Users can only spoof a limited number of MAC addresses

[nategraf]

Due to limitations in OpenVPN only a limited number of MAC addresses can be spoofed per user. This prevents MAC flooding attacks for example (although this in itself is not a huge loss)

Fixing this issue will require a customized branch of OpenVPN to route return traffic solely based on VLAN, as to avoid needing to store every MAC associated with a user