Not exactly sure what you mean here. OpenVPN clients would not be submitting CSRs as a part of their authentication process, unless you are referring to actual people asking you to verify and sign their certificates. I think you are simply referring to the authentication process, and as such, CSRs are not a part of that process. Perhaps you would enjoy reviewing the PKI finger-puppet tutorials at
http://www.carillon.ca/tutorials.php.