In a HA-cluster, the OpenVPN client on the backup/master must be disabled/enabled.
Should I do this with a script (devd + ifconfig) or is there an OPNsense internal way ?
The tunel provides IPv6 connectivity to the internet (default route) for some nets with static addresses.
Any tips welcome.
There is no need for scripting with devd etc.
Setting up a CARP-Alias for the WAN-interface, adjusting outgoing NAT and finally using this CARP-Address as OpenVPN interface address is enough to get it running.
Perfectly :)
OPNsense is such a wonderful product !