Jason Dixon escreveu:
So apparently OpenVPN is a douche of an application by
destroying/recreating any tun devices you ask it to bind to. This
causes havoc with pf/altq if you queue on those tun interfaces.
I've asked on the openvpn-users mailing list if there's any way to have
OpenVPN avoid teardown of an existing tun(4) interface but nobody had
any useful answers (besides "use the up/down scripts")... yeah, thanks.
Has anyone here used OpenVPN in server mode and overcome this?
Thanks,
Well, you don't necessarily need to enable altq on the tun interface to
get your packets queued. I did overcome this by making the queue on
another interface, a physical one, and then making packets coming or
leaving the tun interface to get queued on that interface. This works,
and you won't have to deal with the tun interface being destroyed across
openvpn starts/stops.
My regards,
--
Giancarlo Razzolini
http://lock.razzolini.adm.br
Linux User 172199
Red Hat Certified Engineer no:804006389722501
Verify:https://www.redhat.com/certification/rhce/current/
Moleque Sem Conteudo Numero #002
OpenBSD 4.5
Ubuntu 9.04 Jaunty Jackalope
4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85
