The end goal of my setup is to for EC2 instance hostnames to be resolvable on the VPN clients, in addition to any private R53 entries.

I have a working OpenVPN server config (connections are successful), except that the clients have no internet access (because DNS server is unreachable).

I also cannot telnet to other instances on the VPC in the same public subnet using their private IP's.

Re DNS: I'm unsure of which DNS server to use. As you will see below I am pushing the default VPC DNS Server that's in the instance's resolve.conf file.

My VPC config is very basic:

VPC 172.33.0.0/16
1 Internet Gateway
1 Public Subnet
1 OpenVPN EC2 instance in Public Subnet
1 Test EC2 instance in Public Subnet (unreachable from client)
* ALLOW ACL Rules

I wanted to give the server a subnet within the VPC. I chose 172.33.30.0 and I hope to route from the tun on the server to other EC2 instances on the VPC.

My OpenVPN server.conf is

port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh dh1024.pem
server 172.33.30.0 255.255.255.0
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
verb 3

route 172.33.0.0. 255.255.0.0 172.33.30.1
push "route 172.33.0.0. 255.255.0.0 172.33.30.1"
push "dhcp-option DOMAIN us-west-2.compute.internal"
push "dhcp-option DNS 172.33.0.2"

As you can see I believe there's a problem in my server.conf's routing. Any suggestions?