Given the following config:
set interfaces openvpn vtun0 encryption cipher 'aes256gcm' set interfaces openvpn vtun0 encryption disable-ncp set interfaces openvpn vtun0 hash 'sha512' set interfaces openvpn vtun0 local-host '172.18.254.202' set interfaces openvpn vtun0 local-port '11194' set interfaces openvpn vtun0 mode 'server' set interfaces openvpn vtun0 openvpn-option 'tls-version-min 1.3' set interfaces openvpn vtun0 openvpn-option 'comp-lzo no' set interfaces openvpn vtun0 persistent-tunnel set interfaces openvpn vtun0 protocol 'udp' set interfaces openvpn vtun0 server client client1 ip '10.10.3.2' set interfaces openvpn vtun0 server client client1 subnet '10.10.3.0/29' set interfaces openvpn vtun0 server client client1 subnet '10.20.0.0/16' set interfaces openvpn vtun0 server subnet '10.10.3.0/29' set interfaces openvpn vtun0 server topology 'subnet' set interfaces openvpn vtun0 tls ca-cert-file /config/auth/ovpn_test_ca.pem set interfaces openvpn vtun0 tls cert-file /config/auth/ovpn_test_server.pem set interfaces openvpn vtun0 tls crypt-file '/config/auth/ovpn/ovpn_test_site2site.key' set interfaces openvpn vtun0 tls dh-file /config/auth/ovpn_test_dh.pem set interfaces openvpn vtun0 tls key-file /config/auth/ovpn_test_server.key
only one iroute statement is generated for client1