I have been working on adding username/password authentication for OpenVPN.
For interested users see: https://github.com/egc112/OpenWRT-egc-add-on/tree/main/openvpn-username-password
Have fun and happy new year 
3 Likes
If you supposed to have a credential file for a server with the username and password in plain text, what is the point of having credentials for the config file from a security standpoint!?
If they have access to the router and steal the vpn server config file I suppose they steal the login file also?
If they have access to the router with the openvpnserver you have bigger problems
Yea, but why the work with pwd on the ovpn config at all then since it only gives the rightful user more work.
The pwd function is only there incase the config file gets stolen.
The password is not on the openvpn config the username/password is to authenticate the client on the VPN server.
It can be used instead of keys or alongside one key you are reusing (duplicate clients) etc. .
There are even VPN providers which are using username/password to authenticate users.
You do know that all encrypted traffic ever sent with that kind of ovpn setup will be exposed if that single password and user name is ever lost in the wild.
There is a reason to use the tls cert setup.
Each OVPN client has its own username and password to authenticate at the server just as each user has its own key (well often the same key is used for multiple users 
)
There are many OpenVPN providers who use username/password authentication (alongside a CA certificate and sometimes using tls-crypt/tls-auth certificate)
If you have different and changing users making a key pair for each users every time is some work, so I can imagine there is a use case for using this.
But I am not saying you should use it.