OpenVPN Bad encapsulated packet length from peer
Solution 1:
The problem is a too broad REDIRECT iptables rule because it affects all NATed traffic. It should be limited to incoming traffic to the VPN server only.
Change that rule so that it would only match incoming traffic either by specifying interface or IP address which the client uses to connect to the VPN server.
For example:
-A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 1194
where eth0 is the interface that VPN client connects to (most probably, the WAN interface)
or:
-A PREROUTING -d 192.0.2.0 -p tcp --dport 443 -j REDIRECT --to-port 1194
where 192.0.2.0 is the IP address that VPN client connects to (most probably, the external IP address).