OpenVPN in tap server mode
-
We use OpenVPN here, primarily in tap (bridging) mode.
I seem to recall from some time ago that support for tap was to be included in 2.0; I found that it seems to have been included for client mode, but not for the server side. I generated a configuration with some minor fiddling on the client side that appeared to result in traffic being sent to the server, but the server side appeared to be a little messier. In particular, while I think I had the OpenVPN incantation correct, the pf firewall was blocking inbound traffic, and trying to add firewall rules for "OpenVPN" wasn't working because that is applied to the "ovpns*" interfaces but my incantation was resulting in a "tap*" interface. Trying to generate "easy" rules didn't work either, ending at an error page.
Was this still intended for inclusion in 2.0? I can deploy our working kludge on 1.2.3 if needed, but had been hoping to get this working under 2.0.