Just a quick note on setting the security for OpenVPN. To disable the older cyphers you can use QueryConfig in the command line. For our AWS Ec2 instance I simply used this line:

/usr/local/openvpn_as/scripts/sacli --key "cs.openssl_ciphersuites" --value 'EECDH+CHACHA20:EECDH+AES128:EECDH+AES256:!RSA:!3DES:!MD5:!RC4' ConfigPut

Then confirm with:

/usr/local/openvpn_as/scripts/sacli ConfigQuery | grep "cipher"

Finally restart the service:

service openvpnas restart