Authenticating with Name/Password with TLS Certificates
Go to Network > VPN > OpenVPN and create a new connection.
In the Session section for the new connection, enter the name or public IP address of the OpenVPN Server.
Select Name/Password with TLS-Certificates as the Authentication Type.
Enter the Username. If you leave this field blank the user will be prompted for the username when connecting.
Check Password required.
Enter the Password. If you leave this field blank the user will be prompted for the password when connecting.
Select the client certificate as the Client Certificate file.
Select the root certficate of the CA as the Certificate Authority (CA) file.
Select the client's private key as the Private Keyfile. Enter the passphrase in Private Key password if the key is protected with one.
Click an icon for the newly created session (e.g. in the Start Menu) to initiate the connection.
If a PKCS12 file is available, which includes the client certificate, the certificate authority and the private key, then you just need to enter the PKCS12 file name in the three corresponding fields. The advantage is that you only have to roll out one single file instead of three different files.