I was finally able to get the server up and running and also I can connect a client to the VPN. But:
A) how can I now create another ovpn file for another client?
B) And can I create another ovpn file with another passphrase, so that each connection (or each client) has its own passphrase?
Also I found that there is a package openvpn-easy-rsa. easyrsa seems to be able to generate diferent ovpn files. But this is different from the steps explained in the openwrt user guide mentioned above.
C) Would it be wiser to create all the certificates with this package instead?
When you are generating your client certs, you can make as many as you want -- each one should just be done with a different name and you'll have unique certs for each device/person, etc, and each one can have its own passphrase. You would want to do this with the same CA as you used to generate your initial keys. If that's not possible (i.e. you no longer have access to your original CA or you made incompatible changes to the CA server), you'll probably need to regenerate all keys/certs if you want to make new ones.
EasyRSA will work fine from a functionality perspective, but there are some warnings about using this package from a security perspective. Instead, it is recommended that you use OpenSSL. But the same thing should apply.
Alternatively, there is a directive in OpenVPN that allows the same client certs to be used on multiple client devices simultaneously. This is not recommended since it is considered dangerous from a security perspective, but if you don't mind the security risk, you can enable this feature.
Actually it's possible to update OpenVPN Basic guide to use Easy-RSA.
It should make PKI-management easier.
If there's no strong reason against, then it would be for the better.
Okay, that is what I also got from reading, that EasyRSA does the job easier but with a certain security risk.
And all the provided scripts from the OpenWRT user guide are using openssl. So let's try it with openssl... What I use is something like the following two lines:
Yesterday I went through all the steps to set up a OpenVPN server with several clients using EasyRSA. I can share my steps and help to write this down if this is in general interest.