We changed some VPN servers from fedora/redhat to gentoo. On the old systems the start scripts executed /etc/openvpn/${VPN}.sh as root when openvpn was started. This was extremely usefull to setup VPN specific firewall rules and other things while dropping privileges for the openvpn itself. On gentoo this feature not exists. It would be very helpfull (and easy to implement) if this would be integrated in the ini scripts. Reproducible: Always Steps to Reproduce:
You sould use /etc/openvpn/${VPN}-up.sh and /etc/openvpn/${VPN}-down.sh where ${VPN} is the name of symlink to the init-script (e.g. openvpn.testvpn). there you can set firewall rules and do other things. the tap/tun-device used for this service is the first parameter ($1) and can also be used in the scripts.
Feature already exists as explain in comment #1
/etc/openvpn/${VPN}-up.sh is only called when the VPN runs as client. There should be a similar thing when running as server. So the suggested solution does not apply to the scenario described here.
You can configure the up script in the configuration file for the server.