My ovpn client, 32-bit OpenVPN 2.1.1 on 64-bit Windows 7 Pro, cannot accept routes pushed to it by my remote endpoint ovpn server.

This happens even if I invoke OpenVPN as a member of Administrators, and whether or not I've specified script-security 2 (as suggested by [this question][2]).

Mon Mar 29 12:57:19 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.254.3/255.255.255.0 on interface {8BE2E9CF-F4C9-4A5E-98FD-E12DF1B6C3A4} [DHCP-serv: 192.168.254.3, lease-time: 86400]
Mon Mar 29 12:57:19 2010 NOTE: FlushIpNetTable failed on interface [14] {GUID} (status=5) : Access is denied.
Mon Mar 29 12:57:24 2010 TEST ROUTES: 8/8 succeeded len=8 ret=1 a=0 u/d=up
Mon Mar 29 12:57:24 2010 C:\WINDOWS\system32\route.exe ADD 172.20.1.0 MASK 255.255.255.0 192.168.254.1
Mon Mar 29 12:57:24 2010 ROUTE: route addition failed using CreateIpForwardEntry: Access is denied.   [status=5 if_index=14]
Mon Mar 29 12:57:24 2010 Route addition via IPAPI failed [adaptive]
Mon Mar 29 12:57:24 2010 Route addition fallback to route.exe
Mon Mar 29 12:57:24 2010 ERROR: Windows route add command failed [adaptive]: returned error code 1

... and so on for each specific route the server pushes out.

It doesn't seem right to me that the administrative user, the one configured at Windows 7 install time, should need further privileges. What am I missing?