This requires the user only to add a few lines to their ovpn config file, and copy a few scripts (verbatim). They do not have to figure out which IP addresses are appropriate and hard-code them--unless their VPN service is bereft of domain names. Even in that case, they can do it easily within the ovpn config file. This is much less error-prone and should work with a greater variety of services (large commercial services tend to change their IPs so using domain names and DHCP is preferable in that case).
Also converted firewall section (3) to one code block for much less cutting/pasting. Comments are still there as shell comments.
The only required template changes are adding openvpn itself and possibly disabling the default systemd service for it. Everything else should be there in /rw/config.
This doesn't include extra firewall protections against inadvertent net access from within the VPN VM. I'm thinking of proposing those additions in a separate edit.
* Logically organize the Whonix-related pages
* Move the VPN page to /configuration/
* VPNs are used for more than just privacy, and many VPN setups and
services either can't or don't claim to provide privacy.
* Remove `/privacy/` from URLs
* These directory names are just for organizing the source pages,
*unless* an actual page resides there. Since there is no
/doc/privacy/ page, it's unnecessary and misleading to have this in
the URLs. It also breaks uniformity, since none of the other pages
have their informal group name in their URL (again, unless there's
a page with that name).
Explanation: All of our other pages consist of an .md file with
the name (or a suitably similar name) of that page. This commit
renames `configuration/salt/index.md` to `configuration/salt.md`
so that it will follow the organization of the other pages.
