openvpn: Switch to using elliptic curve cryptography
OpenVPN 2.4+ has support for ECC. Switch to using ECC entirely for all certificates and communication. This has the potential to:
- Reduce/eliminate the time it takes to generate a DH key. This is currently a big problem with generation taking almost a day on some boards.
- Improve security.
- Better performance on single board computers.
Implementation:
- All new installations should simply use ECC only.
- Eliminate the setup step currently required (if DH param generation is fast or not required).
- Existing installations should continue to work until upgraded to ECC. This process will mean that all the client profiles need to be downloaded and setup again.