On 2020-11-21, Kasak <ka...@kasakoff.net> wrote:
>
>
>> 21 нояб. 2020 г., в 07:24, Predrag Punosevac <punoseva...@gmail.com>
>> написал(а):
>>
>>
>> Hi Misc,
>>
>> Has anybody else noticed a new race condition causing Unbound to fail
>> due to the fact that OpenVPN interface is not available.
>>
>> Since a few releases ago I have this in my rc.conf.local to start
>> openvpn server and unbound
>>
>> openvpn_flags=--config /etc/openvpn/server.conf
>> pkg_scripts=sshguard collectd smartd openvpn
>> sensorsd_flags=
>> snmpd_flags=
>> syslogd_flags="-h"
>> unbound_flags=
>>
>> Previously I was starting OpenVPN server via
>> /etc/hostname.tun0
>>
>> file
>>
>> up link0
>> !/usr/local/sbin/openvpn --daemon --config /etc/openvpn/server.conf
>>
>> I noticed this morning after upgrading 2 of my OpenVPN servers that
>> unbound is failing to start because tun0 is not available on time. If I
>> go back to start OpenVPN server from /etc/hostname.tun0 file everything
>> works as expected.
>>
>> Cheers,
>> Predrag
>>
> I can advice you not to bind unbound on tun(tap) interface. You can bind it
> to phisycal nic or virtual nic, and just allow recursion for vpn network. Of
> cource you should turn on net.inet.ip.forwarding on sysctl
>
>
Or use the "any" address/es and interface-automatic;
interface-automatic: yes
interface: 0.0.0.0
interface: ::
(obviously with access-control set as appropriate).
