Thanks a lot robwellesley for your interest and your repports. You're right, that's not a bad idea to verify if the user has VPN access.
I'll try to add the client-cert-not-requierd as an option in the panel, but I think it's less secure. The thing I'd like to do is a certificate manager. With this, we could generate one certificate by client. With this, openvpn can easily recognise who is connecting, and always give the same IP. But this will take some more time to implement. I'll try to add your ideas as soon as I can.