Allow to define remote-cert-tls

[jkroepke]

https://community.openvpn.net/openvpn/wiki/DeprecatedOptions#a--ns-cert-type

ns-cert-type is deprecated in OpenVPN and will removed in the next version of OpenVPN.

The PR adds an opt-in for the backwards compatibility to use the new option.

[bastelfreak]

Hi @jkroepke, thanks for the PR. Can you take a look at the failing travis jobs and add a unit test?

[jkroepke]

@bastelfreak Done.

[bastelfreak]

Thanks!

[alexjfisher]

In any of the supported OSes, does this module install any version of openvpn < 2.4?
ie Could the change be a bit more aggressive and just use the new option unless perhaps a fact says the old version is still installed? (I guess EPEL 6 didn't always have openvpn 2.4)

@jkroepke Thoughts?

[jkroepke]

You support following OSes (https://github.com/voxpupuli/puppet-openvpn/blob/master/metadata.json#L11):

OS	OVPN Version	Link to package
Debian 7	2.2.1	https://packages.debian.org/wheezy/openvpn
Debian 8	2.3.4	https://packages.debian.org/jessie/openvpn
Debian 9	2.4.0	https://packages.debian.org/stretch/openvpn
Ubuntu 14.04	2.3.2	https://packages.ubuntu.com/trusty-updates/openvpn
Ubuntu 15.04 (Why? Its EOL)	>2.3.2, <2.3.10	N/A
Ubuntu 16.04	2.3.10	https://packages.ubuntu.com/xenial-updates/openvpn
Ubuntu 18.04 (Upcomming)	2.4.4	https://packages.ubuntu.com/bionic/openvpn
RedHat/CentOS 6	2.4.4	https://rpmfind.net/linux/RPM/epel/6/x86_64/Packages/o/openvpn-2.4.4-1.el6.x86_64.html
RedHat/CentOS 7	2.4.4	https://rpmfind.net/linux/RPM/epel/7/x86_64/Packages/o/openvpn-2.4.4-1.el7.x86_64.html
Archlinux	2.4.5	https://www.archlinux.org/packages/core/x86_64/openvpn/
FreeBSD	2.4.4	https://www.freebsd.org/cgi/ports.cgi?query=openvpn&stype=all

remote-cert-tls is known since OpenVPN 2.1 you can switch to the new option from my side. But It's a breaking change.

Anyway, this modules generated client configs. Tunnelblick (macOS OpenVPN Client) will now use 2.5-git, if there are no deprecated options like comp-lzo and ns-cert-type.