The issue I am having is when I connect outside a whitelisted IP:

1. the vpn connection connects successful
2. the ip of the device doesnt change
3. the internet works
4. cannot access instances directly while connected to the VPN

The following is my openvpn configuration on an AWS EC2 instance inside a vpc:

EC2->

Ubuntu 16.04 LTS
openvpn
easyrsa
ufw
Has elastic ip (let's call this 26.3.4.5 for this config file)

AWS Security group is setup simply as:

INBOUND->
Ports   Protocol    Source        openvpn
22      tcp         PrivateIP/0    ✔
443     tcp         0.0.0.0/0      ✔

OUTBOUND->
All traffic  All All 0.0.0.0/0

openvpn configuration->

port PORTFORTRAFFIC
dev tun

 **# All these are in the root directory of openvpn i.e. /etc/openvpn/*.crt or /etc/openvpn/*.key** 

ca ca.crt
cert vpnserver.crt
key vpnserver.key
dh dh2048.pem
 # VPN Subnet
server 10.8.0.0 255.255.255.0
 # DNS
push "dhcp-option DNS 208.67.222.222"   
push "dhcp-option DNS 208.67.220.220" 
push "route 172.30.0.0 255.255.0.0" # AWS EC2 Private IPs 172.x.x.x

keepalive 10 120

tls-auth ta.key 0 # This file is secret
key-direction 0

cipher AES-128-CBC   # AES
auth SHA256

comp-lzo # enabled for client setup as well
user nobody
group nogroup

persist-key
persist-tun
status openvpn-status.log
verb 6 # DEBUGGING currently but its set to 3 normally
log-append  openvpn.log

Did the iptables with this line in the terminal and added it to /etc/rc.local :

# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

Firewall stuffs:

# ufw allow PORTFORTRAFFIC/tcp

# ufw allow OpenSSH

# ufw app list
Available applications:
  OpenSSH

This was added to "/etc/sysctl.conf" as well for persistence:

net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
net.ipv4.ip_forward=1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0

# cat /proc/sys/net/ipv4/ip_forward

Returns 1