Unfortunately, using the older version turned out to be not such a good option. It requires the client user to have Administrative rights (a couple of options can get around it but none of them I liked very much). So that, at least for me, is out.
Good news is, after some googling and tinkering, I think I have found a fix. I found on a debian list, something that sounds like the same issue (bug #600166) and at least a temporary resolution. Using this as a guide, I made a change to a script on a test ZS box which changes one of the “push” options slightly.
On line 61 of “/root/kerbynet.cgi/scripts/vpn_start”:
” PUSHNETS0=”route remote_host 255.255.255.255 net_gateway 1″
Replace “remote_host” with “OPENVPN_REMOTE_PEER“
Routes are now added and removed correctly with all three tested client programs and the default gateway is left alone (and not deleted on disconnect). After multiple connects and disconnects I am satisfied that it is working like it should. I assume that this change will not survive a reboot but I haven’t checked.