@JarekPrzybyl Maybe you can export the connection log from your OpenVPN Application to have a check. 

  @Dahliana here it is:

[Sep 28, 2023, 08:04:12] OpenVPN core 3.8.2connect1 win x86_64 64-bit OVPN-DCO built on Aug 21 2023 16:29:24
⏎[Sep 28, 2023, 08:04:12] Frame=512/2112/512 mssfix-ctrl=1250
⏎[Sep 28, 2023, 08:04:12] NOTE: This configuration contains options that were not used:
⏎[Sep 28, 2023, 08:04:12] Unsupported option (ignored)
⏎[Sep 28, 2023, 08:04:12] 7 [resolv-retry] [infinite]
⏎[Sep 28, 2023, 08:04:12] 9 [persist-key]
⏎[Sep 28, 2023, 08:04:12] EVENT: RESOLVE ⏎[Sep 28, 2023, 08:04:12] Contacting [myPublicIP]:1194 via UDP
⏎[Sep 28, 2023, 08:04:12] EVENT: WAIT ⏎[Sep 28, 2023, 08:04:12] WinCommandAgent: transmitting bypass route to [myPublicIP]
{
    "host" : "[myPublicIP]",
    "ipv6" : false
}

⏎[Sep 28, 2023, 08:04:12] Connecting to [[myPublicIP]]:1194 ([myPublicIP]) via UDP
⏎[Sep 28, 2023, 08:04:12] EVENT: CONNECTING ⏎[Sep 28, 2023, 08:04:12] Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client
⏎[Sep 28, 2023, 08:04:12] Creds: Username/Password
⏎[Sep 28, 2023, 08:04:12] Peer Info:
IV_VER=3.8.2connect1
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=990
IV_MTU=1600
IV_CIPHERS=AES-128-CBC:AES-192-CBC:AES-256-CBC:AES-128-GCM:AES-192-GCM:AES-256-GCM:CHACHA20-POLY1305
IV_LZO=1
IV_LZO_SWAP=1
IV_LZ4=1
IV_LZ4v2=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_GUI_VER=OCWindows_3.4.2-3160
IV_SSO=webauth,openurl,crtext

⏎[Sep 28, 2023, 08:04:12] SSL Handshake: peer certificate: CN=server_server0, 1024 bit RSA, cipher: DHE-RSA-AES256-GCM-SHA384      TLSv1.2 Kx=DH       Au=RSA   Enc=AESGCM(256)            Mac=AEAD

⏎[Sep 28, 2023, 08:04:12] Session is ACTIVE
⏎[Sep 28, 2023, 08:04:12] EVENT: GET_CONFIG ⏎[Sep 28, 2023, 08:04:12] Sending PUSH_REQUEST to server...
⏎[Sep 28, 2023, 08:04:13] OPTIONS:
0 [route] [10.7.0.0] [255.255.0.0]
1 [route] [10.5.6.0] [255.255.255.0]
2 [dhcp-option] [DNS] [1.1.1.1]
3 [dhcp-option] [DNS] [8.8.8.8]
4 [route] [10.5.6.0] [255.255.255.0]
5 [topology] [net30]
6 [ping] [10]
7 [ping-restart] [120]
8 [ifconfig] [10.5.6.6] [10.5.6.5]

⏎[Sep 28, 2023, 08:04:13] PROTOCOL OPTIONS:
  cipher: AES-128-CBC
  digest: SHA1
  key-derivation: OpenVPN PRF
  compress: ANY
  peer ID: -1
⏎[Sep 28, 2023, 08:04:13] EVENT: ASSIGN_IP ⏎[Sep 28, 2023, 08:04:13] CAPTURED OPTIONS:
Session Name: [myPublicIP]
Layer: OSI_LAYER_3
Remote Address: [myPublicIP]
Tunnel Addresses:
  10.5.6.6/30 -> 10.5.6.5 [net30]
Reroute Gateway: IPv4=0 IPv6=0 flags=[ IPv4 ]
Block IPv4: no
Block IPv6: no
Add Routes:
  10.7.0.0/16
  10.5.6.0/24
  10.5.6.0/24
Exclude Routes:
DNS Servers:
  1.1.1.1
  8.8.8.8
Search Domains:

⏎[Sep 28, 2023, 08:04:14] SetupClient: transmitting tun setup list to \\.\pipe\agent_ovpnconnect
{
    "allow_local_dns_resolvers" : true,
    "confirm_event" : "1412000000000000",
    "destroy_event" : "3811000000000000",
    "tun" :
    {
        "adapter_domain_suffix" : "",
        "add_routes" :
        [
            {
                "address" : "10.7.0.0",
                "gateway" : "",
                "ipv6" : false,
                "metric" : -1,
                "net30" : false,
                "prefix_length" : 16
            },
            {
                "address" : "10.5.6.0",
                "gateway" : "",
                "ipv6" : false,
                "metric" : -1,
                "net30" : false,
                "prefix_length" : 24
            },
            {
                "address" : "10.5.6.0",
                "gateway" : "",
                "ipv6" : false,
                "metric" : -1,
                "net30" : false,
                "prefix_length" : 24
            }
        ],
        "block_ipv6" : false,
        "dns_servers" :
        [
            {
                "address" : "1.1.1.1",
                "ipv6" : false
            },
            {
                "address" : "8.8.8.8",
                "ipv6" : false
            }
        ],
        "layer" : 3,
        "mtu" : 0,
        "remote_address" :
        {
            "address" : "[myPublicIP]",
            "ipv6" : false
        },
        "reroute_gw" :
        {
            "flags" : 256,
            "ipv4" : false,
            "ipv6" : false
        },
        "route_metric_default" : -1,
        "session_name" : "[myPublicIP]",
        "tunnel_address_index_ipv4" : 0,
        "tunnel_address_index_ipv6" : -1,
        "tunnel_addresses" :
        [
            {
                "address" : "10.5.6.6",
                "gateway" : "10.5.6.5",
                "ipv6" : false,
                "metric" : -1,
                "net30" : true,
                "prefix_length" : 30
            }
        ]
    },
    "tun_type" : 0
}
POST np://[\\.\pipe\agent_ovpnconnect]/tun-setup : 200 OK
TAP ADAPTERS:
guid='{A08CDAE7-8B7E-44D3-8009-15CAA7EF526A}' index=26 name='Local Area Connection'
Open TAP device "Local Area Connection" PATH="\\.\Global\{A08CDAE7-8B7E-44D3-8009-15CAA7EF526A}.tap" SUCCEEDED
TAP-Windows Driver Version 9.26
ActionDeleteAllRoutesOnInterface iface_index=26
netsh interface ip set interface 26 metric=1
Ok.
netsh interface ip set address 26 static 10.5.6.6 255.255.255.252 gateway=10.5.6.5 store=active
IPHelper: add route 10.7.0.0/16 26 10.5.6.5 metric=-1
IPHelper: add route 10.5.6.0/24 26 10.5.6.5 metric=-1
IPHelper: add route 10.5.6.0/24 26 10.5.6.5 metric=-1
cannot modify route: error 5010
netsh interface ip set dnsservers 26 static 1.1.1.1 register=primary validate=no
netsh interface ip add dnsservers 26 8.8.8.8 2 validate=no
NRPT::ActionCreate names=[] dns_servers=[1.1.1.1,8.8.8.8]
ActionWFP openvpn_app_path=C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe tap_index=26 enable=1
permit IPv4 DNS requests to 127.0.0.1
permit IPv6 DNS requests to ::1
permit IPv4 DNS requests from OpenVPN app
permit IPv6 DNS requests from OpenVPN app
block IPv4 DNS requests from other apps
block IPv6 DNS requests from other apps
allow IPv4 traffic from TAP
allow IPv6 traffic from TAP
ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
TAP: ARP flush succeeded
TAP handle: 7015000000000000
⏎[Sep 28, 2023, 08:04:14] TunPersist: saving tun context:
Session Name: [myPublicIP]
Layer: OSI_LAYER_3
Remote Address: [myPublicIP]
Tunnel Addresses:
  10.5.6.6/30 -> 10.5.6.5 [net30]
Reroute Gateway: IPv4=0 IPv6=0 flags=[ IPv4 ]
Block IPv4: no
Block IPv6: no
Add Routes:
  10.7.0.0/16
  10.5.6.0/24
  10.5.6.0/24
Exclude Routes:
DNS Servers:
  1.1.1.1
  8.8.8.8
Search Domains:

⏎[Sep 28, 2023, 08:04:14] Connected via TUN_WIN
⏎[Sep 28, 2023, 08:04:14] LZO-ASYM init swap=0 asym=1
⏎[Sep 28, 2023, 08:04:14] Comp-stub init swap=0
⏎[Sep 28, 2023, 08:04:14] EVENT: CONNECTED AdtranUser@[myPublicIP]:1194 ([myPublicIP]) via /UDP on TUN_WIN/10.5.6.6/ gw=[10.5.6.5/] mtu=(default)⏎[Sep 28, 2023, 08:04:14] EVENT: COMPRESSION_ENABLED Asymmetric compression enabled.  Server may send compressed data.  This may be a potential security issue.⏎

  @JarekPrzybyl It seems that the VPN connection is fine. Have you ever tried tracerouting DNS Server 1.1.1.1 to check if the access path includes the remote gateway? You can give it a try. 

Maybe changing the IP address of DNS Server to another one can make an effect.

  @Dahliana yes, I already checked it and it is funny, according to tracert, DNS is achieved directly, not via the tunnel (10.34.1.254 is a gw for client, where vpn is tested, 217.153 .x.x is its WAN IP):

C:\Users\job>nslookup
DNS request timed out.
    timeout was 2 seconds.
Default Server:  UnKnown
Address:  1.1.1.1

> ^C

C:\Users\job>tracert 1.1.1.1

Tracing route to 1.1.1.1 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  10.34.1.254
  2     1 ms    <1 ms     1 ms  10.34.255.254
  3     2 ms     1 ms     2 ms  217.153.x.x
  4   [...]

and the same test when VPN is disabled:

C:\Users\job>nslookup
Default Server:  dns.google
Address:  8.8.8.8

>
C:\Users\job>tracert 1.1.1.1

Tracing route to one.one.one.one [1.1.1.1]
over a maximum of 30 hops:

  1     1 ms    <1 ms    <1 ms  10.34.1.254
  2     1 ms     1 ms     1 ms  10.34.255.254
^C
C:\Users\job>tracert 8.8.8.8

Tracing route to dns.google [8.8.8.8]
over a maximum of 30 hops:

  1     1 ms     1 ms    <1 ms  10.34.1.254
  2     2 ms    <1 ms     1 ms  10.34.255.254
  3     2 ms     1 ms     1 ms  ^C

Other public DNS is working in this case, but it is not a reason, I already tried with both, google in VPN config and cloudflare locally - same story.

And yes, VPN as such is working fine, when it is established, I can reach any needed location from the client. Only destroying of DNS functionality for local client is a problem.

  @Dahliana and one thing more: i discussed about this issue with my colleague, who has some experience with OpenVPN and he told me, that I shouldn't use this version of OpenVPN client (3.4.2) because it is only for commercial versions. For TPLink OpenVPN server I should use earlier version of client, e.g. 2.6 or maybe lower - can you confirm? in the meantime I tried to use 2.6 but with this version of client I was not able to establish a tunnel at all.

  @Dahliana again, because in the meantime my situation was changed. To worse, but maybe it gives a chance for solution :)

First of all I did some findings what client version should I use. This official tutorial: https://www.tp-link.com/pl/support/faq/3632/ contains a link to recommended client and it is version 2.6.6 as my colleague told me. So I deinstalled my client at all, rebooted PC and installed this recommended version, then put profile into catalog, etc.

Result: VPN tunnel currently is not working art all, here is its log:

Thu Sep 28 16:37:27 2023 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). OpenVPN ignores --cipher for cipher negotiations.
Thu Sep 28 16:37:27 2023 OpenVPN 2.6.6 [git:v2.6.6/c9540130121bfc21] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Aug 15 2023
Thu Sep 28 16:37:27 2023 Windows version 10.0 (Windows 10 or greater), amd64 executable
Thu Sep 28 16:37:27 2023 library versions: OpenSSL 3.1.2 1 Aug 2023, LZO 2.10
Thu Sep 28 16:37:27 2023 DCO version: v0
Thu Sep 28 16:37:39 2023 TCP/UDP: Preserving recently used remote address: [AF_INET][myPublicIP]:1194
Thu Sep 28 16:37:39 2023 UDPv4 link local: (not bound)
Thu Sep 28 16:37:39 2023 UDPv4 link remote: [AF_INET][myPublicIP]:1194
Thu Sep 28 16:37:39 2023 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Sep 28 16:37:40 2023 [server_server0] Peer Connection Initiated with [AF_INET][myPublicIP]:1194
Thu Sep 28 16:37:41 2023 OPTIONS ERROR: failed to negotiate cipher with server.  Add the server's cipher ('AES-128-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM') if you want to connect to this server.
Thu Sep 28 16:37:41 2023 ERROR: Failed to apply push options
Thu Sep 28 16:37:41 2023 Failed to open tun/tap interface
Thu Sep 28 16:37:41 2023 SIGUSR1[soft,process-push-msg-failed] received, process restarting
Thu Sep 28 16:37:42 2023 TCP/UDP: Preserving recently used remote address: [AF_INET][myPublicIP]:1194
Thu Sep 28 16:37:42 2023 UDPv4 link local: (not bound)
Thu Sep 28 16:37:42 2023 UDPv4 link remote: [AF_INET][myPublicIP]:1194
Thu Sep 28 16:37:42 2023 [server_server0] Peer Connection Initiated with [AF_INET][myPublicIP]:1194
Thu Sep 28 16:37:43 2023 OPTIONS ERROR: failed to negotiate cipher with server.  Add the server's cipher ('AES-128-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM') if you want to connect to this server.