This is normal. You are seeing the encrypted traffic that is generated by the OpenVPN service processes themselves, and you should observe that it uses the
UDP protocol, not
TCP/IP.
OpenVPN acts as a virtual network router. It communicates with its peers over
public IP-addresses using the UDP protocol, which has no "open ports."
(Yes, it can be configured to use TCP/IP, instead, but this is inadvisable.) All of these packets are encrypted.
This is the
physical side of OpenVPN.
Meanwhile,
logically, OpenVPN reserves the
10.8.x.x IP-address range for itself. Any computer that is directly logged-on to the VPN will have a server-assigned IP-address range here, serviced by a
tunX virtual network device. (This is the address-range of "the virtual routers themselves.") Meanwhile, any internal-IP addresses corresponding to remote systems that have also been routed through the tunnel ("handled by the virtual router") are also handled by the
tunX device, which is the mechanism that transfers the data to/from the OpenVPN service process.
Clients communicate using only this logical view. The traffic could actually be being sent using carrier pigeons, for all the clients know or care.
Instead of bothering the poor birds, however, the traffic is encrypted and sent to its destination using encrypted UDP-packets sent to the appropriate physical IP addresses.