Look like that’s because I changed host name of the router (it’s using local /etc/hosts to resolve the router). Other hosts in my “*.lan” domain are still not working.
Of course it slows down the internet connection (can be applied to all VPN solutions): the CPU does not have enough performance to decrypt traffic on-the-fly.
There is another option: you internet carrier throttles VPN using DPI (but it less likely).
Anyway I’m still open for suggestions on my problem. The issue is that nslookup works fine (if I specify my custom DNS) server: