Tente colocar "sudo" no seu script ... e permitir que o dhclient de sudoers sem uma senha para o usuário que o openvpn esteja executando como.
Além disso, você especificou 'script-security 2' no seu conf?
--script-security level [method]
This directive offers policy-level control over OpenVPN’s usage
of external programs and scripts. Lower level values are more
restrictive, higher values are more permissive. Settings for
level:
0 -- Strictly no calling of external programs.
1 -- (Default) Only call built-in executables such as ifconfig,
ip, route, or netsh.
2 -- Allow calling of built-in executables and user-defined
scripts.
3 -- Allow passwords to be passed to scripts via environmental
variables (potentially unsafe).'