what are the vulnerabilities installing openvpn client on a customer's unattended server?

view story

http://serverfault.com – We run Pfsense as our primary firewall. We also have OpenVPN server running on that box to allow us to remotely connect to our network. My question is: if we have a customer's mostly unattended server that we want to access remotely, what security vulnerabilities are there to installing openvpn on the customer's server as a client connecting to our network. Presumably, we would want to limit/restrict that server's access to the rest of our network. How do we lock openvpn down and are there ways to detect abnormal activity coming from an openvpn client? (HowTos)