At the moment, OpenVPN's management interface can only listen on a TCP port.
Support for listening on a Unix domain socket should be easy, and would be simpler and more secure for some setups. The configuration file format would not even need significant change; the "management" option could simply take <filename> <mode> [<pw-file>] instead of <address> <port> [<pw-file>]. The presence of a / in the filename would unambiguously and backward-compatably indicate that it's a Unix domain socket, instead of TCP. (I wanted to add this feature to http://openvpn.net/wiki/OpenVPN_2.x_wishlist, but the wiki requires registration. Maybe an existing user can take the time?)
