You will require:
OpenVPN Code signing certificate: http://anonit.blogspot.com.au/2016/03/extract-openvpn-driver-code-signing.html
OpenVPN MSI - instructions here:
Create the deployent share, and set permissions as appropriate: http://anonit.blogspot.com.au/2016/03/group-policy-software-deployment.html
Place the OpenVPN MSI into the deployment share.
Expand the domain, and expand Group Policy Objects. Right click and select New
Give the software deployment a name, and click OK
Right click the GPO and select Edit…
Expand Computer Configuration –> Policies –> Software Settings Right click on
Software Installation and select New –> Package…
Navigate to the deployment share via UNC, select the MSI, and click Open.
Select Assigned and click OK.
The application is now assigned for install.
Navigate to Computer Configuration –> Windows Settings –> Security Settings –>
Public Key Policies. Right click Trusted Publisher and select Import…
Navigate to the OpenVPN certificate and click Open
The certificate is now ready to be pushed out via Group Policy.
Drag the Group Policy Object (EG: Install Open VPN Client) and release on the OU you wish to
deploy the software to. (EG: Corp Computers).
The software will now be deployed to computer objects in that OU.