Some comments:
>> 1. I believe the client.ovpn file goes into /etc/openvpn/clients - correct?
This is variable, depending on how you use your client. I'd say 99% of the time you'll want to use NetworkManager to do so, install the network-manager ovpn plugin and reproduce those settings as these are outside those client configurations.
>> I use Cox as my Internet provider, so the
remote xxxxx.hopto.org yyyyy should take care of my changing IP from Cox. Is that correct? I have an account with no-ip to track my changing IP from Cox.
As long as dynamic dns is updating no-ip record, it should, but test with your IP directly if DNS isn't resolving for some reason.
>> Should proto also have TCP?
Use UDP normally, tcp over tcp is never a good thing (think duplication of syn/ack behavior)
>> What should I call this file? Is it enabled by default since it is in the clients folder?
This is normally used when daemonizing client in the OS, such as a persistent gateway connection (I do this with my firewall, opnsense to forward selective traffic out my Internet VPN). You'll want to normally use NetworkManager as stated above, which uses its own configuration stack.
>> 2. Do I need to set up any special routes on my router to get from the outside to my server on port 22 for ssh?
When connecting to your router, connect to the internal IP of the router (ie. 192.168.1.1 or whatever), or setup internal dns for it.
>> 3. In the gnome settings panel there is a VPN drop down under networking. Do I have to do anything with that?
No idea, haven't used gnome since gnome3 ruined it. Just use NetworkManager, it will give you a wizard for setting up openvpn as a client, and give you an easy task menu icon to turn on/off as any vpn cisco or other.
>> 4. What command do I use to connect to my server using the vpn? I don't
want to use the VPN when I am on my network at home, just when I travel.
Yet again, use NetworkManager as your client, unless you really want to invoke it via cli or as a daemon automatically, but these are likely NOT your use cases.
Another comment re: certificates, not sure how your router contraption handles ovpn and certificates, you really need a basic Certificate Authority, and not sure most handle this well. When I've used ovpn on my netgear with ddwrt,
I used TinyCA to create my own CA trust chain certs, and generate per-client certs based on that. Unless your router is handling the CA and client certificate creation reasonably, I'd suggest looking at tinyca as well, and just add the appropriate cert portions in the server and client configs.
TL:DR - Any more, unless your a legacy enterprise stuck in your ways luvin vpn long time and not up on networking, I'd look at using Zerotier or Tailscale these days. I just helped a partner in this same boat trying to get his accountants into his quickbook server, confused over setting up even a Cisco Meraki VPN, and rather than even try to troubleshoot Meraki garbage, I just set him up in a half hour using Zerotier, connected up two of his own boxes, and the rest of his team easily himself in the next hour. No fuss, no muss.
Think of it as VPN without a gateway, rather persistent alway-on VPN between hosts ala software-defined networking magic, if you want to connect to your router only, assuming it has or can install Zerotier on it (opnsense, ddwrt/openwrt do) that is easy, or before my router could do Zerotier direct, just connect to another box on my zerotier network at home, and bounce off that as a bastion host.
Someone else mentioned Zerotier here recently - it's money!
HTH!
-mb