chore: drop deprecated options

defaults/main.yml

@@ -2,15 +2,16 @@
 openvpn_client_name: client
 openvpn_client_server: vpn.example.com
 openvpn_client_port: 1194
+openvpn_client_proto: udp
 
 openvpn_service_state: started
 
 openvpn_client_packages_extra: []
 
-openvpn_client_cipher: AES-256-CBC
+# openvpn_client_cipher: AES-256-CBC
 openvpn_client_auth: SHA512
 
-# openvpn_client_x509_name:
+# openvpn_client_x509_subject:
 
 openvpn_client_ca_file: "/etc/pki/tls/certs/ca-bundle.crt"
 # openvpn_client_ca_source:

templates/etc/openvpn/client.conf.j2

@@ -3,17 +3,18 @@
 dev tun
 persist-tun
 persist-key
+{% if openvpn_client_cipher is defined %}
 cipher {{ openvpn_client_cipher }}
-ncp-disable
+{% endif %}
 auth {{ openvpn_client_auth }}
-tls-client
 client
 resolv-retry infinite
-remote {{ openvpn_client_server }} {{ openvpn_client_port }}
-nobind
-{% if openvpn_client_x509_name is defined %}
-verify-x509-name "{{ openvpn_client_x509_name }}" name
+remote {{ openvpn_client_server }} {{ openvpn_client_port }} {{ openvpn_client_proto }}
+lport 0
+{% if openvpn_client_x509_subject is defined %}
+verify-x509-name "{{ openvpn_client_x509_subject }}" subject
 {% endif %}
+remote-cert-tls server
 {% if openvpn_client_ca_file is defined %}
 ca /etc/openvpn/certs/{{ openvpn_client_ca_file }}
 {% endif %}
@@ -27,5 +28,3 @@ key /etc/openvpn/certs/{{ openvpn_client_key_file }}
 tls-auth /etc/openvpn/certs/{{ openvpn_client_ta_file }}
 {% endif %}
 key-direction 1
-remote-cert-tls server
-comp-lzo adaptive