Issue resolved. I resorted to completely resetting firewall to factory settings and only added ACCEPT rule to ovpn->lan and lan->ovpn for any protocol.
It looks like the VPN policy had fingers in this.
The entire issue disappeared after:
Enabling the VPN policy, setting it to NOT use VPN based on a list, and leaving the list empty. Something tells me this should force all clients to VPN, but nope.
Disabling the VPN policy. Suddenly, pings all around.
1 Like