Jason Dixon escreveu:
On Wed, May 06, 2009 at 04:29:10PM -0300, Giancarlo Razzolini wrote:
Jason Dixon escreveu:
So apparently OpenVPN is a douche of an application by
destroying/recreating any tun devices you ask it to bind to. This
causes havoc with pf/altq if you queue on those tun interfaces.
I've asked on the openvpn-users mailing list if there's any way to have
OpenVPN avoid teardown of an existing tun(4) interface but nobody had
any useful answers (besides "use the up/down scripts")... yeah, thanks.
Has anyone here used OpenVPN in server mode and overcome this?
Well, you don't necessarily need to enable altq on the tun interface to
get your packets queued. I did overcome this by making the queue on
another interface, a physical one, and then making packets coming or
leaving the tun interface to get queued on that interface. This works,
and you won't have to deal with the tun interface being destroyed across
openvpn starts/stops.
You don't understand the usage. We have a remote office with a fixed
pipe and *all* of their traffic crossing the VPN tunnel to our office.
It's necessary to queue a fraction of the traffic crossing the physical
interface for this purpose. We also perform queueing on the physical
interface that has a completely different usage model than the VPN
tunnel.
Please, let's not get off-topic. It's a simple question... can you
start OpenVPN without having it destroy/recreate the tun interface. If
you haven't used this, please refrain from commenting.
Thanks,
Well, i wasn't OT with my reply. And i use openvpn from the beginning of
the project, even made a plugin for it. So i know i little of it. My
suggestion was to avoid what you might be already suspecting. You will
have to mess with openvpn code and recompile it to do what you want. The
solution i suggested is a viable one, even if already have queueing
policies on that interface. It'll only require a little adaptation on
your altq rules. I guess you won't get far with an attitude like that,
being rude with people that are trying to help you. That said, you might
want to take a look at openvpn source code, mainly tun.c and tun.h files.
My regards,
--
Giancarlo Razzolini
http://lock.razzolini.adm.br
Linux User 172199
Red Hat Certified Engineer no:804006389722501
Verify:https://www.redhat.com/certification/rhce/current/
Moleque Sem Conteudo Numero #002
OpenBSD 4.5
Ubuntu 9.04 Jaunty Jackalope
4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85
