So the client gets an IP, can ping the athn0 IP, but does not receive an answer from the nameserver at 195.x.x.x.53.
Try a ping from the wireless client to the 192.168.0.20 (internal net) IP.
Does a tcdpump on that interface (ne3) show the ICMP request? If it doesn't show an ICMP reply, then pf could be blocking it.
With a
block log all policy you can see blocked packets with running tcpdump on the
pflog0 interface (tcpdump -eni pflog0)
Something similar you can do for the DNS lookup. Follow the transport of the DNS request, by running tcpdump on every interface the packet should arrive on.
BTW If you keep insisting on using OpenVPN, you (and including me) will not be sure, whether we are trying to debug a network/pf issue or an OpenVPN problem.
For OpenVPN see the
OpenVPN revisited thread.