Those are the actual errors that we needed to see. You an clearly see "connection refused". That happens for a myriad of reasons. My expectation is that the router is advertising an address that the clients can't connect to.
imo the easiest way to troubleshoot this is to download the ziti CLI to any remote computer (probably best to use any of your) and use it to diagnose if the entire configuration of the overlay network. I am gonna write this up someday but until then i'll keep posting it...
Running verify traffic
The ziti cli has a handy function that I also ran before trying a tunneler that can also help you test to make sure your overlay is setup properly: ziti ops verify traffic --mode both. Please run that and you'll feel better that you're setup is correct and somewhere along the way some sort of unexpected error happened.
Run that command and you'll see something that looks like this:
If you see any error/failure at all, report back here. You should see the "traffic test successfully detected" and "successfully dialed service" logs.