I see that nothing much has changed in the amateurish way that this software is developed.
zfs list explicitely has -p and -H to output parsable data, but no, let's go and parse _localized_(!) output for humans instead.
Connecting via OpenVPN, in decreasing levels of visibility:
1. on udp/1194
2. on tcp/443
3. in a TLS tunnel on tcp/443
If the last one doesn't work, then
4. in an ICMP tunnel
5. in a DNS tunnel
If those don't work, you aren't actually connecting to a network that wants you to use any of the...
From a security standpoint a closed port vs. a "dead" port makes no difference. You also don't hide a system this way. If there is a system on an IP address that just doesn't answer to any requests, you still know it's there because the router _before_ it doesn't give you an address unreachable...
Wait a minute, what's the issue here again? Are you those guys that think "stealthed" is something you want to be to benefit security?
Maybe someone could spell out the perceived problem with a closed port so I can tell them how they are wrong. There seems to be a giant misunderstanding in this...
You confuse two types of logging here - logging which address was assigned to which customer at a given time and actually logging what that address did. The former is half-ish OK if you need it for accounting reasons, the latter is never OK and no commercial ISP will do full traffic logging of...