Remove OpenVPN support

The small amount of peers I have actually using this does not justify the maintanence

Author: jlu5

README.md

@@ -15,7 +15,6 @@ Here I use Ansible to configure the following components:
 ### Peering tunnels
 
 - Wireguard via ifupdown: [roles/config-wireguard/](roles/config-wireguard/)
-- OpenVPN (2.5.x): [roles/config-openvpn/](roles/config-openvpn/)
 - GRE (plain) via ifupdown: [roles/config-gre-plain/](roles/config-gre-plain/)
 
 ### Services and daemons

reconfigure.yml

@@ -11,7 +11,6 @@
       dummy_iface: "{{ dummy_interfaces.igp }}"
       when: "'igp' in dummy_interfaces"
     - config-wireguard
-    - config-openvpn
     - config-gre-plain
     - config-igpping
     - config-bird2

roles/config-bird2/config/dn42_peers.conf.j2

@@ -65,12 +65,6 @@ protocol bgp AS{{ peer_config.bgp.asn }}_v6 from dnpeers {
 {% endif %}
 {%- endfor -%}
 
-{%- for ovpn_peer in ovpn_peers|default([]) -%}
-{% if not ovpn_peer.get('remove') and ovpn_peer.get('bgp') %}
-{{ dn42_peer(ovpn_peer, 33) }}
-{% endif %}
-{%- endfor -%}
-
 {% for gre_peer in gre_peers|default([]) -%}
 {% if not gre_peer.get('remove') and gre_peer.get('bgp') %}
 {{ dn42_peer(gre_peer, 31) }}

roles/config-bird2/tasks/main.yml

@@ -33,11 +33,6 @@
     file: "roles/config-wireguard/config/{{ inventory_hostname }}.yml"
   ignore_errors: true
 
-- name: Read OpenVPN tunnel settings
-  include_vars:
-    file: "roles/config-openvpn/config/{{ inventory_hostname }}.yml"
-  ignore_errors: true
-
 - name: Read GRE tunnel settings
   include_vars:
     file: "roles/config-gre-plain/config/{{ inventory_hostname }}.yml"

roles/config-iptables/tasks/main.yml

@@ -9,11 +9,6 @@
     file: "{{ playbook_dir }}/roles/config-wireguard/config/{{ inventory_hostname }}.yml"
   ignore_errors: true
 
-- name: Read OpenVPN settings for peers
-  include_vars:
-    file: "{{ playbook_dir }}/roles/config-openvpn/config/{{ inventory_hostname }}.yml"
-  ignore_errors: true
-
 - name: Read GRE settings for peers
   include_vars:
     file: "{{ playbook_dir }}/roles/config-gre-plain/config/{{ inventory_hostname }}.yml"

roles/config-iptables/templates/rules.j2

@@ -38,15 +38,6 @@
 {{ _maybe_forward_rule(wg_peer) }}
 {%- endfor %}
 
-## OpenVPN peers
-{% for ovpn_peer in ovpn_peers|default([]) -%}
-{%- if ovpn_peer.get('port') -%}
-# {{ ovpn_peer.name }}
--A INPUT -p {{ 'tcp' if ovpn_peer.get('proto', 'udp').startswith('tcp') else 'udp' }} --dport {{ ovpn_peer['port'] }} -i {{ ansible_default_ipv4.interface }} -j ACCEPT
-{% endif -%}
-{{ _maybe_forward_rule(ovpn_peer) }}
-{%- endfor %}
-
 {% if gre_peers | default([]) | length > 0 -%}
 ## GRE peers
 -A INPUT -p gre -j ACCEPT

roles/config-openvpn/config/hkg.yml

@@ -13,7 +13,6 @@
     - tcpdump
 
     - bird2
-    - openvpn
     - wireguard
     # needed to use ansible become on an unprivileged user: https://docs.ansible.com/ansible/latest/user_guide/become.html#risks-of-becoming-an-unprivileged-user
     - acl

roles/config-openvpn/config/keys/dn42-icez.key

@@ -16,7 +16,7 @@ set -x
 sed -i "s/$oldname/$newname/g" global-config/igp-tunnels.yml hosts.yml
 sed -i -E "s/(cleanup_remove_ifaces: \[.*)\]/\1,igp-$oldname\]/" global-config/general.yml
 mv -i "roles/config-bird2/config/peers/$oldname" "roles/config-bird2/config/peers/$newname"
-for vpn in "wireguard" "gre" "openvpn"; do
+for vpn in "wireguard" "gre"; do
     if [[ -f "roles/config-$vpn/config/$oldname.yml" ]]; then
         mv -i "roles/config-$vpn/config/$oldname.yml" "roles/config-$vpn/config/$newname.yml"
     fi

roles/config-openvpn/config/keys/dn42-scoopta.key

@@ -38,7 +38,7 @@
     <span class="info-success">(Clearnet dual-stack)</span>
 {% endif %}
     </li>
-    <li><strong>WireGuard / OpenVPN port</strong>: 20000 + last 4 digits of your ASN</li>
+    <li><strong>WireGuard port</strong>: 20000 + last 4 digits of your ASN</li>
     <li><strong>WireGuard pubkey</strong>: {{ serverdata.wg_pubkey }}</li>
     <li><strong>Tunneled IPv4 address</strong>: {{ serverdata.ownip }}</li>
     <li><strong>Tunneled IPv6 address</strong>: {{ serverdata.link_local_ip6 }} (link-local) OR {{ serverdata.ownip6 }}</li>

roles/config-openvpn/config/sjc.yml

@@ -22,7 +22,6 @@
     <p>For consistency, I prefer multiprotocol BGP sessions over IPv6. For WireGuard + BIRD users, I recommend using link-local IPv6 addresses. For others, prefer ULA IPv6 addresses to work around various compatibility issues.</p>
     <p>If you have multiple nodes, especially in multiple continents, <b>please set up one peering per region to avoid traffic making unnecessary detours</b>.</p>
     <p>Note: configuration for this network is stored in a public <a href="https://github.com/jlu5/ansible-dn42">Git repository</a>. If you would like to keep your endpoint info private, please let me know when submitting your peering request, or simply leave it empty (disables outgoing connections from my end).</p>
-    <p>OpenVPN peers should send me their keys via Matrix E2EE, PGP-encrypted mail (<a href="https://keys.openpgp.org/search?q=D5D568B2D34AB32A337944D22EC3F60DE71C0B9D">D5D568B2D34AB32A337944D22EC3F60DE71C0B9D</a>), or some other secure medium.</p>
     <p>Extended next hops (IPv4 over IPv6) are supported but <em>not</em> enabled by default.</p>
 
 <h2 id="contact-info">