Revert defaulting to UDP

UDP offers better performance, but at the marginal cost of reliability.
Continue to default for reliability; user can change it if they really want to.

deployment/openvpn-client.yml

@@ -1,7 +1,7 @@
 profile: |
   client
   dev tun
-  proto udp
+  proto tcp
   remote ((wan_ip)) 1194
   resolv-retry infinite
   nobind

jobs/openvpn/spec

@@ -22,7 +22,7 @@ provides:
       - tls_key_pair # until tls_key_pair.ca...
 properties:
   protocol:
-    default: udp
+    default: tcp
     description: "Protocol for the server"
     type: "string"
     enum:

releases/openvpn/openvpn-4.0.0.md

@@ -3,7 +3,6 @@
 Breaking Changes
 
  * properties are no longer prefixed with `openvpn` namespace
- * default protocol is now `udp` (this must be in sync with clients; previous default `tcp`)
  * the `openvpn` job will no longer act as a client (see the new `openvpn-client` job)
  * the `openvpn` job improves security defaults (either explicitly use older values, or upgrade clients as necessary)
     * `cipher` is now `AES-256-CBC` (this must be in sync with clients; previous default `BF-CBC`)