Each OpenVPN client has its own network with 4 addresses. The netmask should be 255.255.255.252 also known as /2. In this case the /2 form is easier to work with; it means all but the last two bits of the address are the adress of the network. The last two bits -- which are always 00, 01, 10 and 11 -- represent the network itself, the OpenVPN server, the OpenVPN client and broadcast address.
Using your example of 10.8.0.6 and 10.8.0.10, decimal 6 in binary is 110 and decimal 10 in binary is 1010. They both end in 10, as do all OpenVPN client IP addresses when the last component is converted to binary. The OpenVPN server similarly allocates itself an address ending in 01 for each client. The corresponding <whatever>00 address is the network address and the <whatever>11 address is the broadcast address.
There must be a good reason why OpenVPN is designed this way rather than using a point-to-point network for each client with a netmask of 255.255.255.253 and no "network address" or "broadcast address" ... ?
EDIT:
The contents of the ipp.txt file are the network address parts of the networks given to each client. Each one, when converted to binary, ends in 100. The first address, with last component decimal 4, is the network address for the first client. Adding the four possible values of the last two bits -- 00, 01, 10 and 11 -- gives:
- 10.8.0.4 + binary 00 is 10.8.0.4: the network address
- 10.8.0.4 + binary 01 is 10.8.0.5: the OpenVPN server's address for the first client
- 10.8.0.4 + binary 10 is 10.8.0.6: the first OpenVPN client's address
- 10.8.0.4 + binary 11 is 10.8.0.7: the broadcast address on the first OpenVPN client's network
