TLS handshake fails when traffic goes through OpenVPN tunnel

Question

I have an OpenVPN server in US and a client in Europe. When connected all traffic is routed through VPN tunnel. A problem has been detected - for some HTTPS websites connection fails. I will present 3 cases. First one - it just gets stuck:

$ curl -v 'https://serverfault.com'
* Rebuilt URL to: https://serverfault.com/
*   Trying 151.101.129.69...
* TCP_NODELAY set
* Connected to serverfault.com (151.101.129.69) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* (304) (OUT), TLS handshake, Client hello (1):

The second case - it shows an error:

$ curl -v 'https://www.catan.com/'
*   Trying 217.160.0.164...
* TCP_NODELAY set
* Connected to www.catan.com (217.160.0.164) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.catan.com:443 
* stopped the pause stream!
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.catan.com:443

And the last case - all good:

$ curl -v 'https://www.duckduckgo.com/'
*   Trying 79.125.105.113...
* TCP_NODELAY set
* Connected to www.duckduckgo.com (79.125.105.113) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=Pennsylvania; L=Paoli; O=Duck Duck Go, Inc.; CN=*.duckduckgo.com
*  start date: Aug  9 00:00:00 2019 GMT
*  expire date: Oct 30 12:00:00 2020 GMT
*  subjectAltName: host "www.duckduckgo.com" matched cert's "*.duckduckgo.com"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x5587b19d93f0)
> GET / HTTP/2
> Host: www.duckduckgo.com
> User-Agent: curl/7.58.0
> Accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 301 
< server: nginx
< date: Sat, 24 Aug 2019 14:12:57 GMT
< content-type: text/html
< content-length: 178
< location: https://duckduckgo.com/
< strict-transport-security: max-age=31536000
< expires: Sun, 23 Aug 2020 14:12:57 GMT
< cache-control: max-age=31536000
< 
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
* Connection #0 to host www.duckduckgo.com left intact

What could be the cause? If additional information is needed please just ask.