1. When a CA Certificate is created with the Openvpn profile, it only sets the Server Auth purpose, which means that it cannot Authenticate Client Certificates.
2. When generating a Client configuration, he exported configuration has the "remote" option set to the value of "server" option of the Openvpn server configuration, which is not correct. It needs to be set to be the address that the OpenVPN server.
3. All the Server Additional Parameters seem to get fully copied into the Client config, which may not always be appropriate. In the particular case of push options, I would suggest leaving them out of the Client config entirely, so that the Server can remain capable of dynamically adjusting these settings for the clients as time goes by. Other Server settings added here may also be confusing for a Client.