OpenVPN maintainers will remove the classic non-TLS site-to-site mode with pre-shared keys in the version 2.7.
2023-06-08 02:57:19 DEPRECATED OPTION: The option --secret is deprecated. 2023-06-08 02:57:19 DEPRECATION: No tls-client or tls-server option in configuration detected. OpenVPN 2.7 will remove the functionality to run a VPN without TLS. See the examples section in the manual page for examples of a similar quick setup with peer-fingerprint.
Debian Bookworm/VyOS 1.4 has OpenVPN 2.6, so we can and will support that mode at least until the EOL of 1.4. However, we should provide an upgrade path as soon as possible to give people enough time to learn about their options and execute the migration plan.
The replacement is TLS with the new peer-fingerprint option and EC-based certs that don't need generating a DH prime (since ECDH doesn't need it), so setup time is a lot shorter than for a full-blown PKI.