Ughh, finalmente encontrei uma solução (específica do Windows).
Coloque na configuração do cliente OpenVPN o parâmetro:
script-security 2 system
A descrição do manual do openvpn.net ( link ) explica:
--script-security level [method] This directive offers policy-level control over OpenVPN's usage of external programs and scripts. Lower level values are more restrictive, higher values are more permissive. Settings for level:
0 -- Strictly no calling of external programs. 1 -- (Default) Only call built-in executables such as ifconfig, ip, route, or netsh. 2 -- Allow calling of built-in executables and user-defined scripts. 3 -- Allow passwords to be passed to scripts via environmental variables (potentially unsafe).
The method parameter indicates how OpenVPN should call external commands and scripts. Settings for method:
execve -- (default) Use execve() function on Unix family OSes and CreateProcess() on Windows. system -- Use system() function (deprecated and less safe since the external program command line is subject to shell expansion).
The --script-security option was introduced in OpenVPN 2.1_rc9. For configuration file compatibility with previous OpenVPN versions, use:
--script-security 3 system