14 May 2012
Remember that OpenVPN is doing bidirectional authentication: The server
authenticates the client and client authenticates the server.
Server Authenticates Client -- can be done with either a client
certificate or auth-user-pass or both.
Client Authenticates Server -- can currently only be done via a server
certificate signed by the root certificate (CA).
So you can use "auth-user-pass" and "client-cert-not-required" on the
client, but you still need a "ca" cert on the client to verify the
identity of the server.
James
http://openvpn.net/archive/openvpn-users/2005-02/msg00293.html