Thanks to everyone replaying to this thread. I carefully re-reading as
kindly pointed out by Stefan. I ended up implementing this paragraph
Using an /etc/hostname.* file without persist-tun
-------------------------------------------------
OpenVPN normally re-creates the tun/tap interface at startup.
This has been reported to cause problems with some PF configurations
(especially with queueing), if you run into problems with this then
OpenVPN should be started from the hostname.* file, e.g.:
# cat << EOF > /etc/hostname.tun0
up
!LD_LIBRARY_PATH=/usr/local/lib:/usr/lib /usr/local/sbin/openvpn \
--daemon --config /etc/openvpn/server.conf
EOF
In a hindsight I should have done that before making a noise. I have had
at least two OpenVPN/OpenBSD servers servers (30-40 road warriors) for
the past eight years. I got spoiled by the painless upgrade process and
squeaked on the first sign that something worked tiny bit different than
previous release.
Best,
Predrag
