Hello there.
I know that the RouterOS implementation of openVPN server requires username-password as authentication method, regardless if certificates are used (probably the “–auth-user-pass-verify” directive).
Is this really necessary? I believe it could be easy to let the user decide if he wants to use username/pass or “just” the certificates. I’ve come across two cases where the openvpn client is not compiled with the “–enable-password-save” configure option, so it cannot use the “–auth-user-pass [filename]” (depending only on certificates).
It would be greatly appreciated if you would consider this in an update of RouterOS, it would make life simpler 
