> 21 нояб. 2020 г., в 07:24, Predrag Punosevac <punoseva...@gmail.com>
> написал(а):
>
>
> Hi Misc,
>
> Has anybody else noticed a new race condition causing Unbound to fail
> due to the fact that OpenVPN interface is not available.
>
> Since a few releases ago I have this in my rc.conf.local to start
> openvpn server and unbound
>
> openvpn_flags=--config /etc/openvpn/server.conf
> pkg_scripts=sshguard collectd smartd openvpn
> sensorsd_flags=
> snmpd_flags=
> syslogd_flags="-h"
> unbound_flags=
>
> Previously I was starting OpenVPN server via
> /etc/hostname.tun0
>
> file
>
> up link0
> !/usr/local/sbin/openvpn --daemon --config /etc/openvpn/server.conf
>
> I noticed this morning after upgrading 2 of my OpenVPN servers that
> unbound is failing to start because tun0 is not available on time. If I
> go back to start OpenVPN server from /etc/hostname.tun0 file everything
> works as expected.
>
> Cheers,
> Predrag
>
I can advice you not to bind unbound on tun(tap) interface. You can bind it to
phisycal nic or virtual nic, and just allow recursion for vpn network. Of
cource you should turn on net.inet.ip.forwarding on sysctl
