openvpn: update to 2.5.0

New features:
* Per client tls-crypt keys
* ChaCha20-Poly1305 can be used to encrypt the data channel
* Routes are added/removed via Netlink instead of ifconfig/route
  (unless iproute2 support is enabled).
* VLAN support when using a TAP device

Significant changes:
* Server support can no longer be disabled.
* Crypto support can no longer be disabled, remove nossl variant.
* Blowfish (BF-CBC) is no longer implicitly the default cipher.
  OpenVPN peers prior to 2.4, or peers with data cipher negotiation
  disabled, will not be able to connect to a 2.5 peer unless
  option data_fallback_ciphers is set on the 2.5 peer and it contains a
  cipher supported by the client.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>

net/openvpn/files/openvpn.options

@@ -1,10 +1,12 @@
 OPENVPN_PARAMS='
+allow_compression
 askpass
 auth
 auth_retry
 auth_user_pass
 auth_user_pass_verify
 bcast_buffers
+bind_dev
 ca
 capath
 cd
@@ -21,6 +23,7 @@ connect_retry
 connect_retry_max
 connect_timeout
 crl_verify
+data_ciphers_fallback
 dev
 dev_node
 dev_type
@@ -51,7 +54,6 @@ iroute_ipv6
 keepalive
 key
 key_direction
-key_method
 keysize
 learn_address
 link_mtu
@@ -69,7 +71,6 @@ mssfix
 mtu_disc
 mute
 nice
-ns_cert_type
 ping
 ping_exit
 ping_restart
@@ -116,6 +117,9 @@ syslog
 tcp_queue_limit
 tls_auth
 tls_crypt
+tls_crypt_v2
+tls_crypt_v2_verify
+tls_export_cert
 tls_timeout
 tls_verify
 tls_version_min
@@ -129,6 +133,8 @@ user
 verb
 verify_client_cert
 verify_x509_name
+vlan_accept
+vlan_pvid
 x509_username_field
 '
 
@@ -137,6 +143,7 @@ allow_recursive_routing
 auth_nocache
 auth_user_pass_optional
 bind
+block_ipv6
 ccd_exclusive
 client
 client_to_client
@@ -185,10 +192,13 @@ tls_server
 up_delay
 up_restart
 username_as_common_name
+vlan_tagging
 '
 
 OPENVPN_LIST='
+data_ciphers
 ncp_ciphers
 tls_cipher
 tls_ciphersuites
+tls_groups
 '