Someone in the AirVPN forums pointed me to
/var/etc/openvpn/client2.conf
to see the configuration pfSense actually generated. From that, it looks like I can answer at least some of my questions, above:
cipher AES-256-CBC: It looks like that is generated from the "Encryption Algorithm" menu item and put in the "daemon" area. Oddly, AirVPN's .ovpn file specifies -CBC, but I specified -GCM. It works, but that's probably because AirVPN does handle -GCM. I wonder why their .ovpn specifies CBC instead of anything else?
comp-lzo no: That's generated by the "Compression" menu item and put in the "client" area. Since Adaptive seems to give me no problems, I'll stick with that.
dev tun: This is an interesting one. It looks like it's sort of generated by the "Device Mode" menu item and stuck right at the top in several ways. The very first line in the file is:
dev ovpnc2
I can't find anything in the OpenVPN manual about a straight "dev" option other than tun and tap. I assume it's defining a label for the device ovpnc2 (for OpenVPN Configuration 2, or something). Then, there's the two lines:
dev-type tun
dev-node /dev/tun2
I believe those are setting the equivalent of "dev tun" for this "ovpnc2" device.
proto udp: Hmmm. It looks like this is generated by the "Protocol" menu item and put in the "daemon" area. But, the option generated is "proto udp4" instead of "proto udp". I vaguely recall seeing posts around here about udp vs udp4, so I'm going to have to do more research to see if that's correct. EDIT: I found a post on the OpenVPN forums talking about using "proto udp4" to work around the problem of "proto udp" trying to set up UDP on both IPv4 and IPv6. If IPv6 is turned off (which it is on my system), then "proto udp4" is the thing to use. Odd that they don't list it in the manual page.
remote xxx.xxx.xxx.xxx.yy: It looks like that's generated by the "Server host or address" and "Server port" menu item and put in the "client" area.
verb 3: It looks like that's generated by the "Verbosity level" menu item and added right at the top under that "dev ovpnc2" area.
So, unless there's an issue with "proto udp" vs "proto udp4", it looks like I'm OK.