Convert to prompt=no, with per cert config files. This avoids all
interaction with the user. The main point to note is that for the clients, there is a localnode.cnf and a ronnode.cnf. The difference is that I encode the type (pcron) in one of the extra fields so that tmcd can do a check on it. This is in lieu of per client certs, which would be a big pain in the butt right now. As we add other remote groups, we will create new config files. I bet this will change over time, as we learn more. Chad, it would be nice the tiptunnel cert could be generated from this setup.