design discussion: port distribution of a gateway

Hello,

In APIv3, the client gets all the information of the API (gateways + ports). In APIv5, the client only gets a single port per gateway (code says "preferred port"). The benefit of this is that we can do a little bit of load balancing on the gateway (distribute load over multiple openvpn processes). But on the other hand, there are some issues:

• What If I'm using a restricted network and only can use port 80/443, but menshen gives me udp/1194?
  • Or a broken captive portal and I can only use the internet over udp/53
• Then, the client could check which ports it can use to reach the internet
  • that's a lot of work on the client side

My proposal

1. returning the client a list of ports in a preferred order
2. the openvpn client configuration can use multiple remotes (openvpn uses them as fallback, if the previous one failed)

	remote gateway01 443  
	remote gateway01 80  

Then:

• the openvpn client does the preferred/fallback loadbalancing for us (no work in our client)
• if we give the client all ports, we don't leak anything here

Possible problems:

• it's not easy to switch between tcp/udp (tcp-client) => maybe it's possible to specify a protocol to the remote directive
• backwards compatibility: are multiple remote directives supported by all clients (also the old ones)?

cc @cyberta @jkito @kwadronaut @atanarjuat @maxb Let's discuss and decide