On Wed, May 06, 2009 at 04:29:10PM -0300, Giancarlo Razzolini wrote: > Jason Dixon escreveu: >> So apparently OpenVPN is a douche of an application by >> destroying/recreating any tun devices you ask it to bind to. This >> causes havoc with pf/altq if you queue on those tun interfaces. >> >> I've asked on the openvpn-users mailing list if there's any way to have >> OpenVPN avoid teardown of an existing tun(4) interface but nobody had >> any useful answers (besides "use the up/down scripts")... yeah, thanks. >> Has anyone here used OpenVPN in server mode and overcome this? >> > Well, you don't necessarily need to enable altq on the tun interface to > get your packets queued. I did overcome this by making the queue on > another interface, a physical one, and then making packets coming or > leaving the tun interface to get queued on that interface. This works, > and you won't have to deal with the tun interface being destroyed across > openvpn starts/stops.
You don't understand the usage. We have a remote office with a fixed pipe and *all* of their traffic crossing the VPN tunnel to our office. It's necessary to queue a fraction of the traffic crossing the physical interface for this purpose. We also perform queueing on the physical interface that has a completely different usage model than the VPN tunnel. Please, let's not get off-topic. It's a simple question... can you start OpenVPN without having it destroy/recreate the tun interface. If you haven't used this, please refrain from commenting. Thanks, -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/
