First of all: Thanks for your effort!
I did a successful job on points 1 to 6. Additionally I had to replace the entry proto udp with proto tcp in the client.ovpn. If I don't change that, then no connection is possible. Then it was also possible to connect to the router again. But it is not yet possible to connect to other computers in the network.
/tmp/openvpn.log
Mon Dec 11 18:41:19 2017 us=141274 MULTI: multi_create_instance called
Mon Dec 11 18:41:19 2017 us=141407 Re-using SSL/TLS context
Mon Dec 11 18:41:19 2017 us=141580 Control Channel MTU parms [ L:1624 D:1182 EF:68 EB:0 ET:0 EL:3 ]
Mon Dec 11 18:41:19 2017 us=141650 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
Mon Dec 11 18:41:19 2017 us=141744 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Mon Dec 11 18:41:19 2017 us=141779 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Mon Dec 11 18:41:19 2017 us=141838 TCP connection established with [AF_INET]2xx.x5.xx1.1xx:38571
Mon Dec 11 18:41:19 2017 us=141872 TCP_SERVER link local: (not bound)
Mon Dec 11 18:41:19 2017 us=141908 TCP_SERVER link remote: [AF_INET]2xx.x5.xx1.1xx:38571
Mon Dec 11 18:41:20 2017 us=105827 2xx.x5.xx1.1xx:38571 TLS: Initial packet from [AF_INET]2xx.x5.xx1.1xx:38571, sid=83195a2c 845fdb42
Mon Dec 11 18:41:20 2017 us=561288 2xx.x5.xx1.1xx:38571 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=EasyRSA, emailAddress=me@myhost.mydomain
Mon Dec 11 18:41:20 2017 us=562225 2xx.x5.xx1.1xx:38571 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=OP5Remo, name=EasyRSA, emailAddress=me@myhost.mydomain
Mon Dec 11 18:41:20 2017 us=767242 2xx.x5.xx1.1xx:38571 peer info: IV_VER=2.5_master
Mon Dec 11 18:41:20 2017 us=767308 2xx.x5.xx1.1xx:38571 peer info: IV_PLAT=android
Mon Dec 11 18:41:20 2017 us=767344 2xx.x5.xx1.1xx:38571 peer info: IV_PROTO=2
Mon Dec 11 18:41:20 2017 us=767377 2xx.x5.xx1.1xx:38571 peer info: IV_NCP=2
Mon Dec 11 18:41:20 2017 us=767408 2xx.x5.xx1.1xx:38571 peer info: IV_LZ4=1
Mon Dec 11 18:41:20 2017 us=767439 2xx.x5.xx1.1xx:38571 peer info: IV_LZ4v2=1
Mon Dec 11 18:41:20 2017 us=767468 2xx.x5.xx1.1xx:38571 peer info: IV_LZO=1
Mon Dec 11 18:41:20 2017 us=767499 2xx.x5.xx1.1xx:38571 peer info: IV_COMP_STUB=1
Mon Dec 11 18:41:20 2017 us=767529 2xx.x5.xx1.1xx:38571 peer info: IV_COMP_STUBv2=1
Mon Dec 11 18:41:20 2017 us=767559 2xx.x5.xx1.1xx:38571 peer info: IV_TCPNL=1
Mon Dec 11 18:41:20 2017 us=767590 2xx.x5.xx1.1xx:38571 peer info: IV_GUI_VER=de.blinkt.openvpn_0.6.73
Mon Dec 11 18:41:20 2017 us=830809 2xx.x5.xx1.1xx:38571 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Mon Dec 11 18:41:20 2017 us=830884 2xx.x5.xx1.1xx:38571 [OP5Remo] Peer Connection Initiated with [AF_INET]2xx.x5.xx1.1xx:38571
Mon Dec 11 18:41:20 2017 us=830953 OP5Remo/2xx.x5.xx1.1xx:38571 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Mon Dec 11 18:41:20 2017 us=831080 OP5Remo/2xx.x5.xx1.1xx:38571 MULTI: Learn: 10.8.0.2 -> OP5Remo/2xx.x5.xx1.1xx:38571
Mon Dec 11 18:41:20 2017 us=831119 OP5Remo/2xx.x5.xx1.1xx:38571 MULTI: primary virtual IP for OP5Remo/2xx.x5.xx1.1xx:38571: 10.8.0.2
Mon Dec 11 18:41:21 2017 us=997206 OP5Remo/2xx.x5.xx1.1xx:38571 PUSH: Received control message: 'PUSH_REQUEST'
Mon Dec 11 18:41:21 2017 us=997333 OP5Remo/2xx.x5.xx1.1xx:38571 SENT CONTROL [OP5Remo]: 'PUSH_REPLY,persist-key,persist-tun,redirect-gateway def1,route 192.168.0.0 255.255.255.0,dhcp-option DNS 192.168.0.1,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Mon Dec 11 18:41:21 2017 us=997373 OP5Remo/2xx.x5.xx1.1xx:38571 Data Channel: using negotiated cipher 'AES-256-GCM'
Mon Dec 11 18:41:21 2017 us=997420 OP5Remo/2xx.x5.xx1.1xx:38571 Data Channel MTU parms [ L:1552 D:1450 EF:52 EB:406 ET:0 EL:3 ]
Mon Dec 11 18:41:21 2017 us=997611 OP5Remo/2xx.x5.xx1.1xx:38571 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Dec 11 18:41:21 2017 us=997650 OP5Remo/2xx.x5.xx1.1xx:38571 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Dec 11 18:41:22 2017 us=737784 OP5Remo/2xx.x5.xx1.1xx:38571 MULTI: bad source address from client [100.100.90.160], packet dropped
Mon Dec 11 18:41:22 2017 us=737943 OP5Remo/2xx.x5.xx1.1xx:38571 MULTI: bad source address from client [100.100.90.160], packet dropped
Mon Dec 11 18:41:23 2017 us=166037 OP5Remo/2xx.x5.xx1.1xx:38571 MULTI: bad source address from client [100.100.90.160], packet dropped
Mon Dec 11 18:41:23 2017 us=166142 OP5Remo/2xx.x5.xx1.1xx:38571 MULTI: bad source address from client [100.100.90.160], packet dropped
Mon Dec 11 18:41:23 2017 us=198553 OP5Remo/2xx.x5.xx1.1xx:38571 MULTI: bad source address from client [100.100.90.160], packet dropped
Mon Dec 11 18:41:23 2017 us=316171 OP5Remo/2xx.x5.xx1.1xx:38571 NOTE: --mute triggered...
Client Log
2017-12-11 19:41:17 F-Droid built and signed version 0.6.73 läuft auf OnePlus ONEPLUS A5000 (msm8998), Android 7.1.1 (NMF26X) API 25, ABI arm64-v8a, (OnePlus/OnePlus5/OnePlus5:7.1.1/NMF26X/10171617:user/release-keys)
2017-12-11 19:41:17 Generiere OpenVPN-Konfiguration…
2017-12-11 19:41:17 New OpenVPN Status (VPN_GENERATE_CONFIG->LEVEL_START):
2017-12-11 19:41:17 New OpenVPN Status (VPN_GENERATE_CONFIG->LEVEL_START):
2017-12-11 19:41:17 started Socket Thread
2017-12-11 19:41:17 Netzwerkstatus: CONNECTED LTE to MOBILE internet
2017-12-11 19:41:17 Debug state info: CONNECTED LTE to MOBILE internet, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2017-12-11 19:41:17 Current Parameter Settings:
2017-12-11 19:41:17 config = '/data/user/0/de.blinkt.openvpn/cache/android.conf'
2017-12-11 19:41:17 Warte 0s Sekunden zwischen zwei Verbindungsversuchen
2017-12-11 19:41:17 mode = 0
2017-12-11 19:41:17 show_ciphers = DISABLED
2017-12-11 19:41:17 show_digests = DISABLED
2017-12-11 19:41:17 show_engines = DISABLED
2017-12-11 19:41:17 genkey = DISABLED
2017-12-11 19:41:17 key_pass_file = '[UNDEF]'
2017-12-11 19:41:17 show_tls_ciphers = DISABLED
2017-12-11 19:41:17 connect_retry_max = 0
2017-12-11 19:41:17 Connection profiles [0]:
2017-12-11 19:41:17 proto = tcp-client
2017-12-11 19:41:17 local = '[UNDEF]'
2017-12-11 19:41:17 local_port = '[UNDEF]'
2017-12-11 19:41:17 remote = 'xxx.xx.org'
2017-12-11 19:41:17 remote_port = '1194'
2017-12-11 19:41:17 remote_float = DISABLED
2017-12-11 19:41:17 bind_defined = DISABLED
2017-12-11 19:41:17 bind_local = DISABLED
2017-12-11 19:41:17 bind_ipv6_only = DISABLED
2017-12-11 19:41:17 NOTE: --mute triggered...
2017-12-11 19:41:17 160 variation(s) on previous 20 message(s) suppressed by --mute
2017-12-11 19:41:17 OpenVPN 2.5-icsopenvpn [git:HEAD-9fa0b9a7e1240170] android-21-arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jul 18 2017
2017-12-11 19:41:17 library versions: OpenSSL 1.1.0f 25 May 2017, LZO 2.10
2017-12-11 19:41:17 MANAGEMENT: Connected to management server at /data/user/0/de.blinkt.openvpn/cache/mgmtsocket
2017-12-11 19:41:17 MANAGEMENT: CMD 'hold release'
2017-12-11 19:41:17 MANAGEMENT: CMD 'proxy NONE'
2017-12-11 19:41:17 MANAGEMENT: CMD 'bytecount 2'
2017-12-11 19:41:17 MANAGEMENT: CMD 'state on'
2017-12-11 19:41:17 Debug state info: CONNECTED LTE to MOBILE internet, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2017-12-11 19:41:18 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
2017-12-11 19:41:18 MANAGEMENT: CMD 'password [...]'
2017-12-11 19:41:18 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2017-12-11 19:41:18 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-12-11 19:41:18 New OpenVPN Status (RESOLVE->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2017-12-11 19:41:18 New OpenVPN Status (RESOLVE->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2017-12-11 19:41:18 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-12-11 19:41:18 LZO compression initializing
2017-12-11 19:41:18 Control Channel MTU parms [ L:1624 D:1182 EF:68 EB:0 ET:0 EL:3 ]
2017-12-11 19:41:18 MANAGEMENT: >STATE:1513017678,RESOLVE,,,,,,
2017-12-11 19:41:19 New OpenVPN Status (TCP_CONNECT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2017-12-11 19:41:19 New OpenVPN Status (TCP_CONNECT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2017-12-11 19:41:19 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
2017-12-11 19:41:19 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
2017-12-11 19:41:19 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
2017-12-11 19:41:19 TCP/UDP: Preserving recently used remote address: [AF_INET]xx2.2x3.xx.1xx:1194
2017-12-11 19:41:19 Socket Buffers: R=[4194304->4194304] S=[524288->524288]
2017-12-11 19:41:19 Attempting to establish TCP connection with [AF_INET]xx2.2x3.xx.1xx:1194 [nonblock]
2017-12-11 19:41:19 MANAGEMENT: >STATE:1513017679,TCP_CONNECT,,,,,,
2017-12-11 19:41:19 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2017-12-11 19:41:20 TCP connection established with [AF_INET]xx2.2x3.xx.1xx:1194
2017-12-11 19:41:20 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2017-12-11 19:41:20 TCP_CLIENT link local: (not bound)
2017-12-11 19:41:20 TCP_CLIENT link remote: [AF_INET]xx2.2x3.xx.1xx:1194
2017-12-11 19:41:20 New OpenVPN Status (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2017-12-11 19:41:20 New OpenVPN Status (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2017-12-11 19:41:20 MANAGEMENT: >STATE:1513017680,WAIT,,,,,,
2017-12-11 19:41:20 New OpenVPN Status (AUTH->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,
2017-12-11 19:41:20 New OpenVPN Status (AUTH->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,
2017-12-11 19:41:20 MANAGEMENT: >STATE:1513017680,AUTH,,,,,,
2017-12-11 19:41:20 TLS: Initial packet from [AF_INET]xx2.2x3.xx.1xx:1194, sid=9375f580 cc186dc3
2017-12-11 19:41:20 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=EasyRSA, emailAddress=me@myhost.mydomain
2017-12-11 19:41:20 VERIFY OK: nsCertType=SERVER
2017-12-11 19:41:20 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=BellevueVPN, name=EasyRSA, emailAddress=me@myhost.mydomain
2017-12-11 19:41:21 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2017-12-11 19:41:21 [BellevueVPN] Peer Connection Initiated with [AF_INET]xx2.2x3.xx.1xx:1194
2017-12-11 19:41:22 New OpenVPN Status (GET_CONFIG->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,
2017-12-11 19:41:22 New OpenVPN Status (GET_CONFIG->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,
2017-12-11 19:41:22 MANAGEMENT: >STATE:1513017682,GET_CONFIG,,,,,,
2017-12-11 19:41:22 SENT CONTROL [BellevueVPN]: 'PUSH_REQUEST' (status=1)
2017-12-11 19:41:22 New OpenVPN Status (ASSIGN_IP->LEVEL_CONNECTING_SERVER_REPLIED): ,10.8.0.2,,,,
2017-12-11 19:41:22 New OpenVPN Status (ASSIGN_IP->LEVEL_CONNECTING_SERVER_REPLIED): ,10.8.0.2,,,,
2017-12-11 19:41:22 PUSH: Received control message: 'PUSH_REPLY,persist-key,persist-tun,redirect-gateway def1,route 192.168.0.0 255.255.255.0,dhcp-option DNS 192.168.0.1,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'
2017-12-11 19:41:22 OPTIONS IMPORT: timers and/or timeouts modified
2017-12-11 19:41:22 OPTIONS IMPORT: --persist options modified
2017-12-11 19:41:22 OPTIONS IMPORT: --ifconfig/up options modified
2017-12-11 19:41:22 OPTIONS IMPORT: route options modified
2017-12-11 19:41:22 OPTIONS IMPORT: route-related options modified
2017-12-11 19:41:22 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2017-12-11 19:41:22 OPTIONS IMPORT: peer-id set
2017-12-11 19:41:22 OPTIONS IMPORT: adjusting link_mtu to 1627
2017-12-11 19:41:22 OPTIONS IMPORT: data channel crypto options modified
2017-12-11 19:41:22 Data Channel: using negotiated cipher 'AES-256-GCM'
2017-12-11 19:41:22 Data Channel MTU parms [ L:1555 D:1450 EF:55 EB:406 ET:0 EL:3 ]
2017-12-11 19:41:22 New OpenVPN Status (ADD_ROUTES->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,
2017-12-11 19:41:22 New OpenVPN Status (ADD_ROUTES->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,
2017-12-11 19:41:22 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
2017-12-11 19:41:22 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
2017-12-11 19:41:22 GDG: SIOCGIFHWADDR(lo) failed
2017-12-11 19:41:22 ROUTE_GATEWAY 127.100.103.119/255.0.0.0 IFACE=lo
2017-12-11 19:41:22 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
2017-12-11 19:41:22 MANAGEMENT: >STATE:1513017682,ASSIGN_IP,,10.8.0.2,,,,
2017-12-11 19:41:22 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
2017-12-11 19:41:22 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2017-12-11 19:41:22 MANAGEMENT: >STATE:1513017682,ADD_ROUTES,,,,,,
2017-12-11 19:41:22 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2017-12-11 19:41:22 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
2017-12-11 19:41:22 MANAGEMENT: CMD 'needok 'PERSIST_TUN_ACTION' OPEN_BEFORE_CLOSE'
2017-12-11 19:41:22 Tun-Netzwerkinterface wird geöffnet:
2017-12-11 19:41:22 Lokale IPv4: 10.8.0.2/24 IPv6: null MTU: 1500
2017-12-11 19:41:22 DNS-Server: 192.168.0.1, Domäne: null
2017-12-11 19:41:22 Routen: 0.0.0.0/0, 10.8.0.0/24, 192.168.0.0/24
2017-12-11 19:41:22 Ausgeschlossene Routen:
2017-12-11 19:41:22 Installierte VpnService-Routen: 0.0.0.0/0
2017-12-11 19:41:22 Nicht zugelassene Apps für das VPN:
2017-12-11 19:41:22 MANAGEMENT: CMD 'needok 'OPENTUN' ok'
2017-12-11 19:41:22 Initialization Sequence Completed
2017-12-11 19:41:22 MANAGEMENT: >STATE:1513017682,CONNECTED,SUCCESS,10.8.0.2,xx2.2x3.xx.1xx,1194,100.100.90.160,45194
2017-12-11 19:41:22 New OpenVPN Status (CONNECTED->LEVEL_CONNECTED): SUCCESS,10.8.0.2,xx2.2x3.xx.1xx,1194,100.100.90.160,45194
2017-12-11 19:41:22 New OpenVPN Status (CONNECTED->LEVEL_CONNECTED): SUCCESS,10.8.0.2,xx2.2x3.xx.1xx,1194,100.100.90.160,45194
2017-12-11 19:41:22 Debug state info: CONNECTED LTE to MOBILE internet, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
I just want to remote access to my LAN
It's a typo.
PS: Sorry, some of the log's are in German.