openvpn

Open VPN. Why TLS and routing error?

There is a working OpenVPN server on debian, on which I accidentally deleted ca.key, I had to re-generate all keys and certificates. The configs haven't changed. Before the removal, everything worked: all traffic from the client went into the tunnel, there was access to local resources, the Internet worked.
Now the same errors, but only from mobile devices (android and iphone):

TLS: Initial packet from [AF_INET]
TLS_ERROR: BIO read tls_read_plaintext error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed

RDP works from mobile devices, access to the ball (tried with android through es explorer), the Internet does not work, access to the ball through the application (synology) does not work, everything works from the computer without problems.
The iptables and OpenVPN configs did not change either on the client or on the server.
Server

port 9194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
crl-verify crl.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 192.168.0.1"
keepalive 10 120
tls-auth ta.key 0
cipher BF-CBC
comp-lzo
max-clients 10
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
verb 4
mute 10

Customer

client
dev tun
proto udp
remote xx.xx.xx.xx 9194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert support.crt
key support.key
ns-cert-type server
tls-client
tls-timeout 120
tls-auth ta.key 1
cipher BF-CBC
comp-lzo
verb 3

iptables

iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate NEW -s 10.8.0.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source xx.xx.xx.xx