Hello,
This sound like a firewall-related issue. Could you please just confirm whether you're configuring your OpenVPN tunnel by importing a configuration file, using NordVPN/ExpressVPN or fully configuring every setting via WebUI? If possible please login to the CLI (SSH) and then execute the following command line:
uci set firewall.@zone[2].device='tun+' && /etc/init.d/firewall reload && /etc/init.d/openvpn reload
This should set your openvpn zone to expect any interface (device) with name tun+ to respect the openvpn firewall zone rules.
Let me know if this works
This is a custom step in case you're using hotspot services
Please note, however, that if you're using hotspot services & interfaces this will also affect them. In that case I recommend setting static "dev tun" interface name in the .ovpn configuration file or via "Custom options" in the web UI. For example, you may set it to "dev tun50" and then assign only a specific device (interface) from OpenVPN side:
uci set firewall.@zone[2].device='tun50' && /etc/init.d/firewall reload && /etc/init.d/openvpn reload
Best regards,
Tomas.