Use Openvpn 2.4 only

internal/configuration/settings/openvpn.go

@@ -19,7 +19,7 @@ import (
 // OpenVPN contains settings to configure the OpenVPN client.
 type OpenVPN struct {
 	// Version is the OpenVPN version to run.
-	// It can only be "2.5" or "2.6".
+	// It can only be "2.4".
 	Version string `json:"version"`
 	// User is the OpenVPN authentication username.
 	// It cannot be nil in the internal state if OpenVPN is used.
@@ -90,7 +90,7 @@ var ivpnAccountID = regexp.MustCompile(`^(i|ivpn)\-[a-zA-Z0-9]{4}\-[a-zA-Z0-9]{4
 
 func (o OpenVPN) validate(vpnProvider string) (err error) {
 	// Validate version
-	validVersions := []string{openvpn.Openvpn25, openvpn.Openvpn26}
+	validVersions := []string{openvpn.Openvpn24}
 	if err = validate.IsOneOf(o.Version, validVersions...); err != nil {
 		return fmt.Errorf("%w: %w", ErrOpenVPNVersionIsNotValid, err)
 	}
@@ -289,7 +289,7 @@ func (o *OpenVPN) overrideWith(other OpenVPN) {
 }
 
 func (o *OpenVPN) setDefaults(vpnProvider string) {
-	o.Version = gosettings.DefaultComparable(o.Version, openvpn.Openvpn26)
+	o.Version = gosettings.DefaultComparable(o.Version, openvpn.Openvpn24)
 	o.User = gosettings.DefaultPointer(o.User, "")
 	if vpnProvider == providers.Mullvad {
 		o.Password = gosettings.DefaultPointer(o.Password, "m")

internal/configuration/settings/settings.go

@@ -4,9 +4,7 @@ import (
 	"fmt"
 	"net/netip"
 
-	"github.com/qdm12/gluetun/internal/configuration/settings/helpers"
 	"github.com/qdm12/gluetun/internal/constants/providers"
-	"github.com/qdm12/gluetun/internal/constants/vpn"
 	"github.com/qdm12/gluetun/internal/models"
 	"github.com/qdm12/gluetun/internal/pprof"
 	"github.com/qdm12/gosettings/reader"
@@ -162,18 +160,6 @@ func (s Settings) Warnings() (warnings []string) {
 			" so this will likely not work anymore. See https://github.com/qdm12/gluetun/issues/1498.")
 	}
 
-	if helpers.IsOneOf(s.VPN.Provider.Name, providers.SlickVPN) &&
-		s.VPN.Type == vpn.OpenVPN {
-		warnings = append(warnings, "OpenVPN 2.5 and 2.6 use OpenSSL 3 "+
-			"which prohibits the usage of weak security in today's standards. "+
-			s.VPN.Provider.Name+" uses weak security which is out "+
-			"of Gluetun's control so the only workaround is to allow such weaknesses "+
-			`using the OpenVPN option tls-cipher "DEFAULT:@SECLEVEL=0". `+
-			"You might want to reach to your provider so they upgrade their certificates. "+
-			"Once this is done, you will have to let the Gluetun maintainers know "+
-			"by creating an issue, attaching the new certificate and we will update Gluetun.")
-	}
-
 	// TODO remove in v4
 	if s.DNS.ServerAddress.Unmap().Compare(netip.AddrFrom4([4]byte{127, 0, 0, 1})) != 0 {
 		warnings = append(warnings, "DNS address is set to "+s.DNS.ServerAddress.String()+

internal/configuration/settings/settings_test.go

@@ -30,7 +30,7 @@ func Test_Settings_String(t *testing.T) {
 |   |           ├── Protocol: UDP
 |   |           └── Private Internet Access encryption preset: strong
 |   └── OpenVPN settings:
-|       ├── OpenVPN version: 2.6
+|       ├── OpenVPN version: 2.4
 |       ├── User: [not set]
 |       ├── Password: [not set]
 |       ├── Private Internet Access encryption preset: strong