1. prereqs

yum -y install openvpn easy-rsa
wget -N -nv http://d01cid.ddns.net/sharel/bin/cid-make-openvpn -P /bin/
chmod +x /bin/cid-make-openvpn

2. versions

2.1. ver 2

Tip u can download this version from http://d01cid.ddns.net/sharel/img/easy-rsa/easy-rsa-2.2.2-1.el7.noarch.rpm 
vi vars
#
export EASY_RSA="/usr/share/easy-rsa/2.0"
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
export KEY_DIR="$EASY_RSA/keys"
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
export KEY_SIZE="2048"
export CA_EXPIRE="3650"
export KEY_EXPIRE="3650"
export KEY_COUNTRY="BE"
export KEY_PROVINCE="BE"
export KEY_CITY="BE"
export KEY_ORG="BE"
export KEY_EMAIL="admin@cid.net"
export KEY_OU="CID"
export KEY_NAME="EasyRSA"
source vars
rm -fr ${EASY_RSA}/keys/
mkdir -p ${EASY_RSA}/keys
cp myvars ${EASY_RSA}/keys/
echo "01" > ${EASY_RSA}/keys/serial
touch ${EASY_RSA}/keys/index.txt
${EASY_RSA}/pkitool --initca
${EASY_RSA}/pkitool --server server
${EASY_RSA}/pkitool client
openssl dhparam -out ${EASY_RSA}/keys/dh${KEY_SIZE}.pem ${KEY_SIZE}
cd ${EASY_RSA}/keys/; tar czf /root/openvpn-keys.tgz vars dh${KEY_SIZE}.pem ca.crt server.crt server.key; cd
cd ${EASY_RSA}/keys/; zip -q /root/openvpn.zip ca.crt client.crt client.key; cd
cid-make-openvpn -z openvpn.zip -g d01net.ddns.net -o d01.ovpn
ls -al
-rw-r--r-- 1 root root  8638 Feb 11 00:57 d01.ovpn
-rw-r--r-- 1 root root   510 Feb 11 00:21 vars
-rw-r--r-- 1 root root  5485 Feb 11 00:26 openvpn-keys.tgz
-rw-r--r-- 1 root root  5478 Feb 11 00:26 openvpn.zip

2.2. ver 3

vi /root/vars
#
set_var EASYRSA              "$PWD"
set_var EASYRSA_PKI          "$EASYRSA/pki"
set_var EASYRSA_DN           "cn_only"
set_var EASYRSA_REQ_COUNTRY  "BE"
set_var EASYRSA_REQ_PROVINCE "BE"
set_var EASYRSA_REQ_CITY     "BE"
set_var EASYRSA_REQ_ORG      "BE"
set_var EASYRSA_REQ_EMAIL    "admin@cid.net"
set_var EASYRSA_REQ_OU       "CID"
set_var EASYRSA_KEY_SIZE     "2048"
set_var EASYRSA_ALGO         "rsa"
set_var EASYRSA_CA_EXPIRE    "3650"
set_var EASYRSA_CERT_EXPIRE  "3650"
set_var EASYRSA_NS_SUPPORT   "no"
set_var EASYRSA_NS_COMMENT   "CID CERTIFICATE AUTHORITY"
set_var EASYRSA_EXT_DIR      "$EASYRSA/x509-types"
set_var EASYRSA_SSL_CONF     "$EASYRSA/openssl-1.0.cnf"
set_var EASYRSA_DIGEST       "sha256"
 test -d /opt/easy-rsa/ && rm -fr /opt/easy-rsa/
 rsync -aiq /usr/share/easy-rsa/3.0/ /opt/easy-rsa/
 cd /opt/easy-rsa/
 ./easyrsa --batch init-pki
 cp -pv /root/vars /opt/easy-rsa/pki/
 ./easyrsa --batch build-ca nopass
 ./easyrsa gen-dh
 mv -v pki/dh.pem pki/dh2048.pem
 ./easyrsa build-server-full server nopass
 ./easyrsa build-client-full client nopass
# ./easyrsa gen-crl
cd pki/; tar czf /root/openvpn-keys.tgz vars dh2048.pem ca.crt issued/server.crt private/server.key; cd ..
cd pki/; zip -q /root/openvpn.zip ca.crt issued/client.crt private/client.key; cd
cid-make-openvpn -z openvpn.zip -g d01net.ddns.net -o d01.ovpn
ls -l
-rw-r--r-- 1 root root 7542 Jul  1 21:45 d01.ovpn
-rw-r--r-- 1 root root 5408 Jul  1 21:44 openvpn-keys.tgz
-rw-r--r-- 1 root root 5150 Jul  1 21:44 openvpn.zip
-rw-r--r-- 1 root root  717 Jul  1 21:43 vars

3. references

https://programmer.ink/think/centos6-install-openvpn-use-easy-rsa-3.0-certificate-authentication.html

http://www.startupcto.com/server-tech/centos/setting-up-openvpn-server-on-centos

4. draft

set_var EASYRSA_REQ_COUNTRY "US" #Country set_var EASYRSA_REQ_PROVINCE "California" #province set_var EASYRSA_REQ_CITY "Shanghai" #City set_var EASYRSA_REQ_ORG "Copyleft Certificate Co" #organization set_var EASYRSA_REQ_EMAIL "test@example.net" #mailbox set_var EASYRSA_REQ_OU "My Organizational Unit" #Company, organization

/easyrsa build-ca #Create ca certificate

/easyrsa gen-req server nopass ./easyrsa sign server server ./easyrsa gen-dh openvpn --genkey --secret ta.key

5. client