I found something that can work.. as of OpenVPN 2.1, there is a notion of connection profiles which allow connection specific properties to be set:
https://openvpn.net/index.php/open-sour ... pn-21.html
Unforunately, tls-auth is not one of them. If it can be included as one of those options, this should solve the problem of different servers having different TLS keys.
PS. Ideally, ca would be acceptable also as my provider also has different ca's for each server.
Another way to handle this would be to allow the client to run a script after OpenVPN reads the config but before a connection is attempted (a new event before up.. 'initialized?') where environment variables can be set based on existing environment variables. This way, at run time, I could set the tls-auth variable before a connection is attempted and since my key file names match the host name, ideally I would be able to pull it out of the remote variable.
ie
tls-auth = /path/${remote}.key
Because right now, it looks like executing a script on up is too late and even so, I'm not sure if setting variables at that time is allowed / working.
