An update - I discovered that installing a certificate from HTTPS sites (vs. email, which I had been trying) works. OpenVPN accepts this certificate even though it is not trusted, which lets me work around the connecting from outside issue. What this does not solve is every internal website or service using my custom CA's signed certificates shows up as untrusted. This is a pain, and I really hope it is fixed soon!

@DTS Engineer - Hey Quinn, I just upgraded from an iPhone 13 (which had my custom CA root installed and trusted) using Apple's upgrade path (backed everything up to iCloud, put the phones next to each other, and let them do their thing). The install did not include the root cert from the iPhone 13. I am testing the waters before any of my users try this, and I am stuck. I am stymied by the lack of root cert trust settings in 18.1, which keeps OpenVPN from connecting to my private network. This completely breaks remote access, for me (and for any of my users that might upgrade to a new phone), as it hangs on verifying the OpenVPN server certificate. Before I distribute (dangerously) altered OpenVPN profiles that do not try to verify the certificate, is there an ETA for a fix?? Thanks!