Opened 11 years ago
Last modified 6 years ago
#346 new Feature Wish
Set tap device link status based on openvpn connection state
Reported by: | András Korn | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | Generic / unclassified | Version: | OpenVPN 2.3.2 (Community Ed) |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | linux tap |
Cc: |
Description
I would like to bond openvpn tap interfaces together using the Linux bonding driver with miimon style link detection.
This doesn't easily work because tap devices are created being "up", and openvpn doesn't manage their link state.
A possible workaround is to have route-up
and up
scripts that explicitly set the link state on the tap device (although in one case I had to use a tls-verify
script because the route-up
script was not called for some reason).
However, it would be cleaner if OpenVPN could (optionally?) set the link state of the tap device as follows:
- on startup: down
- when connection fully established (peer authenticated), but before adding routes: up
- connection failure or peer disconnect: down
(Obviously this is less interesting for server mode but it would help a lot in 1:1 mode.)
Alternatively, script hooks should be provided that can be used to set the tap link state as appropriate, so that I don't have to set the link down from an up
script and set it uo from a tls-verify
script (yuck :).
Maybe
IFF_DORMANT
is even more appropriate than!LOWER_UP
for a tun/tap interface whose corresponding VPN link is not up.