.255.0,peer-id 0,cipher AES-256-GCM'
Mon Jul 22 17:53:27 2019 us=379707 OPTIONS IMPORT: timers and/or timeouts modified
Mon Jul 22 17:53:27 2019 us=379707 OPTIONS IMPORT: --ifconfig/up options modified
Mon Jul 22 17:53:27 2019 us=379707 OPTIONS IMPORT: route options modified
Mon Jul 22 17:53:27 2019 us=379707 OPTIONS IMPORT: route-related options modified
Mon Jul 22 17:53:27 2019 us=379707 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Jul 22 17:53:27 2019 us=379707 OPTIONS IMPORT: peer-id set
Mon Jul 22 17:53:27 2019 us=379707 OPTIONS IMPORT: adjusting link_mtu to 1656
Mon Jul 22 17:53:27 2019 us=379707 OPTIONS IMPORT: data channel crypto options modified
Mon Jul 22 17:53:27 2019 us=379707 Data Channel: using negotiated cipher 'AES-256-GCM'
Mon Jul 22 17:53:27 2019 us=379707 Data Channel MTU parms [ L:1584 D:1450 EF:52 EB:411 ET:32 EL:3 ]
Mon Jul 22 17:53:27 2019 us=379707 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Jul 22 17:53:27 2019 us=379707 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Jul 22 17:53:27 2019 us=379707 interactive service msg_channel=0
Mon Jul 22 17:53:27 2019 us=385707 ROUTE_GATEWAY 192.168.86.1/255.255.255.0 I=7 HWADDR=e0:d5:5e:89:08:e3
Mon Jul 22 17:53:27 2019 us=406708 open_tun
Mon Jul 22 17:53:27 2019 us=408706 TAP-WIN32 device [Ethernet 5] opened: \\.\Global\{D204AAA7-8C39-4A69-97CF-3DD05762A3F9}.tap
Mon Jul 22 17:53:27 2019 us=409708 TAP-Windows Driver Version 9.21
Mon Jul 22 17:53:27 2019 us=409708 TAP-Windows MTU=1500
Mon Jul 22 17:53:27 2019 us=412707 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.16.251/255.255.255.0 on interface {D204AAA7-8C39-4A69-97CF-3DD05762A3F9} [DHCP-serv: 192.168.16.0, lease-time: 31536000]
Mon Jul 22 17:53:27 2019 us=412707 DHCP option string: 0604c0a8 1006
Mon Jul 22 17:53:27 2019 us=413707 Successful ARP Flush on interface [24] {D204AAA7-8C39-4A69-97CF-3DD05762A3F9}
Mon Jul 22 17:53:27 2019 us=419708 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Jul 22 17:53:27 2019 us=419708 MANAGEMENT: >STATE:1563836007,ASSIGN_IP,,192.168.16.251,,,,
Mon Jul 22 17:53:27 2019 us=419708 Blocking outside DNS
Mon Jul 22 17:53:27 2019 us=432707 Block_DNS: WFP engine opened
Mon Jul 22 17:53:27 2019 us=437707 Block_DNS: Using existing sublayer
Mon Jul 22 17:53:27 2019 us=439709 Block_DNS: Added permit filters for exe_path
Mon Jul 22 17:53:27 2019 us=441708 Block_DNS: Added block filters for all interfaces
Mon Jul 22 17:53:27 2019 us=442708 Block_DNS: Added permit filters for TAP interface
Mon Jul 22 17:53:32 2019 us=41710 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Mon Jul 22 17:53:32 2019 us=41710 C:\Windows\system32\route.exe ADD <stripped> MASK 255.255.255.255 192.168.86.1
Mon Jul 22 17:53:32 2019 us=44706 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Mon Jul 22 17:53:32 2019 us=44706 Route addition via IPAPI succeeded [adaptive]
Mon Jul 22 17:53:32 2019 us=44706 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 192.168.16.1
Mon Jul 22 17:53:32 2019 us=47708 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=3 and dwForwardType=4
Mon Jul 22 17:53:32 2019 us=47708 Route addition via IPAPI succeeded [adaptive]
Mon Jul 22 17:53:32 2019 us=47708 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 192.168.16.1
Mon Jul 22 17:53:32 2019 us=50708 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=3 and dwForwardType=4
Mon Jul 22 17:53:32 2019 us=50708 Route addition via IPAPI succeeded [adaptive]
Mon Jul 22 17:53:32 2019 us=50708 Initialization Sequence Completed
Mon Jul 22 17:53:32 2019 us=50708 MANAGEMENT: >STATE:1563836012,CONNECTED,SUCCESS,192.168.16.251,<stripped>,3947,,
Mon Jul 22 18:00:05 2019 us=792887 TCP/UDP: Closing socket
Mon Jul 22 18:00:05 2019 us=792887 C:\Windows\system32\route.exe DELETE <stripped> MASK 255.255.255.255 192.168.86.1
Mon Jul 22 18:00:05 2019 us=796890 Route deletion via IPAPI succeeded [adaptive]
Mon Jul 22 18:00:05 2019 us=796890 C:\Windows\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 192.168.16.1
Mon Jul 22 18:00:05 2019 us=799891 Route deletion via IPAPI succeeded [adaptive]
Mon Jul 22 18:00:05 2019 us=799891 C:\Windows\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 192.168.16.1
Mon Jul 22 18:00:05 2019 us=803887 Route deletion via IPAPI succeeded [adaptive]
Mon Jul 22 18:00:05 2019 us=803887 Closing TUN/TAP interface
Mon Jul 22 18:00:05 2019 us=855887 TAP: DHCP address released
Mon Jul 22 18:00:05 2019 us=855887 Uninitializing WFP
Mon Jul 22 18:00:05 2019 us=923887 SIGTERM[hard,] received, process exiting
Mon Jul 22 18:00:05 2019 us=923887 MANAGEMENT: >STATE:1563836405,EXITING,SIGTERM,,,,,

Problem Statement
When the client connects, they are able to authenticate and OpenVPN reports a connection with an IP address from the server-bridge pool
The client has no WAN access, and no LAN access. The client is only able to access the OpenVPN server @ 192.168.16.33

This issue associated with the configuration of the router,a fresh reconfiguration is indeed required in this particular case, for LTE routers it's sometimes mandatory to reconfigure the same, however for netgear routers one can fix their NetGear Router Configuration Issue if it's associated with configuration.