Using the "standard" locations for openvpn settings this will create a self contained file for connecting

iptables_update.bash

#!/bin/bash
sudo iptables -A INPUT -i tun+ -j ACCEPT
sudo iptables -A FORWARD -i tun+ -j ACCEPT
sudo iptables -A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
# be sure to replace 10.8.0.0/24 with whatever is in your settings, this example for default install
sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
sudo iptables -A OUTPUT -o tun+ -j ACCEPT

openvpn_user_create.bash

#!/bin/bash
die () {
    echo >&2 "$@"
    exit 1
}

[ "$#" -eq 1 ] || die "1 USER argument required, $# provided"


USER=$1
# Users directory :: /etc/openvpn/users/
mkdir -p /etc/openvpn/users/$USER

# for example default install, otherwise use your own client.conf kept in a better spot for better defaults
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/users/$USER/$USER.ovpn

cd /etc/openvpn/easy-rsa
. ./vars

./pkitool $USER

cd /etc/openvpn/users/$USER

sed -i -- 's/ca ca.crt/# ca ca.crt/g' $USER.ovpn
sed -i -- 's/cert client.crt/# cert client.crt/g' $USER.ovpn
sed -i -- 's/key client.key/# key client.key/g' $USER.ovpn

echo "<ca>" >> $USER.ovpn
cat /etc/openvpn/ca.crt >> $USER.ovpn
echo "</ca>" >> $USER.ovpn
echo "<cert>" >> $USER.ovpn
cat /etc/openvpn/easy-rsa/keys/$USER.crt >> $USER.ovpn
echo "</cert>" >> $USER.ovpn
echo "<key>" >> $USER.ovpn
cat /etc/openvpn/easy-rsa/keys/$USER.key >> $USER.ovpn
echo "</key>" >> $USER.ovpn

cp $USER.ovpn /tmp/