Hi 16again,
Thanks for your response and advise.
I may understand your meaning, next-hop “1.2.3.4” is the ip address of eth0, it will not be considered as directly connected.
Use static route with outgoing interface is just a workaround on this issue, I also wonder is it a correct solution? But I cannot find an official way to inject vpn client route into routing table and then used by OSPF… 
Since this workaround inject whole /24 prefix into routing table, so black-hole route cannot be used. Really, traffic to non-existed 172.16.200.0/24 host, may be accidentally send out via eth0, but it should be dropped by ISP router. I considered that internal hosts (from different networks) should not initiated connection to vpn client host address. So, accident traffic should be seldom happens…
I just hope to find out is there a method to inject these vpn client host routes (with /32 prefix) into routing table when they connects to VyOS? 