🙍‍♂️ Problem Statement

When supplying server options like cipher, and auth, the client config does not get the same options leading to warnings in the OpenVPN log. Also, there's no way to configure clients with options like static-challenge without using push options. Some options, like compression, conflict because the client template has comp-lzo hard coded.

This could arguably be a bug report too 🤷

Example openVPN warnings:

Mon May 10 16:27:50 2021 47.134.251.53:20381 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1550', remote='link-mtu 1542'
Mon May 10 16:27:50 2021 47.134.251.53:20381 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-GCM', remote='cipher BF-CBC'
Mon May 10 16:27:50 2021 47.134.251.53:20381 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA1'
Mon May 10 16:27:50 2021 47.134.251.53:20381 WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'

❔ Possible Solution

I would like templates/client.conf.erb to allow comp-lzo, cipher, auth, keysize and others to be configurable using variables (ideally matching the same as the node attributes from the server side, if set) and allow me to specify other options, like static-challenge

⤴️ Describe alternatives you've considered

I have considered simply generating my own client configs using template resources in my wrapper cookbooks, but submitting a PR upstream seems like a more sensible approach

➕ Additional context

N/A