Re: OpenVPN destroys tun

Jason Dixon Wed, 06 May 2009 13:06:51 -0700

On Wed, May 06, 2009 at 11:43:15PM +0400, Vadim Zhukov wrote:
> On Wednesday 06 May 2009 23:18:31 Jason Dixon wrote:
> >
> > Having OpenVPN create the tun device does me no good.  I'd still have
> > to re-load pf/altq after the file descriptor is created.
> 
> Strange, I do not have such problem. But I'm not using altq there,
> just some block/allow and NAT... Could you post your OpenVPN config?


Right, this only really manifests with altq on tun(4).  There's no point
to pasting my config, but I'll include most of it here so you don't think
I'm jerking your chain.  ;)


#####################################################
local x.x.x.9
port 1194
proto udp
dev tun0

ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
crl-verify /etc/openvpn/crl.pem
tls-auth /etc/openvpn/keys/ta.key 0
client-config-dir /etc/openvpn/ccd

server 192.168.210.0 255.255.255.0
ifconfig-pool-persist /etc/openvpn/ipp.txt 86400
push "route 10.0.116.0 255.255.254.0"

keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun

status /etc/openvpn/openvpn-status.log

verb 3
management 127.0.0.1 7505
#####################################################


-- 
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net/

Re: OpenVPN destroys tun

Reply via email to